GitHub suffered under an experienced and prolonged distributed denial of service (DDoS) attack that appears to be delivered from China.
“We’ve been under continuous DDoS attack for 24+ hours. The attack is evolving, and we’re all hands on deck mitigating,” the platform’s administrators said in status statement. “The DDoS attack is amplifying again. We are working to mitigate with all hands on deck.
“At this time we’re fully operational but we’re still mitigating the ongoing DDoS attack and there may be intermittent connectivity issues as we continue working on the problem,” another status update stated. “Some users may experience intermittent connectivity with git operations as we mitigate the problem.”
ThreatPost reports that the DDoS traffic is mainly coming from Chinese ISP Baidu, and that the attackers are using malicious scripts deployed around the web that have been “hijacked to send traffic to a pair of URLs on GitHub.”
Dave Larson, CTO of Corero Network Security, said: “From what GitHub have disclosed it looks like the DDoS attacks targeted at their networks followed a very typical progression. It is not unusual for attackers to probe a site with different attack vectors to figure out what type of vulnerabilities exist.
“It is likely that as the attacker(s) saw that GitHub were able to stop one type of DDoS attack they modified the characteristics of the attack until the website and services were again impacted. A second wave of attacks, just a day later, is also a common sequence, more than likely coming from the same source, having already analysed how GitHub would likely react in trying to mitigate the attack, the second wave of DDoS attacks do appear to have been successful in taking down the site.”