
GitHub hit by DDoS attack second day in a row - feronull
http://thenextweb.com/insider/2012/10/19/github-hit-by-ddos-attack-second-day-in-a-row/
======
redsymbol
Maybe it's because I just personally identify with the founders of github
(i.e. entrepreneurial sw engineers), but I'm starting to get mad at whoever
keeps doing this. Here's hoping that with all the smart people this is
affecting, the people responsible will be tracked down and exposed.

~~~
carlosaguayo
may whoever is doing this be doomed to use SVN the rest of their lives ...

~~~
richadams
SVN's too good for 'em.. let them use Visual Source Safe forever.

~~~
didip
Visual Source Safe is too good for 'em.. may they be doomed to emailing .patch
files forever.

~~~
alaaibrahim
Emailing .patch files is better than VSS :-)

------
codinghorror
Can we please use some of that 100 million investment to buy an infrastructure
that is more resilient to these kinds of DDoS attacks?

Pretty please?

This is a service I pay for and my business relies on. Having it down three
times in three days impacts our work.

~~~
bkanber
Did it really impact your work, other than slightly inconveniencing you?

"UGH GitHub down again, I guess I have to go work on something equally as
important for upwards of an hour"

I call shenanigans on you, good sir.

~~~
codinghorror
Since when is it OK for the services I rely on and pay for to even slightly
inconvenience me ... for three days in a row?

Since never. At least for businesses that want to remain an ongoing concern.

~~~
bkanber
Devil's avocado here: let's say you pay $100/mo for a gym membership and they
shut down three days in a row because somebody called in a threat. How upset
would you be at the gym?

A malicious attack by a third party is different from, say, the gym allowing
black mold to grow in the locker room. I'd quit a gym if they had black mold.
That's mismanagement. I wouldn't quit a gym if malicious third party
intervention inconvenienced me.

Besides, GitHub is obviously more concerned about this than you or I could
ever be. And having money doesn't make infrastructure magically appear.

I pay GitHub too. My company relies on it. I, too, was slightly inconvenienced
this week. I was also slightly inconvenienced when I had to make a u-turn
because the Battery Tunnel southbound on-ramp was closed. So what?

In summary: shenanigans! Good day sir!

~~~
Tobu
What makes DDOSes different from black mold? Both are expected risks and
should be mitigated. Yeah, there are sentient actors behind the DDOS, but
GitHub has to deal with it at the level of their infrastructure either way.

~~~
bkanber
The fact that there are sentient actors behind the DDoS _is_ the difference.

You can reliably predict and protect against things like network outages,
server failures, full datacenter failures (black mold)--you can directly
measure their impact and plan failover paths. A DB server goes out? Whatever!
That's why you have a hot backup or two online and ready to go.

What you can't predict is exactly how far a malicious third party will go to
hurt you. You can't predict how many dollars they'll spend on their botnet
minutes. You don't know if they're going to attack your infrastructure or the
DNS. Can buying more bandwidth fix the problem? If so, how much more? And will
the attacker simply up the ante when they see that you're recovering? Can
filtering requests fix the problem? If so, will the attacker provision
different resources to attack you with?

This isn't simply a matter of infrastructure, buying the right equipment, or
setting things up "just right" precisely because there is a sentient actor
trying to hurt you. It's more like a game of chess.

------
peripetylabs
Perhaps I'm misunderstanding: I thought one goal of DVCS was to remove central
points of failure? In that sense, isn't a central "hub" regressive?

I wonder if there's a way to host Git repositories with static files, say, on
Amazon S3... That would be neat.

~~~
mattdeboard
>Perhaps I'm misunderstanding: I thought one goal of DVCS was to remove
central points of failure? In that sense, isn't a central "hub" regressive?

This meme is getting really, really tiresome. Github being down is NOT a
central point of failure. Most people know that setting up your own git server
is trivial, literally a 3-4 step process. We know that we don't lose our
files, our history, our working tree, etc.

The "git" in Github is easily replaced. The "hub" part has its own value. The
communication tools, the well-presented diffs, the inline-editing capability,
issues, wiki, etc. That's the value people are gnashing their teeth over.

~~~
peripetylabs
So it seems we agree. I was asking: why use Github at all? Most of the value
added of Github can be done with CSS and simple network analysis.

~~~
mattdeboard
Because why reinvent the wheel?

------
ihuman
Who would try to disable github?

~~~
boomzilla
It could just be some rogue deployment script running from EC2 that are a
little more active that it should be. Imagine someone is deploying their 1GB
repo from GitHub to 100 small EC2 instances :)

~~~
Cherian
My startup cucumbertown.com is hit with similar issues.

Initially we blocked all Ec2[1] & spamhaus ip list. But then realized
Flipboard proxies[2], some blog aggregation proxies etc are based on Ec2
machines.

What would be a good way to block such rogue machines? Is there a community
sponsored list or Ec2/Rackspace ips that are creating issues?

<https://forums.aws.amazon.com/ann.jspa?annID=1528>

<http://flipboard.com/browserproxy/>

~~~
Caballera
Banks were being hit the first week of October, then I know some VoIP servers
were being hit such as Callcentric by DDoS. I can see why the banks were hit,
but not why so many much smaller businesses are being attacked.

~~~
RileyJames
I would think being small(er) and having 100M in the bank makes github a
pretty good target, unfortunately.

------
didip
I can't wait to read their post-mortem. Must be pretty exciting.

------
w1ntermute
It's pretty crazy how just a couple thousand LOICs can incapacitate a site as
prominent as GitHub. I wonder how many machines are involved this time.

~~~
dsl
LOIC is pretty easy to filter, it's about a 1 out of 10 on the difficulty
scale. Either GitHub as a whole is technically incompetent, or they are
getting hit with something built by big kids.

------
onyxraven
Anyone else having trouble connecting to GitHub via SSH from AWS?

~~~
kmfrk
Just SSH in general. I can't push to my repo from my laptop in most cases.

------
jsanroman
Maybe I'm naive, but could they be stealing someone's code? Otherwise I think
it's just someone who's trying to prove something.

~~~
arcatek
You can't steal anything by DDoSing. You could only kill the servers until the
next reboot ... and all over again.

No data will be compromised, but it will still be a pain in the .. head.

