Online Repository service GitHub was hit with massive denial-of-service attack from China
The popular online repository service, GitHub was hit with a massive Distributed Denial of Service (DDoS) attack since Wednesday night rendering it to be intermittently down for users all throughout Thursday and yesterday.
The attack which started on Wednesday, emanated from scripts belonging to the internet giant Baidu. The scripts began directing useless traffic to two specific GitHub pages: one run by GreatFire, and the other offering translations of The New York Times, in the process bringing the entire GitHub down.
The useless dataflow resulted in a massive DDoS attack on GitHub and caused it to go down on many occasions throughout Thursday night. Server logs show a sudden drop in app server availability just before midnight, and page failure rates spiking to 100% just before 3am. Although according to admins, the attack is still ongoing, and recent tweets suggest a surge in attack volume on Friday morning.
We've been under continuous DDoS attack for 24+ hours. The attack is evolving, and we're all hands on deck mitigating.
— GitHub Status (@githubstatus) March 27, 2015
Though the attacks originated from scripts being hosted on the popular Chinese website, Baidu, it has denied any involvement in the attack.
It released a statement saying that it was not involved in any traffic redirector nor was its internal security compromised. “We’ve notified other security organizations,” the company said in a statement, “and are working together to get to the bottom of this.”
The Chinese web censorship beating and web traffic monitoring website GreatFire was subjected to a similar massive DDoS attack last week and was offline for more than 2 days. That attack and the current one on GitHub seems to suggest that the attackers want to DDoS any websites participating in circumventing the Chinese firewall and web censorship.
Since GitHub is served over HTTPS, countries can’t block individual pages without blocking the entire site, a feature that’s proved extremely useful for anti-censorship services like Great Fire.
#Update (30th March): GitHub continues facing Massive DDoS attack for past five days