Arch Linux Faces 'Ongoing' DDoS Attack (theregister.com) 29
"Some joyless ne'er-do-well has loosed a botnet on the community-driven Arch Linux distro," reports the Register, with a distributed denial of service (DDoS) attack that apparently started a week ago.
Arch maintainer Cristian Heusel announced Thursday on the project's web site that the attack "primarily impacts our main webpage, the Arch User Repository (AUR), and the Forums." We are aware of the problems that this creates for our end users and will continue to actively work with our hosting provider to mitigate the attack. We are also evaluating DDoS protection providers while carefully considering factors including cost, security, and ethical standards... As a volunteer-driven project, we appreciate the community's patience as our DevOps team works to resolve these issues.
A status update Friday acknowledged "we are suffering from partial outages." The Register reports: The attack comes as the project has been enjoying a boost in mainstream success. The distro was picked by Valve to underpin the SteamOS software running on its Steam Deck handheld gaming gadget, with the company providing the project with funding for further development. Late last year, a new version of the archinstall tool was released, with a view to making the system more friendly to newcomers...
For now, the Arch team is working to mitigate the attack's impact, which highlights a bootstrapping issue. Tools designed to shift traffic to mirrors in the event the main infrastructure is unavailable rely on a mirror list obtained from that same main infrastructure, with Heusel advising that users should "default to the mirrors listed in the pacman-mirrorlist package" if tools like reflector fail. Installation media can be downloaded from a range of mirrors, too, but should be checked against the project's official signing key before being trusted.
Arch maintainer Cristian Heusel announced Thursday on the project's web site that the attack "primarily impacts our main webpage, the Arch User Repository (AUR), and the Forums." We are aware of the problems that this creates for our end users and will continue to actively work with our hosting provider to mitigate the attack. We are also evaluating DDoS protection providers while carefully considering factors including cost, security, and ethical standards... As a volunteer-driven project, we appreciate the community's patience as our DevOps team works to resolve these issues.
A status update Friday acknowledged "we are suffering from partial outages." The Register reports: The attack comes as the project has been enjoying a boost in mainstream success. The distro was picked by Valve to underpin the SteamOS software running on its Steam Deck handheld gaming gadget, with the company providing the project with funding for further development. Late last year, a new version of the archinstall tool was released, with a view to making the system more friendly to newcomers...
For now, the Arch team is working to mitigate the attack's impact, which highlights a bootstrapping issue. Tools designed to shift traffic to mirrors in the event the main infrastructure is unavailable rely on a mirror list obtained from that same main infrastructure, with Heusel advising that users should "default to the mirrors listed in the pacman-mirrorlist package" if tools like reflector fail. Installation media can be downloaded from a range of mirrors, too, but should be checked against the project's official signing key before being trusted.
Usual Suspects (Score:1, Funny)
Probably someone trying to get through their docs.
Well, it's Arch, so... (Score:2, Interesting)
...maybe if their users weren't such raging sneering dickholes in their user forum, people wouldn't have the notion to do stuff like this.
Re: (Score:1, Troll)
I don't know why you got modded troll when you're actually correct.
Arch Linux users are some of the insufferable arrogant assholes who think they know everything when they usually know absolutely nothing.
Re:Well, it's Arch, so... (Score:5, Insightful)
Arch Linux users are some of the insufferable arrogant assholes who think they know everything when they usually know absolutely nothing.
Let's just say this is true, for the sake of argument. What about it it justifies a DDOS?
Re:Well, it's Arch, so... (Score:5, Funny)
Re:Well, it's Arch, so... (Score:4, Informative)
Re: Well, it's Arch, so... (Score:1)
Any forum thread I came across in searches contained only follow up questions and tips for solving the issue, if it wasnâ(TM)t covered in the Wiki already, which is excellent.
How about an example of alleged arseholedness?
Re: (Score:2)
Look up their concept of "help vampires".
Basically, if you ask for "too much" help or don't try "hard enough" yourself first (which is entirely subjective), they ban you.
Utterly toxic elitist bullshit and I actively steer new Linux users away from Arch because of it.
It takes a special kind of low-life (Score:4)
Who in their right mind would attack a community project? Why?
Is it some disgruntled user who got banned from their forums?
Re: (Score:2)
The answer is in your question. They aren't in their right mind, they are some warped wretch that technology has empowered to be actually dangerous, rather than merely annoying.
Re: (Score:2)
Who in their right mind would attack a community project? Why?
Is it some disgruntled user who got banned from their forums?
Some one/company looking to make a buck? From TFS, "We are also evaluating DDoS protection providers ..." /cynical
Hmmm... (Score:3)
I wonder who would benefit from one of the world's most popular Linux distros having issues like these? Anyone? Anyone? Bueller? Bueller?
Re: (Score:3)
This seems to imply that you have some idea. Can you say it? Because I honestly have no idea why anyone would attack a middling distro. Sure, it's used by Valve, and Steam OS is successful, but an attack like this would have no effect on Steam OS, only on Arch, which by itself is not near the top of distros.
So please clarify who you think might benefit from this.
Re: (Score:2)
https://archive.org/download/l... [archive.org]
Re: (Score:2)
Calling it "one of the world's most popular Linux distros" is well overstating the case. I've heard about it, and it's supposed to be technically good. But a bit difficult. I can't imagine comparing it's popularity with SuSE, Debian, Red Hat, Ubuntu, ...at least not favorably. I'll admit I've considered installing it, though I've never gotten around to actually doing so, but I've also installed Mint and Mandrake and lots of other distros.
Another distro? (Score:3)
Probably butthurt Gentoo users. Arch seems to have killed off Gentoo.
Re: (Score:2)
I wouldn't say it's one of the world's most popular, it is quite popular among tinkerers, but that is not what drives Linux adoption the world over. It's a relatively minor player the global scheme.
That makes it all the stranger that someone would dedicate a DDoS resource to it.
This is why we have CDNs (Score:3)
This is why we have Akamai, CloudFront, and CloudFlare.
Re: (Score:2)
This is why we have Akamai, CloudFront, and CloudFlare.
Yes but we shouldn't need to pay money to an oligopoly of protectors to keep our open source non-profit projects online.
How much you want to bet that.. (Score:2)
Cloudflare IP addresses were used in this ddos? At which point even state actors could be doing it.
I'm reminded of the Boondocks episode where Samuel L Jackson and his friend are creating demand for their home security business by also donning masks and breaking into homes around town.
Re: (Score:2)
Charlie Chaplin's film "The Kid" from 1921 illustrates the same technique, where a little brat breaks people's windows, and the protagonist has a business repairing them.
Cloudflare (Score:5, Informative)
Tx! (Score:1)
Re: (Score:1)
Re: Tx! (Score:2)
Re: (Score:2)
Yes, but I don't like the idea of open source projects having to support for profit corporations for protection. Cloudflare is turning into something of a monopoly as it is.
Arch Linux faces ongoing MICROS~1 DDoS attack (Score:2)
Hard to understand some people (Score:1)
When this is done to a commercial company, people can have a justified grudge, but why to pick on a community project, especially one thatâ(TM)s as great as Arch Linux?
What a bunch of a-holes.