GitHub suffers 'largest DDoS' attack in site's history

US coding website GitHub is fending off a DDoS onslaught focused on shutting down anticensorship tools.
Written by Charlie Osborne, Contributing Writer

GitHub is suffering a DDoS attack deemed the largest in the website's history and believed to originate from China.

The coding website is a popular repository for projects from game engines to security applications and web app frameworks, and is used by programmers and tech firms to develop and share tools. Since Thursday, the website has been under fire in a DDoS attack of a scale which has forced GitHub staff to rally and attempt to mitigate access problems.

In a blog post last week, GitHub said the distributed denial of service (DDoS) attack is the largest in github.com's history. Beginning on March 26, at the time of writing the onslaught is yet to end.

GitHub says the attack "involves a wide combination of attack vectors," which "includes every vector we've seen in previous attacks as well as some sophisticated new techniques that use the web browsers of unsuspecting, uninvolved people to flood github.com with high levels of traffic."

"Based on reports we've received, we believe the intent of this attack is to convince us to remove a specific class of content," GitHub says.

The "specific class" of content may be related to China. As reported by the Wall Street Journal, GitHub's traffic surge is based on visits intended for China's largest search engine, Baidu. Security experts told the publication that the vast levels of traffic intended for Baidu has paralyzed GitHub over the DDoS attack's duration.

Specifically, two particular sections of GitHub have been targeted. One content area is run by Greatfire.org, an anticensorship organization which releases tools to help Chinese citizens circumvent the county's stringent censorship controls -- known colloquially as the "Great Firewall of China. The second links to copies of the New York Time's Chinese language website and other banned domains.

Chinese security specialist Anthr@x from Insight Labs, currently living outside of the country, said when using Baidu at the time of the first attack, "my first thought was someone naughty XSSed the page," and after further inspection, discovered the page was trying to load two URLs: github.com/greatefire/ and github.com/cn-nytimes/ every few seconds.

Anth@x believes the attack was due to HTTP hijacking, and "a certain device at the border of China's inner network and the Internet has hijacked the HTTP connections went into China, replaced some javascript files from Baidu with malicious ones that would load every two seconds." Block code execution was also apparently used to prevent looping. The security researcher states:

"In other words, even people outside China are being weaponized to target things the Chinese government does not like, for example, freedom of speech."

Both Greatfire.org and the New York Times are censored in China.

According to tweeted GitHub status updates, the website has "adjusted mitigation tactics and are observing improved TCP performance for the majority of non-attack traffic." 87 hours into the attack, the mitigation techniques appear to be working.


In a statement, Baidu denied involvement in the attack, and the firm "was not intentionally involved in any traffic redirection."

Read on: In the world of security

Read on: Fixes and Flaws

Editorial standards