They likely have separate servers running on the same network. The DDoS might be saturating their network infrastructure rather than causing load on any particular servers.
I'm just curious, why do people generally DDoS attack websites? The cases that I've heard mostly about are the Anonymous groups attacking government websites because they were being unfair in certain scenarios..But why will anyone want to DDoS attack a legitimate service like GitHub, that is infact only helping out the community of Open Source (Free plans for Open source)?
Just curious because, tomorrow this could be the case for your startup or mine..
Probably criminals trying to extort money from GitHub ("Cyberextortion") or testing their bot net.
That's why it's so important that every time we visit a computer-illiterate relative that we update their browser and operating system. Only you can prevent botnets.
>That's why it's so important that every time we visit a computer-illiterate relative that we update their browser and operating system.
Wow, that's a really good thought, mate! Personally my relatives wouldn't let me touch their computers though (:cough :cough browser history :cough :cough) :D
GitHub hosts tons of projects and pieces of information. Maybe the question shouldn't be "why does someone hate GitHub?" and should be "which of Github's projects upset someone?"
If this is the Chinese, they are patiently testing the limits of Github's defenses. They've done that with nearly every Google product in China, gradually beating back Google's prestige and market share.
It's insidiously clever, and an excellent attack vector. Patiently testing/preparing for worse disruption, patiently iterating mid-level frustration. Foreigners have yet to understand just how overt corruption is in China. If China, they're handshaking and smiling at Github, with harm's intent.
I would think that there are more efficient (in pecuniary terms) ways of disrupting american productivity, especially considering git is a decentralized system....
Are you serious? I'm Chinese and I'm like "Why would they do that?"
Before we launch into the Chinese hacking rethoric, let's looks at EADS, which was being attacked from some location in China. But why did we manage to find out?
It's either that the hackers behind the attack weren't up to snuff to cover their tracks (maybe set something up outside of China?), or it's the Chinese government trying to demonstrate that they are indeed capable of digitally attacking foreign targets. And if you got any familarity with actual Chinese people, you know they won't spill their hand just to show you what they can. That'd be...very unchinese.
Yes, Chinese people aren't overt when they cut deals. But trying to disrupt a minor target (yes, it's Github, but in the scope of the entire US, it's one service, and there are several alternatives) in a Country that owes you a lot of doe...what sense would that make? Also why only Github? Why not any of the other Repository services?
Your chinese conspiracy hypothesis really doesn't hold up well, does it?
Solstice - I speak Chinese and Japanese fluently (for 25 years, and read the newspaper in either language), and have live in both countries for a total of 7 years.
China has already been caught DDOS'ing Github, during the New Years travelling period - February this year. The ostensible reason was a flaw in some "train scheduling software", at the peak travel period. That software which had a bug resided at Github. This is well documented.
I have professionally followed the China hacking phenomenon for years, and am involved in software/security - so this is not conjecture/conspiracy.
China is the worst cyber aggressor on Earth, having stolen the entire Gaia password system from Google on Christmas Day 2010, amongst many events.
The deep level of corruption in China is amongst the worst on Earth, and is unmistakeably related to the blatant, corrupt cyber attacks 攻击 on a large percentage of businesses and infrastructure worldwide.
Additionally, you do not have a monopoly on loving and defending China. I love China very much (and fight for its reputation) - one does not research and live in China for a lifetime without growing to love it.
Fair enough, those are really insightful points, and I'll check them later. I'm pretty quick to jump to defend China, because i usually find sheer ignorance, and not a well researched point behind whatever anti-chinese statements there are. "China is evil cause it takes our jobs", "Chinese eat sh*tty food, like dogs and cats", "Chinese are evil because they are all, every single peasant, covertly plotting to hack our computers, every single one of them".
And when you get bombared with stuff like this all the time, your trigger finger becomes quicker. Also, no offense intended, but your choice of language made it seem like a giant conspiracy, which I would object to believing in given the lack of proof or points in your first post.
And on a site note, I'm actually really intrested why the chinese would indulge in such attacks. Economical harm to a Nation you're codependent on doesn't strike me as politically savy. What incentives are there for Chinese hackers to attack sites like Github, and the other busineses and infrastructures you mentioned (Google is obvious, so you can skip on that).
Just to make a very clear statement: This does nothing to my resolve to stick with GitHub. I'll just push a little later, whenever the next DDoS comes around.
This should be a non-issue for git since you can just pull from the other members of your team, but in reality few people are setup to allow others to do this.
That's fine if you only use github solely for its git service. If you use issues or gists or handling others' pull requests, you are SOL if github is down. (technically you can clone all of your gists but its a painstaking process)
Isn't Cloudflare pretty much a general purpose solution for DDoS? Is there any reason not to use them if you're often a target and don't want to deal with it yourself?
"Is there any reason not to use them if you're often a target and don't want to deal with it yourself?"
I don't think github became a target until very recently, and I imagine their corporate customers (using github enterprise) were unaffected by github.com uptime
Can it? I pull and push Github over ssh, which is an attack path that Cloudflare isn't built to mitigate. If it were strictly http and https, it would be a different story.
40 comments
[ 0.21 ms ] story [ 76.6 ms ] threadUpdate: I successfully pushed my code and the website seems to work now.
Just curious because, tomorrow this could be the case for your startup or mine..
That's why it's so important that every time we visit a computer-illiterate relative that we update their browser and operating system. Only you can prevent botnets.
Wow, that's a really good thought, mate! Personally my relatives wouldn't let me touch their computers though (:cough :cough browser history :cough :cough) :D
It's insidiously clever, and an excellent attack vector. Patiently testing/preparing for worse disruption, patiently iterating mid-level frustration. Foreigners have yet to understand just how overt corruption is in China. If China, they're handshaking and smiling at Github, with harm's intent.
Any consistent frustration to the entire Github customer base is low cost to do, and easily worth it in cyber attack cost/benefit analysis.
It's either that the hackers behind the attack weren't up to snuff to cover their tracks (maybe set something up outside of China?), or it's the Chinese government trying to demonstrate that they are indeed capable of digitally attacking foreign targets. And if you got any familarity with actual Chinese people, you know they won't spill their hand just to show you what they can. That'd be...very unchinese.
Yes, Chinese people aren't overt when they cut deals. But trying to disrupt a minor target (yes, it's Github, but in the scope of the entire US, it's one service, and there are several alternatives) in a Country that owes you a lot of doe...what sense would that make? Also why only Github? Why not any of the other Repository services?
Your chinese conspiracy hypothesis really doesn't hold up well, does it?
China has already been caught DDOS'ing Github, during the New Years travelling period - February this year. The ostensible reason was a flaw in some "train scheduling software", at the peak travel period. That software which had a bug resided at Github. This is well documented.
I have professionally followed the China hacking phenomenon for years, and am involved in software/security - so this is not conjecture/conspiracy.
China is the worst cyber aggressor on Earth, having stolen the entire Gaia password system from Google on Christmas Day 2010, amongst many events.
The deep level of corruption in China is amongst the worst on Earth, and is unmistakeably related to the blatant, corrupt cyber attacks 攻击 on a large percentage of businesses and infrastructure worldwide.
Additionally, you do not have a monopoly on loving and defending China. I love China very much (and fight for its reputation) - one does not research and live in China for a lifetime without growing to love it.
And on a site note, I'm actually really intrested why the chinese would indulge in such attacks. Economical harm to a Nation you're codependent on doesn't strike me as politically savy. What incentives are there for Chinese hackers to attack sites like Github, and the other busineses and infrastructures you mentioned (Google is obvious, so you can skip on that).
China has the capability for significant cyber warfare. They're just not interested.
Much more serious is the commercial espionage from China.
(http://www.bbc.co.uk/news/uk-politics-21769078)
I don't think github became a target until very recently, and I imagine their corporate customers (using github enterprise) were unaffected by github.com uptime