SoylentNews is people
SoylentNews
GitHub has been hit with the largest-ever DDoS attack, and it was only down for a few minutes:
On Wednesday, February 28, 2018 GitHub.com was unavailable from 17:21 to 17:26 UTC and intermittently unavailable from 17:26 to 17:30 UTC due to a distributed denial-of-service (DDoS) attack.
[...] Cloudflare described an amplification vector using memcached over UDP in their blog post this week, "Memcrashed - Major amplification attacks from UDP port 11211". The attack works by abusing memcached instances that are inadvertently accessible on the public internet with UDP support enabled. Spoofing of IP addresses allows memcached's responses to be targeted against another address, like ones used to serve GitHub.com, and send more data toward the target than needs to be sent by the unspoofed source. The vulnerability via misconfiguration described in the post is somewhat unique amongst that class of attacks because the amplification factor is up to 51,000, meaning that for each byte sent by the attacker, up to 51KB is sent toward the target.
[...] Between 17:21 and 17:30 UTC on February 28th we identified and mitigated a significant volumetric DDoS attack. The attack originated from over a thousand different autonomous systems (ASNs) across tens of thousands of unique endpoints. It was an amplification attack using the memcached-based approach described above that peaked at 1.35Tbps via 126.9 million packets per second.
Also at Wired and The Register.
(Score: 2, Interesting) by Anonymous Coward on Friday March 02 2018, @01:05PM (16 children)
I wonder if this has anything to do with the fact that Slashdot has been "in offline mode" for days, and from time to time unavailable. Someone mentioned SourceForge yesterday as well.
GitHub seems like an unusual target for a DDOS. Trying to imagine a motivation for the usual run of scum who do this sort of thing. Coming up blank.
(Score: 5, Interesting) by VLM on Friday March 02 2018, @01:19PM (5 children)
https://readwrite.com/2015/03/30/github-biggest-ddos-attack/ [readwrite.com]
There's been some crazy news about internet censorship out of China over the last week or so "China's Censors Ban Winnie the Pooh and the Letter 'N' After Xi's Power Grab" and so forth. Basically the current leader of China is setting up as dictator and theres modest unrest leading to, so far, modest censorship and DDOS type stuff from the Chinese government. And Trump's trade renegotiation is not cheering them up, unclear if thats related or not. Probably related, why wait so long to talk about infinitely exciting steel tariffs until the day after the new Chinese emperor coronates himself...
(Score: 1, Insightful) by Anonymous Coward on Friday March 02 2018, @01:22PM
Seems their Great Firewall actually isn't that Great if they have to resort to DRDoS to make a site unavailable to their citizens.
(Score: 2) by zocalo on Friday March 02 2018, @01:33PM
UNIX? They're not even circumcised! Savages!
(Score: 1, Interesting) by Anonymous Coward on Friday March 02 2018, @02:18PM (1 child)
Yeah... but unless such a DDOS can be maintained (it can't), it does the government of China very little good. Perhaps none at all.
Plus, GIT is a distributed system where the repos can be trivially cloned and in the case of such ware, no doubt have been. GitHub may be down, but the repositories that were seeded from there most certainly are not.
Yet people involved in DDOS attacks are generally really, really stupid, that's why they do such things, so perhaps you're right and someone in China's government thought (for very low levels of qualification as "thought") this would be meaningful.
(Score: 2) by VLM on Friday March 02 2018, @03:03PM
I can't help but notice here we are talking about Chinese military activity and this is basically the American propaganda response when the Chinese encircled the Chosin Reservoir in the (First, so far) Korean War. Its weird to mentally search and replace parts of your comment to read like a newsreel from 1950. Possibly you were doing this on purpose because it is kinda cool.
Chosin Reservoir was kinda the LOTR scene for the Chinese where Gandalf says "You shall not pass". Chinese human wave attacks meant the extremely rapid march north to the NK/China border ended with a march right back to the old NK/SK border (more or less) and just sit there and do attrition for a couple more years and then a couple decades of the DMZ thing. Obviously that's what the Chinese are hoping for their DDOS against github, eventually they'll do something big enough to knock github out and start progressing.
People get confused about github. Its not a cloudy filestore, all the money goes into social engineering to include codes of conduct for later censorship of the "wrong" opinions or enforcing diversity, which is supposedly good, although no one can explain why, via pretty explicit sexism and racism against white/asian males, which is supposedly good although no one can explain why hate is so doubleplus good if its against the correct victims. So, if you still think they're a filestore, then dumping firewall avoidance tools (proxies, I suppose) is a huge fail, but if you think the purpose of github is two minutes hate of fucking white males, then why not dump some code that isn't anti-asian enough anyway? So the Chinese have good reason to think they will win, its not really crazy from their position.
(Score: 2) by DeathMonkey on Friday March 02 2018, @07:10PM
Yeah, they banned Animal Farm too. [independent.co.uk]
I'm surprised we didn't cover it here.
(Actually, I'm gonna go submit it.)
(Score: 4, Insightful) by epitaxial on Friday March 02 2018, @02:03PM (6 children)
The people who run Slashdot don't have a clue what they are doing. They still can't figure out that unicode bug that only affects them. Show me another website right now with that same problem. According to an admin they are fixing a problem on the "backend" and it will take a few days.
(Score: -1, Troll) by Anonymous Coward on Friday March 02 2018, @02:49PM
The worst part is all the Slashdolts need do is look at GitHub to see how The Bigly Fucktard and his nigger buddies at ShitstainNews did to fix the Unicode problem.
(Score: 2) by VLM on Friday March 02 2018, @03:08PM (3 children)
There's still people left? After a zillion mergers and sales and downsizing I thought the whole site was one small shell script. ALL the old timers are long gone, correct?
I know from professional experience how "fun" it is to maintain something where the last original team member quit three years ago.
(Score: 5, Interesting) by zocalo on Friday March 02 2018, @03:49PM
UNIX? They're not even circumcised! Savages!
(Score: 1) by DECbot on Friday March 02 2018, @09:31PM (1 child)
I imagine it is done more in Linux fashion, where there is one small shell script linking to hundreds of small scripts, utilities, and perl-one-liners dynamically calling thousands of more small scripts, utilities, and perl-one-liners stored in a MySQL database that has not been updated since 2006 when the database crashed after achieving 2²⁴ − 1 comments.
cats~$ sudo chown -R us /home/base
(Score: 2) by VLM on Sunday March 04 2018, @04:24PM
I remember that although I remember it as being some autoincrementing primary key exceeded 32 bit integer. A somewhat common problem. Fixing it can be hard.
(Score: 1) by angelosphere on Friday March 02 2018, @10:33PM
/. is written in Perl ... why do you wonder that they have troubles to fix simple bugs is beyond me.
Well soylent news is Perl, too ... but they fixed stuff at a time where perl was still a trenending language :D
(Score: 2) by takyon on Friday March 02 2018, @04:44PM (2 children)
I can think of at least one Anonymous Coward that had the motive, if not the means.
[SIG] 10/28/2017: Soylent Upgrade v14 [soylentnews.org]
(Score: 0, Troll) by Anonymous Coward on Saturday March 03 2018, @01:09AM (1 child)
Stop talking about me, you little bitch. You're lucky I'm a nice guy.
(Score: 2) by takyon on Saturday March 03 2018, @01:11AM
yawn
[SIG] 10/28/2017: Soylent Upgrade v14 [soylentnews.org]