Massive DDoS against GitHub continues

Popular web-based Git repository hosting service GitHub has been battling a massive DDoS attack – the biggest they have ever experienced – for the last four days.

“The attack began around 2AM UTC on Thursday, March 26, and involves a wide combination of attack vectors. These include every vector we’ve seen in previous attacks as well as some sophisticated new techniques that use the web browsers of unsuspecting, uninvolved people to flood github.com with high levels of traffic,” Jesse Newland, Systems Engineer at GitHub, announced in a blog post on Friday.

“Based on reports we’ve received, we believe the intent of this attack is to convince us to remove a specific class of content.”

The content in question are two projects, cn-nytimes and greatfire. The first mirrors the New York Times for Chinese users (the NYT site is blocked by China’s “Great Firewall”), and the second one mirrors GreatFire.org, a website that exposes China’s internet censorship efforts and helps users get access to their mirror-sites.

According to a security researcher from Insight Labs, the DDoS attack started when the advertising and visitor tracking provided by Baidu, the largest search engine in China, began including JavaScript that prompted an automatic request for the two projects’ URLs to be loaded.

“A certain device at the border of China’s inner network and the Internet has hijacked the HTTP connections went into China, replaced some javascript files from Baidu with malicious ones that would load [the two URLs] every two seconds,” the researcher explained.

Baidu has denied being involved in the attack, saying that their security engineers have ruled out the possibility of security problems or hacker attacks on their own products. There has been no comment from the Chinese government.

GitHub’s System Status page says that the attack is still ongoing, but that all their services are currently available to users.

Judging by the status messages posted throughout these last four days, the attackers have repeatedly been ramping up and evolving their attack methods, and GitHub has been doing the same with their mitigation tactics.