Arch Linux continues to feel the force of a DDoS attack after two brutal weeks — attackers yet to be identified as project struggles to restore full service

The last two weeks have been hard for the Arch Project, which has been experiencing a DDoS (Distributed Denial of Service) attack, causing service outages for the popular Linux distribution as documented by Arch maintainer Cristian Heusel in a recent update.

Heusel's post states, "The Arch Linux Project is currently experiencing an ongoing denial of service attack that primarily impacts our main webpage, the Arch User Repository (AUR), and the Forums."

This DDoS is not just impacting the main website, but also the Arch User Repository (AUR), where user-submitted package description files are collected. It is effectively a repository of user-created packages that complement the official repository, where software is downloaded and built from.

The Arch Linux team is aware of the problems and is working with its hosting provider to mitigate the attack, along with investigating DDoS protection.

Details on workarounds for users wishing to install software, update their systems, or download install ISOs are provided on the service outage page.

The details of origin and motives of the attack, along with mitigation tactics, are, understandably, being kept under wraps while the investigation continues. In the meantime, the Arch team will be providing regular updates via a service status page.

Looking at this page right now, I can see that the website and AUR are taking the brunt of the attack. The August 22, 2025 update states that, "We are suffering from partial outages due DDoS attacks and try our best to keep the services accessible to all!"

Arch Linux forms the base for Valve's SteamOS, used on its Steam Deck. This exposure has significantly boosted Arch's popularity, particularly among intermediate and advanced Linux users who are moving away from distributions like Ubuntu / Fedora. Other Arch-based distros include EndeavourOS and Manjaro Linux (the latter powered this editor's Teclast T5 laptop for a long time).

Founded in 2002 by Judd Vinet, Arch Linux was inspired by the KISS principle (Keep It Simple, Stupid) and provided a base install from which users would build their own Linux experience. This differs from the typical "kitchen sink" approach that many distros offer.

Heusel ends the update with a token of thanks to the community.

"As a volunteer-driven project, we appreciate the community's patience as our DevOps team works to resolve these issues. Please bear with us, and thank you for all the support you have shown so far."