LocalXpose incident report: May 6–7, 2025

May 11, 2025

  • Incident Date: May 6, 2025 and May 7, 2025

  • Status: Resolved

  • Last Updated: May 12, 2025

Summary

On May 6, 2025, and May 7, 2025, LocalXpose experienced service disruptions due to distributed denial of service (DDoS) activity targeting addresses of our US-based infrastructure. This incident triggered automated protection systems at one of our cloud infrastructure providers, resulting in disruptions to tunnel services in the US region. The first disruption lasted approximately one hour on May 6, while the second disruption lasted about three hours on May 7. Our team responded immediately and worked closely with the affected infrastructure provider to restore service.

This incident affected a subset of users on Basic and PRO plans who were using the US region. Enterprise customers with dedicated instances were not affected by these disruptions.

Timeline

May 6, 2025

  • 16:34 UTC - Initial detection of the DDoS attack
  • 16:39 UTC - Our monitoring systems confirmed impact to the US region
  • 17:34 UTC - Service largely restored for most affected users

May 7, 2025

  • 08:33 UTC - Second DDoS attack occurred, with the hosting provider implementing automated protective measures
  • 08:34 UTC - Our synthetic monitoring detected failures reaching internal endpoints, but this did not initially suggest a full outage
  • 08:34-11:33 UTC - Investigation and mitigation efforts with our hosting provider
  • ~11:00 UTC - Reports from customers began to indicate a more widespread impact than initially understood
  • 11:33 UTC - Full restoration of affected services
  • 11:33-16:00 UTC - Additional investigation and manual remediation for affected users
  • 16:00 UTC - Status page updated with detailed information

Note: During the second incident, our visibility was limited as the attack was blocked at our hosting provider's infrastructure level before reaching our network, which contributed to delays in recognizing the full scope of the disruption.

User Impact

Tunnels using the affected Gateway servers in the US region were completely unavailable during the peak of the incidents. Only Basic and PRO plan users were affected, while Enterprise accounts with dedicated instances were not impacted.

The recovery process was staggered:

  • May 6: Outage began at approximately 16:34 UTC, with recovery starting around 17:34 UTC
  • May 7: Second outage began at approximately 08:34 UTC, with varying recovery times until full infrastructure availability was confirmed at 11:33 UTC

While we confirmed full infrastructure recovery at 11:33 UTC on May 7, individual customer experiences varied. Some users were able to resume service earlier, while others experienced longer disruptions. In particular, we identified that some users' loclx CLI applications were unable to automatically reconnect to the affected Gateways even after our systems became available again. We are actively working to improve this behavior in future releases.

Ensure you are regularly upgrading your loclx CLI, or regularly pulling the latest localxpose/localxpose image if you're running a tunnel in Docker (opens in a new tab).

If you experienced issues during this time but did not report them, we encourage you to contact our support team to help us better understand the full impact of this incident.

What We're Doing

Immediate Actions

  1. Deployed enhanced DDoS telemetry across all LocalXpose servers
  2. Added synthetic monitoring to detect issues along multiple network paths rather than just one
  3. Improving our CLI application to better handle temporary service disruptions
  4. Expanding our multi-cloud infrastructure to further minimize impact from similar events
  5. Enhancing our alerting system to better consolidate and assign notifications from different channels

For the best practices on maintaining your LocalXpose tunnels, please refer to our CLI guide (opens in a new tab) and YAML schema (opens in a new tab).

Ongoing Improvements

  1. Implementing improved monitoring systems for earlier detection of all types of outages
  2. Developing automated failover capabilities in the loclx CLI and public-facing systems
  3. Expanding our support and operations teams to better respond to incidents
  4. Creating clearer communication channels for service disruptions
  5. Continuing to work with our hosting providers to understand and improve response to similar incidents
  6. Standardizing our incident response and customer communication processes

Please bookmark and subscribe to our status page (opens in a new tab) for automated notifications.

What is a DDoS Attack?

A Distributed Denial of Service (DDoS) attack occurs when multiple compromised computers are used to target a single system or service. These attacks can temporarily make services unavailable by overwhelming them with malicious traffic.

There are several types of DDoS attacks:

  1. Volumetric Attacks: Flood a network with a massive volume of traffic
  2. Protocol Attacks: Target server resources by exploiting network protocol vulnerabilities
  3. Application Layer Attacks: Overwhelm specific applications with seemingly legitimate requests

DDoS attacks are unfortunately common across the internet, and while they can be mitigated, even the largest cloud providers and services occasionally experience disruptions from particularly large or sophisticated attacks.

For more information about DDoS attacks, you can refer to resources like CISA's DDoS Quick Guide (opens in a new tab) or Cloudflare's DDoS Learning Center (opens in a new tab).

Next Steps

If you continue to experience any issues with your tunnels, please contact us at hello@localxpose.io for assistance. Our team is available to help ensure your services return to normal operation.

For users who want to improve resilience against regional disruptions, we recommend:

  1. Familiarizing yourself with our region selection options (opens in a new tab)
  2. Understanding the different subscription tiers (opens in a new tab) and their features
  3. Reviewing our troubleshooting guide (opens in a new tab) for common connection issues
  4. Subscribing to our status page (opens in a new tab) for automated notifications and timely updates

You can find comprehensive documentation for all LocalXpose features at our documentation hub (opens in a new tab).

We appreciate your patience during this incident and your continued trust in LocalXpose. We deeply regret any disruption to your business operations and are committed to providing the most reliable and secure tunneling service possible.

LocalXpose Operations Team

HomeAccess Local Network Remotely: A Complete Guide for Secure Connections

8 The Green, Dover, Delaware, 19901 USA

hello@localxpose.io

2025 Freeport Cloud, Inc. All rights reserved.

Learn how we use cookies.

We contribute to Stripe's Climate program!

Product

FeaturesPricingDocumentationAppsAlternatives

Company

BlogChangelogRoadmapReport abuse

Legal

Cookie PolicyPrivacy PolicyAcceptable UseTerms of Service