Github: Major Service Outage (opens in new tab)

(status.github.com)

104 pointsca13613y ago73 comments

73 comments

First off, as others have said, disabling port 80 is a great way to handle this, I don't really care that much if I can see/use github the website for a few hours, but I'd be much more upset if I couldn't pull my code.

Secondly, I kind of like when big sites go down when I'm not in desperate need because it means a really nice aftermath write up is on the way. Can't wait to hear more about this one.

mst13y ago

> "disabling port 80 is a great way to handle this"

It's been a disaster for a bunch of people I know.

git is distributed by nature so they all had extra remotes they could use.

github's issues and other project metadata wasn't distributed, since that's github's alone.

So all of the friends of mine who are corporate github users who were using git in a distributed style (a minority of their overall customer base, I would suspect) are more screwed by the web app's absence than they would have been by a repository problem.

I suspect github made the right choice for their customer base overall, but I still find the anecdata interesting.

kijin13y ago

The web app is also available on port 443, which every "corporate github user" should have been using anyway.

1 more reply

adambard13y ago

They didn't even disable https, so the site was still fully usable.

huhtenberg13y ago

> disabling port 80 is a great way to handle this

They got lucky. What would be a great way to handle it if next time it's port 21 or 443?

zheng13y ago

Like I said, disabling port 80 is a great way to handle this kind of attack. Those would obviously be trickier. I'm no network security expert, but I would assume that they are much more resilient to other attacks, as most protocols aren't as network intensive as TCP.

creativityhurts13y ago

They said they're under a DDoS attack https://twitter.com/github/statuses/259029493669310464

alook13y ago

Who DDOS'es twitter? Mercurial committers? the Bitbucket people?

fusiongyro13y ago

I heard once about a tire shop that drummed up business by strewing nails along the highway around it. Somewhere outside America; India or Thailand or somewhere else. Anyway, that kind of business practice wouldn't get you far in the Western world, so it seems unlikely.

OTOH, if I had a botnet and I wanted to see how powerfully it could DDOS without drawing a lot of mainstream media attention, github might be good for target practice. They have better infrastructure than most, and they always do detailed write-ups afterwards.

1 more reply

Stefan_H13y ago

did you mean "who DDOS'es Github"?

jbigelow7613y ago

Probably somebody pissed off their pull request was refused.

felixthehat13y ago

You do hear rumours of mafia types holding sites to ransom by DDOS... that was one of my thoughts

danso13y ago

Assuming you mean github: people who want to cause chaos.

tlrobinson13y ago

Some men just want to watch the world burn.

adgar213y ago

Nearly every reasonably popular site on the internet gets DDoSed. It's embarrassing that Github goes down every time they're targeted.

Honestly, grow a pair, fellas. It's part of doing business on the Internet.

Jgrubb13y ago

I think it's probably my fault. Github seems to go down every time I start poking around in someone else's projects.

aes25613y ago

I just signed up last night and I don't really know what I'm doing yet.

Sorry everyone!

zzleeper13y ago

By any chance, did you 'poke' with a cluster of LOICs?

thebigshane13y ago

(Never heard that term before...)

  Low Orbit Ion Cannon (LOIC) is an open source network 
  stress testing and denial-of-service attack application
  [...]
  LOIC performs a denial-of-service (DoS) attack (or when 
  used by multiple individuals, a DDoS attack) on a target 
  site by flooding the server with TCP packets or UDP 
  packets with the intention of disrupting the service of a 
  particular host. People have used LOIC to join voluntary 
  botnets.

-- http://en.wikipedia.org/wiki/Low_Orbit_Ion_Cannon

kmfrk13y ago

You damn chaos monkey ruining it for the rest of us.

FiloSottile13y ago

01:41 PM PST

We've temporarily disabled service on port 80 while we investigate the source of a connection flood. HTTPS, GIT, and SSH service are unaffected.

01:33 PM PST

"We are experiencing issues due to a DDOS attack, working hard to restore service"

8ig813y ago

I'm reading over the status updates a few hours after the fact, but for some reason the 1:33PM stands out because it is wrapped in quotes. Probably minor and meaningless. Just noted because it's different from the others.

imbriaco13y ago

It's because we update the status site from our chat room via Hubot and whoever posted that particular update didn't realize that they didn't need to put quotes around the body of the message.

augustl13y ago

Cheatsheet for continuing work when Github is down:

    1) ssh myserver.com
    2) adduser git
    3) sudo su git
    4) cd $HOME
    5) mkdir .ssh
    6) Add people's public keys to .ssh/authorized_keys (in /home/git)
    7) git init --bare myrepo.git
    8) Push and pull to git@myserver.com:myrepo.git

Voila!

wamatt13y ago

/enqueue jokes about decentralized DVCS systems being hosted centrally...

Srsly tho, the relationship between Git and GitHub, might be somewhat analogous to that of BitTorrent and TPB

tlrobinson13y ago

Fortunately since you have an entire copy of the repository it doesn't really matter. Your team can just push the latest copy to another remote like Bitbucket and start using that.

Well, except for Issues, Pull Requests, Wiki, etc, but those aren't part of Git.

wmf13y ago

I call it recentralized.

acdha13y ago

It's both a joke and educational: I didn't know they were down until I caught up on my RSS feeds last night

FuzzyDunlop13y ago

Nothing against Github but this probably highlights the real benefit of DVCS: setting up multiple remotes for your repo. Manage it probably and when one service goes down, fall back to Bitbucket or another service.

It would limit the potential damage these attacks could cause, given the reliance dev teams have on pushing code to a central repo. Taking down a site like Github has a fairly clear effect on the productivity of a lot of their users.

nivloc13y ago

Multiple remotes are easy. Three lines in the config to push to Github and Bitbucket. Which is great if you rely on either service. It's everything else - hooks, wiki, issues, etc. - that get overlooked.

bluesaunders13y ago

It'd be glorious if one service (say GitHub) had multiple remote links that dynamically switched for you when service faced an outage.

dasil00313y ago

If it's one service though there is still always a single point of failure outside of your control. If you want true redundancy you need to use multiple versions with no interconnections and develop your own solution to mitigate partial failure, of course your own solution is also a single point of failure, but at least it's under your control.

That said, Github has never been down long enough for me to justify a fallback procedure and policy for my team. The complexity of the solution outweighs the benefit. We'll cross that bridge when we come to it.

1 more reply

desbest13y ago

Why do people always post on Hacker News whenever Github is offline?

It's not going to make Github go online any quicker. They have a Twitter account, you know.

tedivm13y ago

It's a site most people here use, and it's interesting. It's not about getting things back up faster, but letting people know what's going on and giving them the chance to witness how a large site fails and recovers.

autotravis13y ago

can we please try not to become slashdot, with the "this doesn't belong here!!" comments on every post.

hkdobrev13y ago

Github status: "We've temporarily disabled service on port 80 while we investigate the source of a connection flood. HTTPS, GIT, and SSH service are unaffected."

Great way to keep the git push/pull workflow unaffected.

hkdobrev13y ago

Github.com is now up https://github.com/

https://status.github.com/

longdivision13y ago

https://twitter.com/AnonymousOwn3r is taking credit for attacks against YouTube and GitHub amongst others.

veeti13y ago

Stop giving some idiot script kiddie the attention he wants. It's probably not him anyway.

longdivision13y ago

It's Likely, but this is someone with a history of claims to this sort of attack and a large following. I was interested in who was running the large attacks and what their motivations might be and no sources had been suggested in the discussion at that point.

lsb13y ago

I can take credit for winning my city's marathon, but only investigations will reveal the facts.

trebor13y ago

GitHub says it's a DDOS attack that's hampering their services.

theevocater13y ago

It appears that their http endpoints are down, but their git endpoints are working fine

EDIT: or not anymore. I was able to push but now I am not.

ca136OP13y ago

Was just able to push/pull okay, overall seems like they're dealing with the outage really well. Their status page is really helpful, they were on twitter quickly, and they tried to restore service to people who might need to push/pull to their repos.

theevocater13y ago

yeah watched their status site off and on for the last few minutes and it seems their git endpoints are intermittent while the site is out.

songgao13y ago

HN is much slower here as well. Is HN also targeted?

FiloSottile13y ago

Probably it's only all of us swarming here as GH and YT are down ;)

NelsonMinar13y ago

Github status is hosted on Github, d'oh. Their Twitter feed posted at 2037Z: "We are experiencing issues due to a DDOS attack, working hard to restore service..." https://twitter.com/github/status/259029493669310464

jbredeche13y ago

Looks like github status is on heroku. It's loading fine for me:

  > host status.github.com
  status.github.com is an alias for appid129905herokucom-760859479.us-east-1.elb.amazonaws.com.
  appid129905herokucom-760859479.us-east-1.elb.amazonaws.com has address 50.19.101.240
  appid129905herokucom-760859479.us-east-1.elb.amazonaws.com has address 50.19.101.216
  appid129905herokucom-760859479.us-east-1.elb.amazonaws.com has address 107.22.241.165

NelsonMinar13y ago

Ah, my mistake. Some HN story linked to https://github.com/status which was down when I was posting the Twitter status.

danhunter13y ago

Yep after the last major outage they switched to Heroku

1 more reply

spicyj13y ago

I don't think the status site is actually on the same infrastructure… maybe it's being DDOSed as well.

spleeder13y ago

The internet is collapsing folks. YouTube is down as well: http://news.ycombinator.com/item?id=4670859

theevocater13y ago

I saw that and was confused. YouTube seems to be working for me

brokentone13y ago

GitHub, YouTube, I'm having trouble on Wordpress.org, anything else down for people? Anyone noticing any correlations?

xxpor13y ago

Does anyone know where GitHub is hosted? I assume not AWS because status.github is on heroku (and therefore AWS).

shadowmatter13y ago

They're on Rackspace:

http://techcrunch.com/2012/09/18/patent-complaint-filed-agai...

https://github.com/blog/493-github-is-moving-to-rackspace

csarva13y ago

The status site is on heroku/ec2 while the main services are on rackspace. Appears both are being attacked by one very unhappy camper.

thechut13y ago

Very slow but I was able to pull at 4:55EST

jamesjguthrie13y ago

Pfft, always down these days. BitBucket for me.

joshmlewis13y ago

Nice try, Bitbucket marketing team. ;)

piggity13y ago

Nice try, LaunchPad marketing team trying to deflect users from Bitbucket!

jamesjguthrie13y ago

Lol, downvoted? Really?

I'm not BitBucket marketing team, check my posts. This is just an honest view on GitHub.

j / k navigate · click thread line to collapse

73 comments

zheng13y ago

Secondly, I kind of like when big sites go down when I'm not in desperate need because it means a really nice aftermath write up is on the way. Can't wait to hear more about this one.

mst13y ago

> "disabling port 80 is a great way to handle this"

It's been a disaster for a bunch of people I know.

git is distributed by nature so they all had extra remotes they could use.

github's issues and other project metadata wasn't distributed, since that's github's alone.

I suspect github made the right choice for their customer base overall, but I still find the anecdata interesting.

kijin13y ago

The web app is also available on port 443, which every "corporate github user" should have been using anyway.

1 more reply

adambard13y ago

They didn't even disable https, so the site was still fully usable.

huhtenberg13y ago

> disabling port 80 is a great way to handle this

They got lucky. What would be a great way to handle it if next time it's port 21 or 443?

zheng13y ago

creativityhurts13y ago

They said they're under a DDoS attack https://twitter.com/github/statuses/259029493669310464

alook13y ago

Who DDOS'es twitter? Mercurial committers? the Bitbucket people?

fusiongyro13y ago

1 more reply

Stefan_H13y ago

did you mean "who DDOS'es Github"?

jbigelow7613y ago

Probably somebody pissed off their pull request was refused.

felixthehat13y ago

You do hear rumours of mafia types holding sites to ransom by DDOS... that was one of my thoughts

danso13y ago

Assuming you mean github: people who want to cause chaos.

tlrobinson13y ago

Some men just want to watch the world burn.

adgar213y ago

Nearly every reasonably popular site on the internet gets DDoSed. It's embarrassing that Github goes down every time they're targeted.

Honestly, grow a pair, fellas. It's part of doing business on the Internet.

Jgrubb13y ago

I think it's probably my fault. Github seems to go down every time I start poking around in someone else's projects.

aes25613y ago

I just signed up last night and I don't really know what I'm doing yet.

Sorry everyone!

zzleeper13y ago

By any chance, did you 'poke' with a cluster of LOICs?

thebigshane13y ago

(Never heard that term before...)

  Low Orbit Ion Cannon (LOIC) is an open source network 
  stress testing and denial-of-service attack application
  [...]
  LOIC performs a denial-of-service (DoS) attack (or when 
  used by multiple individuals, a DDoS attack) on a target 
  site by flooding the server with TCP packets or UDP 
  packets with the intention of disrupting the service of a 
  particular host. People have used LOIC to join voluntary 
  botnets.

-- http://en.wikipedia.org/wiki/Low_Orbit_Ion_Cannon

kmfrk13y ago

You damn chaos monkey ruining it for the rest of us.

FiloSottile13y ago

01:41 PM PST

We've temporarily disabled service on port 80 while we investigate the source of a connection flood. HTTPS, GIT, and SSH service are unaffected.

01:33 PM PST

"We are experiencing issues due to a DDOS attack, working hard to restore service"

8ig813y ago

imbriaco13y ago

It's because we update the status site from our chat room via Hubot and whoever posted that particular update didn't realize that they didn't need to put quotes around the body of the message.

augustl13y ago

Cheatsheet for continuing work when Github is down:

    1) ssh myserver.com
    2) adduser git
    3) sudo su git
    4) cd $HOME
    5) mkdir .ssh
    6) Add people's public keys to .ssh/authorized_keys (in /home/git)
    7) git init --bare myrepo.git
    8) Push and pull to git@myserver.com:myrepo.git

Voila!

wamatt13y ago

/enqueue jokes about decentralized DVCS systems being hosted centrally...

Srsly tho, the relationship between Git and GitHub, might be somewhat analogous to that of BitTorrent and TPB

tlrobinson13y ago

Fortunately since you have an entire copy of the repository it doesn't really matter. Your team can just push the latest copy to another remote like Bitbucket and start using that.

Well, except for Issues, Pull Requests, Wiki, etc, but those aren't part of Git.

wmf13y ago

I call it recentralized.

acdha13y ago

It's both a joke and educational: I didn't know they were down until I caught up on my RSS feeds last night

FuzzyDunlop13y ago

nivloc13y ago

bluesaunders13y ago

It'd be glorious if one service (say GitHub) had multiple remote links that dynamically switched for you when service faced an outage.

dasil00313y ago

1 more reply

desbest13y ago

Why do people always post on Hacker News whenever Github is offline?

It's not going to make Github go online any quicker. They have a Twitter account, you know.

tedivm13y ago

autotravis13y ago

can we please try not to become slashdot, with the "this doesn't belong here!!" comments on every post.

hkdobrev13y ago

Github status: "We've temporarily disabled service on port 80 while we investigate the source of a connection flood. HTTPS, GIT, and SSH service are unaffected."

Great way to keep the git push/pull workflow unaffected.

hkdobrev13y ago

Github.com is now up https://github.com/

https://status.github.com/

longdivision13y ago

https://twitter.com/AnonymousOwn3r is taking credit for attacks against YouTube and GitHub amongst others.

veeti13y ago

Stop giving some idiot script kiddie the attention he wants. It's probably not him anyway.

longdivision13y ago

lsb13y ago

I can take credit for winning my city's marathon, but only investigations will reveal the facts.

trebor13y ago

GitHub says it's a DDOS attack that's hampering their services.

theevocater13y ago

It appears that their http endpoints are down, but their git endpoints are working fine

EDIT: or not anymore. I was able to push but now I am not.

ca136OP13y ago

theevocater13y ago

yeah watched their status site off and on for the last few minutes and it seems their git endpoints are intermittent while the site is out.

songgao13y ago

HN is much slower here as well. Is HN also targeted?

FiloSottile13y ago

Probably it's only all of us swarming here as GH and YT are down ;)

NelsonMinar13y ago

jbredeche13y ago

Looks like github status is on heroku. It's loading fine for me:

  > host status.github.com
  status.github.com is an alias for appid129905herokucom-760859479.us-east-1.elb.amazonaws.com.
  appid129905herokucom-760859479.us-east-1.elb.amazonaws.com has address 50.19.101.240
  appid129905herokucom-760859479.us-east-1.elb.amazonaws.com has address 50.19.101.216
  appid129905herokucom-760859479.us-east-1.elb.amazonaws.com has address 107.22.241.165

NelsonMinar13y ago

Ah, my mistake. Some HN story linked to https://github.com/status which was down when I was posting the Twitter status.

danhunter13y ago

Yep after the last major outage they switched to Heroku

1 more reply

spicyj13y ago

I don't think the status site is actually on the same infrastructure… maybe it's being DDOSed as well.

spleeder13y ago

The internet is collapsing folks. YouTube is down as well: http://news.ycombinator.com/item?id=4670859

theevocater13y ago

I saw that and was confused. YouTube seems to be working for me

brokentone13y ago

GitHub, YouTube, I'm having trouble on Wordpress.org, anything else down for people? Anyone noticing any correlations?

xxpor13y ago

Does anyone know where GitHub is hosted? I assume not AWS because status.github is on heroku (and therefore AWS).

shadowmatter13y ago

They're on Rackspace:

http://techcrunch.com/2012/09/18/patent-complaint-filed-agai...

https://github.com/blog/493-github-is-moving-to-rackspace

csarva13y ago

The status site is on heroku/ec2 while the main services are on rackspace. Appears both are being attacked by one very unhappy camper.

thechut13y ago

Very slow but I was able to pull at 4:55EST

jamesjguthrie13y ago

Pfft, always down these days. BitBucket for me.

joshmlewis13y ago

Nice try, Bitbucket marketing team. ;)

piggity13y ago

Nice try, LaunchPad marketing team trying to deflect users from Bitbucket!

jamesjguthrie13y ago

Lol, downvoted? Really?

I'm not BitBucket marketing team, check my posts. This is just an honest view on GitHub.

j / k navigate · click thread line to collapse