GitHub hit by its biggest DDoS attack ever
GitHub is still in the throes of a massive DDoS attack which has blighted the site since Thursday. While the origins of and reasons for the attack is not yet fully known, the fact that two projects relating to Chinese anti-censorship have been targeted speaks volumes.
Now into its fifth day, the attack turned into something of a tug-of-war. Just as GitHub thought it had managed to wrestle back control of the site, a fresh wave was unleashed. The evolving attack is the largest in GitHub's history and engineers "remain on high alert".
The attackers have been using a variety of tactics over the course of the last few days, pursuing different areas of GitHub. The anti-censorship projects appear to have been key targets, and it included a project by Greatfire.org which aims to provide access to services and sites that are banned in China. Only last week GreatFire.org suffered a DDoS attack of its own.
On Friday, the GitHub status Twitter account was used to share some news about the attack:
We've been under continuous DDoS attack for 24+ hours. The attack is evolving, and we're all hands on deck mitigating.
— GitHub Status (@githubstatus) March 27, 2015
The battle against the attackers seemed to going GitHub's way, but the onslaught intensified. A post on the GitHub blog explained:
The attack began around 2AM UTC on Thursday, March 26, and involves a wide combination of attack vectors. These include every vector we've seen in previous attacks as well as some sophisticated new techniques that use the web browsers of unsuspecting, uninvolved people to flood github.com with high levels of traffic. Based on reports we've received, we believe the intent of this attack is to convince us to remove a specific class of content.
At the moment, it would appear that the attacks originate from within China. As reported by PC World, one Chinese blogger has determined that advertising code may have been hijacked and used to pound GitHub with traffic. He found that when he visited Chinese websites, he started to notice JavaScript popups. Further investigation revealed that these were the result of trying to access the previously mentioned anti-censorship projects on GitHib. It looks as though someone has modified the ad tracking code used by Baidu -- the Chinese search giant, comparable to Google -- and used it to launch the DDoS attack.
That said, the attack has not yet been stopped in its tracks as it continues to adapt and change:
The DDoS attack has evolved and we are working to mitigate
— GitHub Status (@githubstatus) March 30, 2015
Photo credit: sibgat / Shutterstock