Stories
Slash Boxes
Comments

SoylentNews is people

SoylentNews is powered by your submissions, so send in your scoop. Only 18 submissions in the queue.

China is DDOSing Github

posted by janrinok on Sunday March 29 2015, @02:13PM   Printer-friendly
from the must-stop-Rehash-development! dept.

JNCF writes:

It appears that whatever entity controls the "Great Firewall of China" is using malicious ECMAScript to launch a distributed denial of service attack on Github. The ECMAScript is being delivered through advertisements served by Baidu, which are on many non-Chinese websites. Baidu is denying any involvement, and it seems like the ECMAScript is probably being injected as the advertisements leave China's firewall.

The attack was originally attempting to target the repositories of two specific users; one is Great Fire (which aims to help users circumvent the Chinese government's firewall) and the other is CN-NY Times (an uncensored Chinese version of the New York Times). Since Github is only available through https, this effectively turned into a general attack on the website. It is unclear whether the specific pages were targeted despite being behind https due to technical ignorance on the part of the attackers, or as a way of sending a message.

More to follow:

Github made this post on March 27:

We are currently experiencing the largest DDoS (distributed denial of service) attack in github.com's history. The attack began around 2AM UTC on Thursday, March 26, and involves a wide combination of attack vectors. These include every vector we've seen in previous attacks as well as some sophisticated new techniques that use the web browsers of unsuspecting, uninvolved people to flood github.com with high levels of traffic. Based on reports we've received, we believe the intent of this attack is to convince us to remove a specific class of content.

We are completely focused on mitigating this attack. Our top priority is making sure github.com is available to all our users while deflecting malicious traffic. Please watch our status site or follow @githubstatus on Twitter for real-time updates.

Latest updates can be found on the GitHub status page.

I haven't personally had difficulty accessing Github, but it appears that many people have over the last two days. An interesting first-hand account from a security researcher whose computer was redirected to the two offending Github pages can be read at Insight-labs. While that page indicates that the attack has stopped, the latest updates by Github are more recent.

 
This discussion has been archived. No new comments can be posted.
China is DDOSing Github | Log In/Create an Account | Top | 64 comments | Search Discussion
Display Options Threshold/Breakthrough Mark All as Read Mark All as Unread
The Fine Print: The following comments are owned by whoever posted them. We are not responsible for them in any way.

  • (Score: 3, Insightful) by maxwell demon on Sunday March 29 2015, @09:19PM

    by maxwell demon (1608) on Sunday March 29 2015, @09:19PM (#163942) Journal

    No, you would be able to replace Github with something better. It's just that if it is only slightly better, it will take a long time, while if it is revolutionary better, it will displace it in a quite short time frame.

    --
    The Tao of math: The numbers you can count are not the real numbers.
    Starting Score:    1  point
    Moderation   +1  
       Insightful=1, Total=1
    Extra 'Insightful' Modifier   0  
    Karma-Bonus Modifier   +1  
    Total Score:   3