502 Auth temporarily unavailable Posted on Jun 27, 2019 12:00 -0400
We’ve have multiple reports of auth errors over the last few days. The reported error is usually “502 Auth temporarily unavailable”. We tracked down the cause to a large number of brute force username/password attempts. Our passwords are encrypted using bcrypt and one downside is that it’s cpu intensive when we check if a username/password is valid. Large floods of login attempts were overloading the auth servers on occasion. The first attempt at a fix was additional server capacity, unfortunately once that was done the attempts just increased as well. After a day or so of code changes and testing we placed additional countermeasures into our authentication systems to detect and disable IPs quicker after numerous login attempts. The number to tigger the blacklist is reasonably high and we don’t expect it to effect normal user authentication. We’ll continue to monitor and make adjustments as needed. We apologize for the trouble.