Skip to main content

GitHub Facing Ongoing DDoS Attack

Social coding site GitHub revealed in a recent blog that it was experiencing its largest DDoS attack to date. The attack was first reported via Twitter on Thursday, saying that the site had been under DDoS fire for 24 hours. The attack was "evolving," the GitHub blog added, and coming in a "wide combination of attack vectors."

"These include every vector we've seen in previous attacks as well as some sophisticated new techniques that use the web browsers of unsuspecting, uninvolved people to flood github.com with high levels of traffic," the blog said. "Based on reports we've received, we believe the intent of this attack is to convince us to remove a specific class of content."

On Friday, GitHub said it managed to get everything operating normally but then posted some hours later that the attack had ramped up again. GitHub said it had deployed "volumetric attack defenses" against the attack, thereby stabilizing site performance.

"We are completely focused on mitigating this attack. Our top priority is making sure github.com is available to all our users while deflecting malicious traffic," GitHub said.

DDoS stands for Distributed Denial of Service, which essentially floods a target with packets in hopes of either knocking the target's server offline or flooding the server with traffic to the point that web surfers cannot connect. These DDoS attacks are typically sent by more than one individual.

As of 11:50 UTC, the GitHub status page on Monday reported that all systems were up and running perfectly. The attack on the site continues, however, and thus GitHub remains on high alert. Hours prior, the site said that the DDoS attack had evolved again, and that GitHub was "working to mitigate."

Follow Kevin Parrish @exfileme. Follow us @tomshardware, on Facebook and on Google+.

  • Simon Anderson
    Why would anyone attack GitHub??
    Reply
  • bit_user
    I was wondering the same thing. On another news site, they stated speculation by unnamed security experts that the Chinese Government wanted it to drop projects they didn't like. My guess is that such project might enable circumvention of their firewall or offer secure communication... probably something that undermines their internet controls.

    I hope the US government gets involved. If it is China, that's unacceptable and we should send a clear and strong message to that effect.
    Reply
  • MyDocuments
    I also read some articles speculating that this could be an attack against certain VPN and anti-GreatFirewallofChina projects being hosted by GitHub.
    Unfortunately if the attacks succeed then there could be an escalation against other unfavourable technologies and other hosting sites like BitBucket, etc. Many of which also host a great deal of non-security projects from fledgling companies.
    In short this type of thing at worst, if allowed to continue, could impact technological progress worldwide.

    Oh well, the Cloud was a nice idea but the always on and always connected ideas are also always going to be subject to this kind of abuse, whether it is state-sponsored or not.
    Reply
  • BulkZerker
    In b4 someone blames 8chan
    Reply
  • falchard
    I think its because someone is really bad at coding Hello World.
    Reply