I know this isn’t the kind of news Linux fans were hoping to read on Christmas Day, but unfortunately, on a day meant for faith, kindness, and hope, others are choosing to act in exactly the opposite way.
Many of you probably remember the problems Arch faced just a few months ago due to massive DDoS attacks, which mainly affected the AUR. Sadly, just when it seemed those issues were behind, a new large-scale DDoS attack on Christmas Day once again made the distribution’s website effectively inaccessible.
I had a ddos in 01, took the entire cluster down for a fairly popular website.
Traffic distribution was very wide; everything was on port 80.
All the traffic would come in, smack the front page, then disappear.
Turns out marketing had purchased an ad on MSN which was a hot search engine at the time, we were supposed to be the top link for any search with “school, education, classes, tutoring”. MSN accidentally made us the top link for EVERY search term. My T1 and my BGP frame connection were balls to the wall for 3 days.
OBV, this isn’t marketing, but they’re not a great target. No one’s getting any money from it, They don’t have any stiff corporate competition.
All this over Pascal support?!?!
I know the Arch community is kind of rough, but any reason we know of that they’re being targeted? Feels like a weird target for any major actors to prioritize for destabilization.
I seem to recall hearing speculation that the person behind this had their AUR packages deleted because they were posting malware. I’ve only heard this second-hand so it could be complete bullshit, but it seems plausible given some of the fucking adult babies we have out in the world.
Anybody more tech-savvy than my grandma can order botnet attacks nowadays. And due to it’s memed community it’s an obvious target.
On a more tinfoil hat note: Arch is the base of SteamOS…
SteamOS builds off arch pretty rarely so unless they plan on ddosing for 6 months this doesnt impact steamOS at all.
Its probably someone who got banned from the community trying to make a statement.
I know (or more honestly guessed so). It was meant to be a joke, hence the tinfoil hat reference ;)
DDoS is cheap to buy on the dark web it could be anybody with a grudge and a few thousand USD. It often costs more to mitigate the attacks than to launch them.
Arch community is kind of rough
What?
We’re kinda famous for not exactly being welcoming, and it’s not undeserved.
I feel like this all started around that time that there was that article that mentioned the most popular desktop environments on Arch Linux from repo stats where KDE plasma was the highest with over double gnome.
Clearly gnome foundation salty
Would it be possible for an average user like me to host the whole AUR and the whole Arch Wiki to make it available at times like this? I’m already seeding a couple of Arch isos (not pirate lingo).
I just want to help out.
Arch aur mirror might be the searchable term you want to find out.
Why ipv6 only though? Is there something about it that makes it more resilient to DDOS? If a device on the botnet has both ipv4 and ipv6 I don’t see how it’s mitigated
deleted by creator
