A large-scale DDoS attack, apparently emanating from China, has been hammering the servers at GitHub over the course of the last 12 hours, periodically causing service outages at the code-sharing and collaboration site.
The attack appears to have begun around 2 AM UTC on Friday and has been going in waves since then. The status page at GitHub shows that the admins at the site have been working to mitigate the attack with periodic success, and the most recent message says the company has deployed new defenses.
“We’ve deployed our volumetric attack defenses against an extremely large amount of traffic. Performance is stabilizing,” a message posted at 15:04 UTC says.
The traffic that is being used to DDoS GitHub apparently is mainly coming from China, and the method seems to be scripts deployed around the Web being hijacked to send traffic to a pair of URLs on GitHub. A Chinese security researcher who lives outside of China wrote an analysis of the attack after encountering malicious scripts on some popular Chinese sites.
“My first thought was someone naughty XSSed the page, so I opened developer tools to find the source of the XSS. Almost instantly I saw it was keep trying to load these two URLs: github.com/greatefire/ and github.com/cn-nytimes/ every a few seconds,” the analysis written by a user at Insight-Labs says.
The attack seems to be hijacking HTTP traffic from Baidu, a major Chinese Internet provider, to send it to the GitHub URLs. GitHub is posting frequent updates about the attack on the service status page, as well as on its Twitter feed.
