Menu
GitHub recovering from massive DDoS attacks

GitHub recovering from massive DDoS attacks

The attacks were aimed at two GitHub-hosted projects fighting Chinese censorship

Software development platform GitHub said it was still experiencing intermittent outages from the largest cyberattack in its history but had halted most of the attack traffic.

Starting on Thursday, GitHub was hit by distributed denial-of-service (DDoS) attacks that sent large volumes of Web traffic to the site, particularly towards two Chinese anti-censorship projects hosted there.

Over the next few days, the attackers changed their DDoS tactics as GitHub defended the site, but as of Sunday, it appears the site was mostly working.

A GitHub service called Gists, which lets people post bits of code, was still affected, it said. On Twitter, GitHub said it continued to adapt its defenses.

The attacks appeared to focus specifically on two projects hosted on GitHub, according to a blogger who goes by the nickname of Anthr@X on a Chinese- and English-language computer security forum.

One project mirrors the content of The New York Times for Chinese users, and the other is run by Greatfire.org, a group that monitors websites censored by the Chinese government and develops ways for Chinese users to access banned services.

China exerts strict control over Internet access through its "Great Firewall," a sophisticated ring of networking equipment and filtering software. The country blocks thousands of websites, including ones such as Facebook and Twitter and media outlets such as The Wall Street Journal, The New York Times and Bloomberg.

Anthr@X wrote that it appeared advertising and tracking code used by many Chinese websites appeared to have been modified in order to attack the GitHub pages of the two software projects.

The tracking code was written by Baidu, but it did not appear the search engine -- the largest in China -- had anything to do with it. Instead, Anthr@X wrote that some device on the border of China's inner network was hijacking HTTP connections to websites within the country.

The Baidu tracking code had been replaced with malicious JavaScript that would load the two GitHub pages every two seconds. In essence, it means the attackers had roped in regular Internet users into their attacks without them knowing.

"In other words, even people outside China are being weaponized to target things the Chinese government does not like, for example, freedom of speech," Anthr@X wrote.

GitHub has not laid blame for the attacks, writing on Saturday that "based on reports we've received, we believe the intent of this attack is to convince us to remove a specific class of content."

The attackers used a wide variety of methods and tactics, including new techniques "that use the web browsers of unsuspecting, uninvolved people to flood github.com with high levels of traffic," GitHub said.

In late December, China cut off all access to Google's Gmail service, after blocking Facebook's Instagram app, and the phone messaging app Line. A month prior, it appeared many non-political sites supported by the U.S. content delivery network EdgeCast Network were blocked. EdgeCast may have been a casualty because its cloud services are often used to host mirror sites for ones that have been banned.

Send news tips and comments to jeremy_kirk@idg.com. Follow me on Twitter: @jeremy_kirk


Follow Us

Join the New Zealand Reseller News newsletter!

Error: Please check your email address.

Tags GitHubsecurity

Featured

Slideshows

Kiwi channel comes together for another round of After Hours

Kiwi channel comes together for another round of After Hours

The channel came together for another round of After Hours, with a bumper crowd of distributors, vendors and partners descending on The Jefferson in Auckland. Photos by Maria Stefina.​

Kiwi channel comes together for another round of After Hours
Consegna comes to town with AWS cloud offerings launch in Auckland

Consegna comes to town with AWS cloud offerings launch in Auckland

Emerging start-up Consegna has officially launched its cloud offerings in the New Zealand market, through a kick-off event held at Seafarers Building in Auckland.​ Founded in June 2016, the Auckland-based business is backed by AWS and supported by a global team of cloud specialists, leveraging global managed services partnerships with Rackspace locally.

Consegna comes to town with AWS cloud offerings launch in Auckland
Veritas honours top performing trans-Tasman partners

Veritas honours top performing trans-Tasman partners

Veritas honoured its top performing partners across the channel in Australia and New Zealand, recognising innovation and excellence on both sides of the Tasman. Revealed under the Vivid lights in Sydney, Intalock claimed the coveted Partner of the Year 2017 (Pacific) award, with Data#3 acknowledged for 12 months of strong growth across the market. Meanwhile, Datacom took home the New Zealand honours, with Global Storage and Insentra winning service provider and consulting awards respectively. Dicker Data was recognised as the standout distributor of the year, while Hitachi Data Systems claimed the alliance partner award. Photos by Bob Seary.

Veritas honours top performing trans-Tasman partners
Show Comments