GitHub Mitigates Yet Another DDoS Attack
The worlds largest code repository, Github, mitigated yet another sizable distributed denial of service (DDoS) attack earlier this morning, resorting access back to their service around 9 a.m. Eastern time.
According to GitHub’s public status log, connectivity problems emerged earlier today around 5:30 a.m. when nearly an hour after, Github announced they were under a DDoS attack. However the attack was short-lived, roughly four hours after the attack, Github had successfully resorted access back to their services.
Github has not yet responded to the attack, but it remains unknown where the attack originated and whether or not they are related to the relentless attacks that plagued the service earlier this year.
Previous attacks occurred back in March, when China-based servers were caught sending massive attacks to the Github service that lasted nearly seven days long. Rather than using attack tools, the earlier Github DDoS attack involved the use of malicious JavaScript to hijack traffic from victims around the world that would then redirect their traffic Githubs servers.
Github’s earlier DDoS attacks carried similar characteristics linked to another attack against an anti-censorship website GreatFire.org, that was later discovered to be initiated by the Chinese government, experts said. The GreatFire.org website contains a barrage of anti-censorship tools and monitors censored websites and keywords inside China.
“Millions of global internet users, visiting thousands of websites hosted inside and outside China, were randomly receiving malicious code which was used to launch cyberattacks against GreatFire.org’s websites,” the Greatfire.org analysis said. “Baidu’s Analytics code (h.js) was one of the files replaced by malicious code which triggered the attacks. Baidu Analytics, akin to Google Analytics, is used by thousands of websites. Any visitor to any website using Baidu Analytics or other Baidu resources would have been exposed to the malicious code.”
Jesse Newland, a Github systems engineer said the March attacks were the largest in the site’s history, and attackers’ motive was to convince Guthub to remove a “specific class of content.”
It remains unknown the size of today’s attack or any motive behind the recent Github DDoS attack.