CDN | Seoul, South Korea incident details
Incident Report for Gcore


On February 6, 2024, our Content Delivery Network (CDN) experienced partial delivery performance degradation in Korea. This incident was primarily caused by a bug in the DDoS protection module.

Incident Timeline

  • February 6, 2024, 16:26 (UTC): Initiation of the DDoS attack, leading to the overloading of edge servers at the Korean datacenter.
  • February 6, 2024, 16:33 (UTC): The engineering team initiated an investigation into the issue.
  • February 6, 2024, 17:10 (UTC): A problem with the DDoS protection module was identified as a contributing factor.
  • February 6, 2024, 17:35 (UTC): Preparation of a fix for the identified bug in the DDoS protection module.
  • February 6, 2024, 17:53 (UTC): Implementation of the fix, resolving the CPU usage issue at the Korean datacenter.

Root Cause Analysis

Excessive CPU utilization on the CDN edge servers located in the Korean datacenter. This was the result of a bug in the DDoS protection module, which led to heightened CPU consumption during the attack, thereby severely affecting our delivery services.


This incident led to intermittent 5xx errors and timeouts affecting CDN delivery within Korea, persisting for 1 hour and 27 minutes.

Action items

In response to this incident and to bolster our defense against future DDoS attacks, we are implementing the following action items:

  • Performance Testing Enhancements: introduce additional performance tests to preemptively identify and rectify similar issues.
  • Infrastructure Strengthening: expand the CDN edge infrastructure within the Korean datacenter, thereby enhancing our capacity to manage escalated DDoS attack scenarios.
  • Balancer Optimization: refine the settings of the CDN balancer to more efficiently redistribute traffic away from the datacenter during DDoS attacks and periods of excessive demand.

We are committed to continuously improving our systems and processes to ensure high availability and performance of our CDN services, particularly in the face of evolving cybersecurity threats.

Posted Feb 07, 2024 - 12:00 UTC

We are happy to inform you that the incident has been resolved. However, if you continue to experience any issues, please do not hesitate to contact our support team. Our team will be happy to assist you and ensure that any further concerns are addressed promptly.

We appreciate your patience and understanding throughout this incident, and thank you for your cooperation.
Posted Feb 07, 2024 - 11:02 UTC
We are pleased to inform you that our Engineering team has implemented a fix to resolve the issue. However, we are still closely monitoring the situation to ensure stable performance.

We will provide you with an update as soon as we have confirmed that the issue has been completely resolved.
Posted Feb 06, 2024 - 18:04 UTC
We'd like to let you know that our Engineering team is aware of the issue and actively working on resolving it. We apologize for any inconvenience this may have caused you. Rest assured that we are doing everything we can to fix it as soon as possible.
Posted Feb 06, 2024 - 17:22 UTC
We are currently experiencing performance degradation that may result in slow or unusual functioning of our services. We apologize for any inconvenience this may cause and appreciate your patience and understanding during this time.

We will provide you with an update as soon as we have more information on the progress of the resolution. Thank you for your understanding and cooperation.
Posted Feb 06, 2024 - 17:19 UTC
This incident affected: CDN (Seoul, South Korea).