DDoS attack on GitHub has stopped? Status is green again. (opens in new tab)

(status.github.com)

36 pointssmurfpandey10y ago20 comments

20 comments

timdorr10y ago

https://github.com/greatfire and https://github.com/cn-nytimes have both returned to normal as well.

snsr10y ago

I'm still seeing the unicorn via those URLs.

MollyR10y ago

Yea I can't seem to get to those pages either.

Update: its working now, but it was definitely not working earlier.

smurfpandeyOP10y ago

It's working from my end.

dak110y ago

I'm also unable to access the two repos that were apparently the target of the PRC's ire: https://github.com/cn-nytimes and https://github.com/greatfire

Is this simply a temporary precautionary measure because of the initial JS DDOS, or has GitHub permanently taken those two repos down?

If it's the latter, then I'm really disappointed and it would seem the PRC was able to get what it wanted.

micah_chatt10y ago

Interestingly, GitHub seem's to be allowing logged-in users to access those pages, but using a incongnito tab shows unicorns. I'm guessing they've just disabled access for unauthenticated requests.

andor43610y ago

Aha, you're right! Same behavior for me.

smurfpandeyOP10y ago

Both repos are still up and accessible from my end (India).

andor43610y ago

They're there for me (I'm in the US-midwest.)

remi10y ago

https://twitter.com/githubstatus/status/582862783827591168

ryannevius10y ago

Maybe...but it was green a couple of times on March 27 as well. Time will tell.

johnnyfaehell10y ago

I think it's more they're no longer worried about it evolving any more.

NamTaf10y ago

They had said in their updates that they'd leave it yellow until it subsided.

https://status.github.com/messages

cotillion10y ago

They're still hiding behind Prolexic/Akamai. I suspect the attacker is waiting for them to drop that protection.

From a state sponsored attacker I would have expected to see a BGP attack..

tux310y ago

A BGP attack would be a whole new level of "This is war", probably with a bit more consequences.

f05510y ago

Does anybody have any wider context regarding this attack? Is it the first time a massive DDoS like that was mitigated, with just minor disruptions to the victim?

lordbusiness10y ago

Not by a long-shot; this was reported as a big deal (and I'd love to have more insight and data available), but this kind of thing has been going on for many years.

Ask your local DNS admin for some war stories. :-)

pyre10y ago

It also gained notoriety because it seemed like an attempt by a Chinese actor (possibly the PRC) to force Github to take down two repositories that helped to circumvent the Great Firewall.

Github itself has weathered DDoS attacks before, but I'm not sure how different this attack was in scale.

1 more reply

zmk10y ago

Prologue:

http://techcrunch.com/2015/03/19/anti-censorship-service-gre...

See links around this article, similar attacks have happened before:

http://www.netresec.com/?page=Blog&month=2015-03&post=China%...

j / k navigate · click thread line to collapse

20 comments

timdorr10y ago

https://github.com/greatfire and https://github.com/cn-nytimes have both returned to normal as well.

snsr10y ago

I'm still seeing the unicorn via those URLs.

MollyR10y ago

Yea I can't seem to get to those pages either.

Update: its working now, but it was definitely not working earlier.

smurfpandeyOP10y ago

It's working from my end.

dak110y ago

I'm also unable to access the two repos that were apparently the target of the PRC's ire: https://github.com/cn-nytimes and https://github.com/greatfire

Is this simply a temporary precautionary measure because of the initial JS DDOS, or has GitHub permanently taken those two repos down?

If it's the latter, then I'm really disappointed and it would seem the PRC was able to get what it wanted.

micah_chatt10y ago

Interestingly, GitHub seem's to be allowing logged-in users to access those pages, but using a incongnito tab shows unicorns. I'm guessing they've just disabled access for unauthenticated requests.

andor43610y ago

Aha, you're right! Same behavior for me.

smurfpandeyOP10y ago

Both repos are still up and accessible from my end (India).

andor43610y ago

They're there for me (I'm in the US-midwest.)

remi10y ago

https://twitter.com/githubstatus/status/582862783827591168

ryannevius10y ago

Maybe...but it was green a couple of times on March 27 as well. Time will tell.

johnnyfaehell10y ago

I think it's more they're no longer worried about it evolving any more.

NamTaf10y ago

They had said in their updates that they'd leave it yellow until it subsided.

https://status.github.com/messages

cotillion10y ago

They're still hiding behind Prolexic/Akamai. I suspect the attacker is waiting for them to drop that protection.

From a state sponsored attacker I would have expected to see a BGP attack..

tux310y ago

A BGP attack would be a whole new level of "This is war", probably with a bit more consequences.

f05510y ago

Does anybody have any wider context regarding this attack? Is it the first time a massive DDoS like that was mitigated, with just minor disruptions to the victim?

lordbusiness10y ago

Not by a long-shot; this was reported as a big deal (and I'd love to have more insight and data available), but this kind of thing has been going on for many years.

Ask your local DNS admin for some war stories. :-)

pyre10y ago

It also gained notoriety because it seemed like an attempt by a Chinese actor (possibly the PRC) to force Github to take down two repositories that helped to circumvent the Great Firewall.

Github itself has weathered DDoS attacks before, but I'm not sure how different this attack was in scale.

1 more reply

zmk10y ago

Prologue:

http://techcrunch.com/2015/03/19/anti-censorship-service-gre...

See links around this article, similar attacks have happened before:

http://www.netresec.com/?page=Blog&month=2015-03&post=China%...

j / k navigate · click thread line to collapse