40 comments

[ 0.21 ms ] story [ 76.6 ms ] thread
Yet again, another DDoS attack. This is getting ridiculous, someone has a serious vendetta against Github to keep trying to bring it down.
I bet they just want to cause disruption to any people/businesses that rely on it rather than having anything against GitHub.
SourceForge are getting desperate at this point.
Or maybe some of these anti-ddos companies are looking to make some new customers. ;-)
Seems odd that you were down-voted. This has been a known tactic for unscrupulous anti-virus software vendors for more than a decade...
Seems to be back up again now. Is getting a bit silly though.
Maybe someone testing some exploits? Given the security issues popping around lately one has to wonder.
I'm surprised that I can't even push code. Do they use the same servers for their website and Git servers!? Or are they getting DDoSed on both fronts?

Update: I successfully pushed my code and the website seems to work now.

They likely have separate servers running on the same network. The DDoS might be saturating their network infrastructure rather than causing load on any particular servers.
I'm just curious, why do people generally DDoS attack websites? The cases that I've heard mostly about are the Anonymous groups attacking government websites because they were being unfair in certain scenarios..But why will anyone want to DDoS attack a legitimate service like GitHub, that is infact only helping out the community of Open Source (Free plans for Open source)?

Just curious because, tomorrow this could be the case for your startup or mine..

Probably criminals trying to extort money from GitHub ("Cyberextortion") or testing their bot net.

That's why it's so important that every time we visit a computer-illiterate relative that we update their browser and operating system. Only you can prevent botnets.

>That's why it's so important that every time we visit a computer-illiterate relative that we update their browser and operating system.

Wow, that's a really good thought, mate! Personally my relatives wouldn't let me touch their computers though (:cough :cough browser history :cough :cough) :D

Besides, "just for fun" or to "show off" (capability of your botnet for example) it can be a competition of either Github or their hosting providers.
GitHub hosts tons of projects and pieces of information. Maybe the question shouldn't be "why does someone hate GitHub?" and should be "which of Github's projects upset someone?"
It could be a diversion for another attack. If there is currently a ddos going on, other suspicious behavior is more likely to be overlooked.
Has bit bucket or any other similar site seen attacks as frequent and drastic as github ?
I imagine it's just due to popularity, unless there's some evidence that Github isn't doing enough to protect against / recover from these attacks.
If this is the Chinese, they are patiently testing the limits of Github's defenses. They've done that with nearly every Google product in China, gradually beating back Google's prestige and market share.

It's insidiously clever, and an excellent attack vector. Patiently testing/preparing for worse disruption, patiently iterating mid-level frustration. Foreigners have yet to understand just how overt corruption is in China. If China, they're handshaking and smiling at Github, with harm's intent.

What would motivation be for this?
Decrease in American productivity, no matter how small. Might do major damage if they get lucky.
I would think that there are more efficient (in pecuniary terms) ways of disrupting american productivity, especially considering git is a decentralized system....
How naive non-Chinese are to the level of blunt corruption - Github is a global crown jewel, similar in infrastructure to Google products.

Any consistent frustration to the entire Github customer base is low cost to do, and easily worth it in cyber attack cost/benefit analysis.

Are you serious? This reads like weird propaganda.
Are you serious? I'm Chinese and I'm like "Why would they do that?" Before we launch into the Chinese hacking rethoric, let's looks at EADS, which was being attacked from some location in China. But why did we manage to find out?

It's either that the hackers behind the attack weren't up to snuff to cover their tracks (maybe set something up outside of China?), or it's the Chinese government trying to demonstrate that they are indeed capable of digitally attacking foreign targets. And if you got any familarity with actual Chinese people, you know they won't spill their hand just to show you what they can. That'd be...very unchinese.

Yes, Chinese people aren't overt when they cut deals. But trying to disrupt a minor target (yes, it's Github, but in the scope of the entire US, it's one service, and there are several alternatives) in a Country that owes you a lot of doe...what sense would that make? Also why only Github? Why not any of the other Repository services?

Your chinese conspiracy hypothesis really doesn't hold up well, does it?

Solstice - I speak Chinese and Japanese fluently (for 25 years, and read the newspaper in either language), and have live in both countries for a total of 7 years.

China has already been caught DDOS'ing Github, during the New Years travelling period - February this year. The ostensible reason was a flaw in some "train scheduling software", at the peak travel period. That software which had a bug resided at Github. This is well documented.

I have professionally followed the China hacking phenomenon for years, and am involved in software/security - so this is not conjecture/conspiracy.

China is the worst cyber aggressor on Earth, having stolen the entire Gaia password system from Google on Christmas Day 2010, amongst many events.

The deep level of corruption in China is amongst the worst on Earth, and is unmistakeably related to the blatant, corrupt cyber attacks 攻击 on a large percentage of businesses and infrastructure worldwide.

Additionally, you do not have a monopoly on loving and defending China. I love China very much (and fight for its reputation) - one does not research and live in China for a lifetime without growing to love it.

Fair enough, those are really insightful points, and I'll check them later. I'm pretty quick to jump to defend China, because i usually find sheer ignorance, and not a well researched point behind whatever anti-chinese statements there are. "China is evil cause it takes our jobs", "Chinese eat sh*tty food, like dogs and cats", "Chinese are evil because they are all, every single peasant, covertly plotting to hack our computers, every single one of them". And when you get bombared with stuff like this all the time, your trigger finger becomes quicker. Also, no offense intended, but your choice of language made it seem like a giant conspiracy, which I would object to believing in given the lack of proof or points in your first post.

And on a site note, I'm actually really intrested why the chinese would indulge in such attacks. Economical harm to a Nation you're codependent on doesn't strike me as politically savy. What incentives are there for Chinese hackers to attack sites like Github, and the other busineses and infrastructures you mentioned (Google is obvious, so you can skip on that).

Just to make a very clear statement: This does nothing to my resolve to stick with GitHub. I'll just push a little later, whenever the next DDoS comes around.
Finally! I was waiting to see what your opinion on this topic was, so that I knew what my opinion should be! :P
Stop downvoting this person. I deserved that.
The downvote isn't whether the comment was warranted but rather that it didn't add value to the conversation.
Well, mine didn't contribute much either - and I didn't want to pass up a chance to make light of that.
This should be a non-issue for git since you can just pull from the other members of your team, but in reality few people are setup to allow others to do this.
Would be neat if their Github desktop apps would set this up p2p automatically.
Yep, good idea, they could take Organizations you are a member of and provide remotes for each person in that org for you.
That's fine if you only use github solely for its git service. If you use issues or gists or handling others' pull requests, you are SOL if github is down. (technically you can clone all of your gists but its a painstaking process)
I imagine the effect is amplified by people repeatedly trying to push/pull because of the failures.
Isn't Cloudflare pretty much a general purpose solution for DDoS? Is there any reason not to use them if you're often a target and don't want to deal with it yourself?
"Is there any reason not to use them if you're often a target and don't want to deal with it yourself?"

I don't think github became a target until very recently, and I imagine their corporate customers (using github enterprise) were unaffected by github.com uptime

Can it? I pull and push Github over ssh, which is an attack path that Cloudflare isn't built to mitigate. If it were strictly http and https, it would be a different story.