I really wish they would post what the attacker wants removed so we could mirror it, post it, etc. The streisand effect is a good response to things like this I think.
It appears that the first attack was targeted at https://github.com/cn-nytimes/ and https://github.com/greatfire/ [1]. Accessing these two pages still responds with `alert("WARNING: malicious javascript detected on this domain")` which is supposed to be executed on the (innocent) client's browser.
https://github.com/blog/1981-large-scale-ddos-attack-on-gith...