Python Infrastructure
Service Under Maintenance
python.org ? Operational
python.org - CDN ? Operational
python.org - Backends ? Operational
PyPI Operational
90 days ago
100.0 % uptime
Today
pypi.org - General Operational
90 days ago
100.0 % uptime
Today
pypi.org - CDN ? Operational
pypi.org - Backends ? Operational
pypi.org - Email ? Operational
files.pythonhosted.org - Files ? Operational
files.pythonhosted.org - Redirects ? Operational
files.pythonhosted.org - Redirects Backends ? Operational
PyPI Hosting Platforms Operational
AWS elasticache-us-east-2 Operational
AWS elb-us-east-2 Operational
AWS ec2-us-east-2 Operational
AWS rds-us-east-2 Operational
Google Cloud Platform Google Cloud Storage Operational
docs.python.org Operational
docs.python.org - Backends ? Operational
docs.python.org - CDN Operational
bugs.python.org Operational
wiki.python.org Operational
mail.python.org Operational
Message Handling Services Operational
Mailing Lists and Archives - Mailman Operational
Mailing Lists and Archives - Mailman 3 Operational
psfmember.org Operational
us.pycon.org Operational
PyPy Operational
pypy.org Operational
speed.pypy.org Operational
Content Delivery Network ? Under Maintenance
Fastly Asia/Pacific (HK) Operational
Fastly US East (IAD) Operational
Fastly US East (MIA) Operational
Fastly US Central (DEN) Operational
Fastly US Central (DFW) Operational
Fastly US West (SEA) Operational
Fastly US West (SJC) Operational
Fastly Europe (FRA) Operational
Fastly Europe (AMS) Operational
Fastly Europe (LCY) Under Maintenance
Fastly Europe (LHR) Operational
Fastly Asia/Pacific (SYD) Operational
Fastly Asia/Pacific (NZ) Operational
Fastly Brisbane (BNE) Operational
Fastly Dubai (FJR) Operational
Fastly Melbourne (MEL) Operational
Fastly Osaka (ITM) Operational
Fastly Perth (PER) Operational
Fastly Tokyo (HND) Operational
Fastly Tokyo (TYO) Operational
Fastly Wellington (WLG) Operational
Fastly Dublin (DUB) Operational
Fastly Copenhagen (CPH) Operational
Fastly Frankfurt (HHN) Operational
Fastly Helsinki (HEL) Operational
Fastly London (LON) Operational
Fastly Madrid (MAD) Operational
Fastly Manchester (MAN) Operational
Fastly Milan (MXP) Operational
Fastly Oslo (OSL) Operational
Fastly Buenos Aires (EZE) Operational
Fastly Bogota (BOG) Operational
Fastly Curitiba (CWB) Operational
Fastly Rio de Janeiro (GIG) Operational
Fastly Santiago (SCL) Operational
Fastly Johannesburg (JNB) Operational
Fastly Cape Town (CPT) Operational
Fastly Vancouver (YVR) Operational
Fastly Toronto (YYZ) Operational
Fastly St. Louis (STL) Operational
Fastly Palo Alto (PAO) Operational
Fastly Newark (EWR) Operational
Fastly New York (LGA) Operational
Fastly Montreal (YUL) Operational
Fastly Minneapolis (STP) Operational
Fastly Minneapolis (MSP) Operational
Fastly Los Angeles (BUR) Operational
Fastly Kansas City (MCI) Operational
Fastly Houston (IAH) Operational
Fastly Dallas (DAL) Operational
Fastly Columbus (CMH) Operational
Fastly Chicago (CHI) Operational
Fastly Boston (BOS) Operational
Fastly Atlanta (PDK) Operational
Fastly Atlanta (FTY) Operational
Fastly Ashburn (WDC) Operational
Fastly New Delhi (DEL) Operational
Fastly Mumbai (BOM) Operational
Fastly Chennai (MAA) Operational
Fastly Vienna (VIE) Operational
Fastly Stockholm (BMA) Operational
Fastly Paris (CDG) Operational
Fastly Purging Operational
Fastly Tokyo (NRT) Operational
Fastly Singapore (QPG) Operational
Fastly Seoul (ICN) Operational
Fastly Manila (MNL) Operational
Fastly Kuala Lumpur (KUL) Operational
Fastly Dubai (DXB) Operational
Fastly Christchurch (CHC) Operational
Fastly Adelaide (ADL) Operational
Fastly Ghana (ACC) Operational
Fastly Sāo Paulo (CGH) Operational
Fastly Lima (LIM) Operational
Fastly Fortaleza (FOR) Operational
Fastly Seattle (BFI) Operational
Fastly Portland (PDX) Operational
Fastly Phoenix (PHX) Operational
Fastly Los Angeles (LGB - LAX/SNA) Operational
Fastly Honolulu (HNL) Operational
Fastly Gainesville (GNV) Operational
Fastly Detroit (DTW) Operational
Fastly Columbus (LCK) Operational
Fastly Calgary (YYC) Operational
Fastly Atlanta (ATL) Operational
Fastly Sydney (SYD) Operational
Fastly Palo Alto (PAO) Operational
Fastly Amsterdam (AMS) Operational
Fastly Kolkata (CCU) Operational
Fastly Hyderabad (HYD) Operational
Fastly Palermo (PMO) Operational
Fastly Sofia (SOF) Operational
Fastly Rome (FCO) Operational
Fastly Munich (MUC) Operational
Fastly Milan (LIN) Operational
Fastly Marseille (MRS) Operational
Fastly Lisbon (LIS) Operational
Fastly Brussels (BRU) Operational
Operational
Degraded Performance
Partial Outage
Major Outage
Maintenance
Major outage
Partial outage
No downtime recorded on this day.
No data exists for this day.
had a major outage.
had a partial outage.
PyPI CDN Edge Errors ?
Fetching
PyPI Files CDN Edge Errors ?
Fetching
PyPI CDN Miss Times
Fetching
PyPI Files CDN Miss Times
Fetching
Past Incidents
Nov 26, 2022

No incidents reported today.

Nov 25, 2022

No incidents reported.

Nov 24, 2022

No incidents reported.

Nov 23, 2022

No incidents reported.

Nov 22, 2022

No incidents reported.

Nov 21, 2022

No incidents reported.

Nov 20, 2022

No incidents reported.

Nov 19, 2022

No incidents reported.

Nov 18, 2022

No incidents reported.

Nov 17, 2022
Resolved - This incident has been resolved.
Nov 17, 17:47 UTC
Monitoring - Beginning on Nov 6th, 2022, PyPI began to become inundated with failed authentication attempts due to a dictionary attack (https://en.wikipedia.org/wiki/Dictionary_attack). At its peak, the attack was attempting more than 260K passwords per hour, and at the time of writing has resulted in more than 6 million invalid authentication attempts.

The attacker used a large pool of IP addresses to cycle through multiple IPs as each one reached our ratelimit for authentication failures. The attacker specifically used PyPI’s ‘basic’ HTTP authentication methods associated with our upload endpoint.

PyPI integrates with the Have I Been Pwned (HIBP) API (https://haveibeenpwned.com/API/v2) to prevent dictionary and credential stuffing attacks. Four times during the period of this attack, PyPI used the HIBP API to determine that a compromised password was being used to log into a user’s account, making it likely that the attacker was using a set of leaked passwords that HIBP includes in its dataset. For comparison, in the two weeks prior to the start of the attack, PyPI identified the usage of 16 compromised passwords via HIBP.

As a result, in each of these occurrences, PyPI prevented the authentication attempt from succeeding, forcing the user’s password to be reset, and notifying the user. Due to insufficient metrics at the time, we are unable to determine what proportion of these login attempts with compromised passwords were likely legitimate, and what percentage were from IPs participating in the dictionary attack.

At this time, we have determined that no successful logins to legitimate user accounts have been performed from requests originating from IP addresses participating in the dictionary attack.

As a result of this attack, PyPI has made a number of changes to improve our ability to respond to such an attack:

- Added a new user event type for successful ‘basic’ HTTP authentication logins
- Added a new user event type for detection of compromised passwords via HIBP
- Added new moderation tools to track the occurrence of abuse attempts grouped by IP address

At the time of writing, the attack has temporarily abated, as it has a few times over the past week. The PyPI volunteer team will continue to monitor for changes, as well as for potentially compromised accounts.

Nov 11, 22:24 UTC
Nov 16, 2022

No incidents reported.

Nov 15, 2022

No incidents reported.

Nov 14, 2022

No incidents reported.

Nov 13, 2022

No incidents reported.

Nov 12, 2022

No incidents reported.