Github is under massive DDOS attack coming from China. This attack started on 26 March 2015, and the main attacker is Baidu. On it’s service status page, Github posted on 26 March this message:
We’ve identified and mitigated a DoS attack that was impacting service. Service is recovering and we are monitoring the situation
On a Hacker News discussion we found who’s attacking Github and how this DDOS attack really work. It seems that Github is attacked from China, and the main attacker is Baidu, a serch engine, the Chineese version of Google.
According to “dengnan”, a Hacker News commenter:
Baidu has Baidu Analytics, a service similar to Google Analytics. In short, a website includes a javascript file from Baidu and Baidu will report some basic analytics to the site manager like how many visitors per day, how much time they spent on average per page etc.
Someone in the middle between a client outside China and Baidu, allegedly it should be the Great Fire Wall, changed the javascript file from Baidu and added some code so that any client executing the javascript file will periodically access https://github.com/greatfire/ and https://github.com/cn-nytimes/. This means any user who is accessing a site using Baidu Analytics will be an attacker to github.
Here is a simple solution: Block any javascript from Baidu if you do not use it. For chrome users, add the pattern [*.]baidu.com.
You can fint the latest Github Service Statuses below:
Github Status Messages
Today
8:18 UTC The ongoing DDoS attack has changed tactics. We are experiencing intermittent service outages and working to mitigate.
8:05 UTC Minor service outage.
6:34 UTC While the attack is ongoing, mitigation continues to hold and service is stable. We remain on high alert in case the attack evolves.
0:50 UTC Into hour 71 defending the attack. Mitigation is holding and service is stable.Yesterday, March 28, 2015
16:18 UTC We are working to mitigate an ongoing and evolving large DDoS attack.
10:00 UTC The ongoing DDoS attack has shifted again to include Pages and assets. We are updating our defenses to match.
4:46 UTC The ongoing DDoS attack has adjusted tactics again. We are continuing to adapt and mitigate it.
2:30 UTC The ongoing DDoS attack has shifted to include Pages and assets. We are updating our defenses to match.March 27, 2015
22:41 UTC We are continuing to defend GitHub against a very large DDoS attack.
19:23 UTC The on-going DDoS attack now includes GitHub Pages. We are working to mitigate any service disruption.
15:49 UTC We’re aware that GitHub.com is intermittently unavailable for some users during the ongoing DDoS. Restoring service for all users while deflecting attack traffic is our number one priority.
15:04 UTC We’ve deployed our volumetric attack defenses against an extremely large amount of traffic. Performance is stabilizing.
14:45 UTC The attack has ramped up again, and we’re evolving our mitigation strategies to match.
12:33 UTC The DDoS attack is still ongoing, but connectivity is back to normal as we continue mitigation. We’re keeping a close eye on our traffic for any abnormalities.
10:00 UTC We continue to respond to an ongoing DDoS attack. Some users may experience intermittent connectivity with git operations as we mitigate the problem.
8:31 UTC At this time we’re fully operational but we’re still mitigating the ongoing DDoS attack and there may be intermittent connectivity issues as we continue working on the problem
7:25 UTC Everything operating normally.
6:29 UTC The DDoS attack is amplifying again. We are working to mitigate with all hands on deck.
5:29 UTC Everything operating normally.
3:35 UTC We’ve been under continuous DDoS attack for 24+ hours. The attack is evolving, and we’re all hands on deck mitigating.
2:22 UTC We are investigating increased error rates as an incoming DDoS amplifies their attack.
2:18 UTC Minor service outage.March 26, 2015
2:08 UTC We’ve identified and mitigated a DoS attack that was impacting service. Service is recovering and we are monitoring the situation