GitHub, the largest public code repository in the world, is currently battling against the largest and most gnarly distributed denial of service (DDoS) attack in the site’s history. The attack started on Thursday morning (March 26), and has continued unabated since then, evolving several times to circumvent GitHub’s defenses. The ongoing attack appears to originate from China, with the DDoS specifically targeting two GitHub projects that are designed to combat censorship in China: GreatFire, and cn-nytimes, a Chinese language version of the New York Times.
According to a security researcher at Insight Labs, the DDoS is being caused by some nefarious JavaScript that is being injected by “a certain device at the border of China’s inner network and the Internet” when people visit the Baidu search engine. The JavaScript tells the user’s browser to request two GitHub URLs: https://github.com/greatfire/ and https://github.com/cn-nytimes/. Multiply that by millions of Baidu users, and voilà: a DDoS on GitHub.

87 hours in, our mitigation is deflecting most attack traffic. We’re aware of intermittent issues and continue to adapt our response.
— GitHub Status (@githubstatus) March 29, 2015

The GitHub Status page gives us some insight into the ongoing attack. GitHub has managed to get successful mitigations into place several times, but it’s still all-hands-on-deck as the attack continues to evolve. If you look at the longer-term status graphs, you can see spikes of reduced availability/higher latency on March 26, 27, and 28, but for the most part it looks like the DDoS has been mostly quashed for now.
Read 2 remaining paragraphs | Comments

Leave a Reply