

GitHub was unavailable due to what appeared to be another DDoS attack - orrsella
https://status.github.com/

======
neya
I'm just curious, why do people generally DDoS attack websites? The cases that
I've heard mostly about are the Anonymous groups attacking government websites
because they were being unfair in certain scenarios..But why will anyone want
to DDoS attack a legitimate service like GitHub, that is infact only helping
out the community of Open Source (Free plans for Open source)?

Just curious because, tomorrow this could be the case for your startup or
mine..

~~~
fafner
Probably criminals trying to extort money from GitHub ("Cyberextortion") or
testing their bot net.

That's why it's so important that every time we visit a computer-illiterate
relative that we update their browser and operating system. Only you can
prevent botnets.

~~~
neya
>That's why it's so important that every time we visit a computer-illiterate
relative that we update their browser and operating system.

Wow, that's a really good thought, mate! Personally my relatives wouldn't let
me touch their computers though (:cough :cough browser history :cough :cough)
:D

------
DigitalSea
Yet again, another DDoS attack. This is getting ridiculous, someone has a
serious vendetta against Github to keep trying to bring it down.

~~~
Nux
Or maybe some of these anti-ddos companies are looking to make some new
customers. ;-)

~~~
tankbot
Seems odd that you were down-voted. This has been a known tactic for
unscrupulous anti-virus software vendors for more than a decade...

------
skore
Just to make a very clear statement: This does nothing to my resolve to stick
with GitHub. I'll just push a little later, whenever the next DDoS comes
around.

~~~
pyre
Finally! I was waiting to see what your opinion on this topic was, so that I
knew what my opinion should be! :P

~~~
skore
Stop downvoting this person. I deserved that.

~~~
bgray
The downvote isn't whether the comment was warranted but rather that it didn't
add value to the conversation.

~~~
skore
Well, mine didn't contribute much either - and I didn't want to pass up a
chance to make light of that.

------
olalonde
I'm surprised that I can't even push code. Do they use the same servers for
their website and Git servers!? Or are they getting DDoSed on both fronts?

 _Update:_ I successfully pushed my code and the website seems to work now.

~~~
dan_manges
They likely have separate servers running on the same network. The DDoS might
be saturating their network infrastructure rather than causing load on any
particular servers.

------
ntoshev
Isn't Cloudflare pretty much a general purpose solution for DDoS? Is there any
reason not to use them if you're often a target and don't want to deal with it
yourself?

~~~
pronoiac
Can it? I pull and push Github over ssh, which is an attack path that
Cloudflare isn't built to mitigate. If it were strictly http and https, it
would be a different story.

------
orangethirty
Maybe someone testing some exploits? Given the security issues popping around
lately one has to wonder.

------
doki_pen
I imagine the effect is amplified by people repeatedly trying to push/pull
because of the failures.

------
niggler
Has bit bucket or any other similar site seen attacks as frequent and drastic
as github ?

~~~
pyre
I imagine it's just due to popularity, unless there's some evidence that
Github isn't doing enough to protect against / recover from these attacks.

------
m4tthumphrey
Seems to be back up again now. Is getting a bit silly though.

------
teawithcarl
If this is the Chinese, they are patiently testing the limits of Github's
defenses. They've done that with nearly every Google product in China,
gradually beating back Google's prestige and market share.

It's insidiously clever, and an excellent attack vector. Patiently
testing/preparing for worse disruption, patiently iterating mid-level
frustration. Foreigners have yet to understand just how overt corruption is in
China. If China, they're handshaking and smiling at Github, with harm's
intent.

~~~
solistice
Are you serious? I'm Chinese and I'm like "Why would they do that?" Before we
launch into the Chinese hacking rethoric, let's looks at EADS, which was being
attacked from some location in China. But why did we manage to find out?

It's either that the hackers behind the attack weren't up to snuff to cover
their tracks (maybe set something up outside of China?), or it's the Chinese
government trying to demonstrate that they are indeed capable of digitally
attacking foreign targets. And if you got any familarity with actual Chinese
people, you know they won't spill their hand just to show you what they can.
That'd be...very unchinese.

Yes, Chinese people aren't overt when they cut deals. But trying to disrupt a
minor target (yes, it's Github, but in the scope of the entire US, it's one
service, and there are several alternatives) in a Country that owes you a lot
of doe...what sense would that make? Also why only Github? Why not any of the
other Repository services?

Your chinese conspiracy hypothesis really doesn't hold up well, does it?

~~~
teawithcarl
Solstice - I speak Chinese and Japanese fluently (for 25 years, and read the
newspaper in either language), and have live in both countries for a total of
7 years.

China has already been caught DDOS'ing Github, during the New Years travelling
period - February this year. The ostensible reason was a flaw in some "train
scheduling software", at the peak travel period. That software which had a bug
resided at Github. This is well documented.

I have professionally followed the China hacking phenomenon for years, and am
involved in software/security - so this is not conjecture/conspiracy.

China is the worst cyber aggressor on Earth, having stolen the entire Gaia
password system from Google on Christmas Day 2010, amongst many events.

The deep level of corruption in China is amongst the worst on Earth, and is
unmistakeably related to the blatant, corrupt cyber attacks 攻击 on a large
percentage of businesses and infrastructure worldwide.

Additionally, you do not have a monopoly on loving and defending China. I love
China very much (and fight for its reputation) - one does not research and
live in China for a lifetime without growing to love it.

~~~
solistice
Fair enough, those are really insightful points, and I'll check them later.
I'm pretty quick to jump to defend China, because i usually find sheer
ignorance, and not a well researched point behind whatever anti-chinese
statements there are. "China is evil cause it takes our jobs", "Chinese eat
sh*tty food, like dogs and cats", "Chinese are evil because they are all,
every single peasant, covertly plotting to hack our computers, every single
one of them". And when you get bombared with stuff like this all the time,
your trigger finger becomes quicker. Also, no offense intended, but your
choice of language made it seem like a giant conspiracy, which I would object
to believing in given the lack of proof or points in your first post.

And on a site note, I'm actually really intrested why the chinese would
indulge in such attacks. Economical harm to a Nation you're codependent on
doesn't strike me as politically savy. What incentives are there for Chinese
hackers to attack sites like Github, and the other busineses and
infrastructures you mentioned (Google is obvious, so you can skip on that).

