Is there an Frontegg outage?
Frontegg status: Systems Active
Last checked: a minute ago
Get notified about any outages, downtime or incidents for Frontegg and 1800+ other cloud vendors. Monitor 10 companies, for free.
Last checked: a minute ago
Get notified about any outages, downtime or incidents for Frontegg and 1800+ other cloud vendors. Monitor 10 companies, for free.
Outage and incident data over the last 30 days for Frontegg.
Join OutLogger to be notified when any of your vendors or the components you use experience an outage. It's completely free and takes less than 2 minutes!
Sign Up NowOutlogger tracks the status of these components for Xero:
| Component | Status |
|---|---|
| Audit logs | Active |
| Entitlements | Active |
| Machine to machine authentication | Active |
| Management portal | Active |
| Reporting | Active |
| SSO & SAML authentication | Active |
| User authentication | Active |
| Webhooks infrastucture | Active |
View the latest incidents for Frontegg and check for official updates:
Description: Users with Tenant API tokens that were with client credentials had an issue with authenticating the api token. The authenticate API token route was returning a 400 response. Access token API Tokens were fully opperational
Status: Resolved
Impact: Minor | Started At: May 16, 2023, 10 a.m.
Description: Users with Tenant API tokens that were with client credentials had an issue with authenticating the api token. The authenticate API token route was returning a 400 response. Access token API Tokens were fully opperational
Status: Resolved
Impact: Minor | Started At: May 16, 2023, 10 a.m.
Description: This incident has been resolved.
Status: Resolved
Impact: Minor | Started At: Nov. 9, 2022, 9:20 p.m.
Description: This incident has been resolved.
Status: Resolved
Impact: Minor | Started At: Nov. 9, 2022, 9:20 p.m.
Description: ### **Executive summary:** On August 15th, 2022 at 02:01 IST \(UTC \+2\) Frontegg underwent a sophisticated DDOS subdomain organized attack. The attackers used multiple servers spread across a variety of Digital Ocean IPs. Each Server executed a low number of requests per second so our WAF did not trigger rate-limiting rules, yet it was recognized that many of the paths were related to WordPress engine's known weakness. By 03:21 the attack had been successfully mitigated. At 04:46 a second organized attack began. The restrictions put in place by the previous attack were helpful in mitigating the second attack. By 05:30 all traffic returned to normal ### **Affect:** The incident caused a degraded performance to our API gateway. As a result, our API returned 504 and 524 errors to partial traffic over the course of the incident. The majority of these errors were returned between 02:01 IST and 02:30 IST, when our mitigation efforts began to have an effect. A majority of traffic was still able to go through without error during this time. ### **Mitigation and resolution:** Our initial response to the attack was to increase our rate limiting and WAF constraints. This initial step was implemented at 02:30 IST. Once we understood the level of sophistication and distribution of the attack, we implemented changes on the application level, including a different routing mechanism and added more specific WAF constraints based on origins of the attacking traffic, which took effect by 03:21 IST. ### **Preventive steps:** In order to prevent attacks like this in the future, we are implementing a more sophisticated route blocking mechanism to our API-gateway. Additionally we have reported the incident to the cloud provider which hosted a majority of the attacking traffic, and we are consulting with our WAF provider for further guidance on preventing such attacks.
Status: Postmortem
Impact: None | Started At: Aug. 14, 2022, 11:54 p.m.
Join OutLogger to be notified when any of your vendors or the components you use experience an outage or down time. Join for free - no credit card required.
