Bluesky has been dealing with a DDoS attack for nearly a full day

(theverge.com)

34 points by dotmanish2 hours ago

11 comments

minimaxir1 hour ago
The prevalent discourse/attempt-at-a-meme-but-people-are-taking-it-seriously saying "Bluesky is down because of AI vibecoding!" is starting to get annoying and unoriginal.Even when Bluesky confirmed it's a DDoS, the line is now "maybe they wouldn't have gotten DDoSed if they didn't vibecode and their code was better."
- cryzinger46 minutes ago
 A week or two ago, when there was a Bluesky outage and a Claude outage at the same time, people were earnestly pointing to that as evidence that Claude was somehow a load-bearing component of Bluesky, or that AI vibecoding had caused the outage... I had to just disengage but I was also very annoyed by it all.
OuterVale30 minutes ago
The interface seemed to function as normal, but specifically the API was targeted, which left a lot of confused users who were seeing the interface peppered with errors. Watching as it unfolded, it seems it affected certain regions to begin with and then slowly spread worldwide.Seems they might have failed to host the status page (<a href="https://status.bsky.app" rel="nofollow">https://status.bsky.app</a>) separately as well, because that went down several times throughout the outage. They also weren't very active in updating the status page, and the notice that was there had a typo of 'reginos' and a description of 'null'.
userbinator1 hour ago
What are the chances some company offers to "save" them with a security service which coincidentally will also require users to use the latest officially-sanctioned browsers, OSes, and "trusted" hardware to pass the "security check"...
- sammy22551 hour ago
  If you're referring to Cloudflare, the "security check" is not a default setting. For some reason administrators love to use Under attack mode as a band-aid measure to reduce load on the host.
- LoganDark27 minutes ago
  At least Apple devices are actually secure and can't really be omitted from things other than gaming and business. Granted, gaming and business are pretty important.
adrithmetiqa36 minutes ago
Is this just for fun or is there some underlying purpose to those type of attack?Is it possible to have any certainty when answering that question?
ChrisArchitect5 minutes ago
Source: <a href="https://bsky.social/about/blog/04-16-2026-bluesky-service-interruption" rel="nofollow">https://bsky.social/about/blog/04-16-2026-bluesky-service-in...</a>
aaron69513 minutes ago
[dead]
0xedd33 minutes ago
[dead]
decremental53 minutes ago
[dead]
weird_tentacles1 hour ago
[dead]
bit19931 hour ago
A decentralized protocol by definition should not be vulnerable to DDos attacks.
- minimaxir58 minutes ago
 Bluesky isn't ATProto.
 - bit199355 minutes ago
 Thank you for the clarification.
- anon700057 minutes ago
 You’re saying a mastodon instance can’t vet DDosed?
 - snailmailman11 minutes ago
 The people I follow on mastodon come from a wide variety of instances. While mastodon.social is the largest instance, most of the accounts I follow are elsewhere.Granted, all the smaller instances are likely easier to DOS as they are small instances. But mastodon is actually decentralized. If any one instance goes down, everything else keeps working. Unlike Bluesky and ATProto which is more of a theoretical “could be” decentralized.
 - eukara27 minutes ago
 Truth is if mastodon.social gets ddosd the same as Bluesky I can still use the rest of the network fine. Proof is in the pudding. tons of instances that make up the fabric of redundancy. I think most people would be served better if Bluesky acted differently early with their rollout in a sharded manner?
 - Charon777 minutes ago
 True. The only 'distributed' part of bluesky is in the PR. Otherwise there'd be more instances.My mastodon account is not even on mastodon.social, because why would I, when I could have a home server closer to home
midtake5 minutes ago
As a result, CSAM distribution dropped by 50% today.