U.S. coding site GitHub undergoes denial of service cyber attack, facing intermittent outages for past five days
The popular online repository service, GitHub, which was hit with a massive Distributed Denial of Service (DDoS) attack since Wednesday, has not been able to shake off the attack as of today.
The global repository is facing a massive Distributed Denial of Service (DDoS) attack from alleged Chinese attackers and has been facing intermittent outage since Wednesday well into today.
The top coding site said on Sunday that it was deflecting most of the traffic from a days-long cyber attack that had caused intermittent outages for the social coding site. Yesterday GitHub tweeted :
87 hours in, our mitigation is deflecting most attack traffic. We're aware of intermittent issues and continue to adapt our response.
— GitHub Status (@githubstatus) March 29, 2015
The fresh update made today at 6:46 UTC on its status pages states that “The DDoS attack has evolved and we are working to mitigate” while another one made at 0:38 UTC says that “All systems reporting at 100%. Attack traffic continues, so we remain on high alert.”
The attack which started on Wednesday, emanated from scripts belonging to the internet giant Baidu. The scripts began directing useless traffic to two specific GitHub pages: one run by GreatFire, and the other offering translations of The New York Times, in the process bringing the entire GitHub down.
The useless dataflow resulted in a massive DDoS attack on GitHub and caused it to go down on many occasions throughout the week from Wednesday night through to today. Server logs show a sudden drop in app server availability just before midnight, and page failure rates spiking to 100% just before 3am.
On its blog, GitHub said that the attack began early on Thursday “and involves a wide combination of attack vectors.”
“These include every vector we’ve seen in previous attacks as well as some sophisticated new techniques that use the web browsers of unsuspecting, uninvolved people to flood github.com with high levels of traffic,” the blog post continued.
“Based on reports we’ve received, we believe the intent of this attack is to convince us to remove a specific class of content.”
Security analysts have said that this may be one of the biggest DDoS attacks faced by any website. The previous biggest DDoS attack was recorded in December 2014 when an unnamed ISP experienced an NTP reflection DDoS attack that peaked at a router-straining 400Gbps making it the largest denial of service event in Internet history according to the Arbor Networks’ 10th Annual Infrastructure Report.
You can check the status of GitHub here.