GitHub Gets Hit with Massive DDoS Attack

gitbub

GitHub, the popular US coding website, is in the midst of dealing with the largest distributed denial of service (DDoS) attack in the website’s history.

The attack is believed to originate from China, as a surge in traffic intended for Baidu, China’s largest search engine, has been paralysing GitHub for the duration of the attack. The coding website used by programmers and tech firms to develop and share tools has been working overtime in an attempt to alleviate access problems.

GitHub says the attack “involves a wide combination of attack vectors,” which “includes every vector we’ve seen in previous attacks as well as some sophisticated new techniques that use the web browsers of unsuspecting, uninvolved people to flood github.com with high levels of traffic.”

“Based on reports we’ve received, we believe the intent of this attack is to convince us to remove a specific class of content,” GitHub says.

It is possible this “specific class” of content may be related to China. Two particular GitHub content areas being targeted are run by Greatfire.org and the New York Times, both of which are censored in China. Greatfire.org is an anticensorship organization that distributes tools to help Chinese citizens navigate around the country’s strict censorship controls.

Anthr@x, Chinese security specialist, believes the attack can be attributed to HTTP hijacking, and that block code execution was used to prevent looping. “A certain device at the border of China’s inner network and the Internet has hijacked the HTTP connections went into China, replaced some javascript files from Baidu with malicious ones that would load every two seconds,” stated the security researcher.

According to a recent GitHub tweet, the website has “adjusted mitigation tactics and are observing improved TCP performance for the majority of non-attack traffic.” Now four days into the attack, the measures being taken by GitHub to resolve the attack seem to be working.