I know this isn’t the kind of news Linux fans were hoping to read on Christmas Day, but unfortunately, on a day meant for faith, kindness, and hope, others are choosing to act in exactly the opposite way.
Many of you probably remember the problems Arch faced just a few months ago due to massive DDoS attacks, which mainly affected the AUR. Sadly, just when it seemed those issues were behind, a new large-scale DDoS attack on Christmas Day once again made the distribution’s website effectively inaccessible.
I had a ddos in 01, took the entire cluster down for a fairly popular website.
Traffic distribution was very wide; everything was on port 80.
All the traffic would come in, smack the front page, then disappear.
Turns out marketing had purchased an ad on MSN which was a hot search engine at the time, we were supposed to be the top link for any search with “school, education, classes, tutoring”. MSN accidentally made us the top link for EVERY search term. My T1 and my BGP frame connection were balls to the wall for 3 days.
OBV, this isn’t marketing, but they’re not a great target. No one’s getting any money from it, They don’t have any stiff corporate competition.
Why ipv6 only though? Is there something about it that makes it more resilient to DDOS? If a device on the botnet has both ipv4 and ipv6 I don’t see how it’s mitigated
I just figured the chances of the devices in a botnet being ipv6 is like 5% or less
Would it be possible for an average user like me to host the whole AUR and the whole Arch Wiki to make it available at times like this? I’m already seeding a couple of Arch isos (not pirate lingo).
I just want to help out.
The AUR is already officially mirrored on GitHub, at least since the last attack (that I heard of).
For the Wiki, I’m not sure if database dumps are provided for people to provide proper mediawiki mirrors. If they’re not, you should propose the idea. It’s a good one (as long as the dumps themselves are not hosted in one place that can be DDoS-ed itself).
That would be alot of work (and some space) but should be doable.
But just for your personal access to the wiki
archwiki-offlineandarch-wiki-searchalready exist (in the AUR).Arch aur mirror might be the searchable term you want to find out.
I know the Arch community is kind of rough, but any reason we know of that they’re being targeted? Feels like a weird target for any major actors to prioritize for destabilization.
Arch community is kind of rough
What?
I’ve heard sometimes arbitrary targets are chosen to demonstrate capabilities. It’s marketing.
Anybody more tech-savvy than my grandma can order botnet attacks nowadays. And due to it’s memed community it’s an obvious target.
On a more tinfoil hat note: Arch is the base of SteamOS…
SteamOS builds off arch pretty rarely so unless they plan on ddosing for 6 months this doesnt impact steamOS at all.
Its probably someone who got banned from the community trying to make a statement.
I know (or more honestly guessed so). It was meant to be a joke, hence the tinfoil hat reference ;)
I feel like this all started around that time that there was that article that mentioned the most popular desktop environments on Arch Linux from repo stats where KDE plasma was the highest with over double gnome.
Clearly gnome foundation salty
The attacks started before that retarded non-news post. And no one actually cares about DE’s, other that youngings still in their hopping phase.
with some interactions I’ve seen from GNOME fanboys on mastodon…honestly wouldn’t put it past them. /s
I seem to recall hearing speculation that the person behind this had their AUR packages deleted because they were posting malware. I’ve only heard this second-hand so it could be complete bullshit, but it seems plausible given some of the fucking adult babies we have out in the world.
AUR malware and DDoS attacks are not even correlated, for there to be any minimally credible speculation about causation.
Such “speculation” would only come from someone very unintelligent who would see two news items about X within a smallish time frame (weeks), then obtusely start drawing connection lines between them where there is probably* none.
* We don’t know who the malware spreaders or the DDoS attackers are. So we can’t be 100% certain about anything. But indications point to script kiddies being behind AUR malware attempts. And a more sophisticated entity behind the DDoS attacks, not just some kid or an adult with a grudge paying a botnet, like some are sillily suggesting. One should also not forget that there was always the conspiracy theory that DDoS protection service providers are behind most DDoS attacks (before AI crawlers accidentally took that crown).
You don’t have to be an adult to post malware and hire DDoS botnets
DDoS is cheap to buy on the dark web it could be anybody with a grudge and a few thousand USD. It often costs more to mitigate the attacks than to launch them.
did Manjaro do this
