Skip to main content

How I brought down www.lufthansa.com

Posted by kcpeppe on January 4, 2013 at 4:46 AM PST

A couple of years ago I brought down www.lufthansa.com. Ok ok... maybe I didn’t bring the site down but the sequence of events leading up to the site becoming completely unresponsive and a subsequent change in the sites logic leads me to believe...... well, let me tell you the sequence of events and then you be the judge.

What I was trying to do was book a flight using miles using a new feature that Lufthansa had just released on their website. I started the search by entering the dates I was hoping for but as expected there were no free seats on those dates. What the system offered up was an outbound on Thursday and a return Friday. Not much fun given this was for a trans-atlantic flight. But no worries, my dates were flexable so I simply changed the dates and triggered a new search. Again, I didn’t get my dates but I was offered several choices on the outward bound flight.

By the now my programmer mindset has kicked in and I could picture the query that is being fired off at the database and the logic that was being used to process the results. That logic seemed to be; if I can’t satisfy the original request, offer up all possibilites that exist between the two dates. Given that it was pretty tedious to redo searches on the specific dates I was interested in I figured, why not try to find *all* flights over a much longer span of time. I could pick through the results for flights that made sense to me and and life would be good. The question was, how long a period to search through. After a brief discussion with my wife I said what the heck and used the default value for outbound and just up'ed the default for the return by 1 year and pressed the search button. And then I waited... and waited... and waited... and then I brought up another browser window and typed in www.lufthansa.com and waited and waited and waited. Reverting back into programmer mode I started thinking, no way, they couldn’t have possibly allowed a query like that to run... no way they could be using my dates as bounds on the queries... and even so, that query couldn't have possibly tied up all the other threads... yet, there in front of me was a completely unresponsive website.

I let everything run for a while longer but eventually I closed the browser windows.

It that had of been it, I’d have chalked the experience up to some random failure on their system but there was more. When I eventually got back to the search, I defined a 6 month window to search through. The system quickly responded with a message saying I had to narrow my search dates. Little more testing and it didn’t take long to realize that someone had gone though the logs, found my query and then puts some bounds on the previously unbounded query. Using the dates as bounds set the website up for the failure and then leaving the query unprotected finished the job. They still appear to be using dates as bounds but at least now the query is protected though is a less than useful way.

So, believe it or not, that is my story about how I brought down www.lufthansa.com.

Related Topics >>