GitHub under `Largest DDoS in Site History`

GitHub is suffering an ongoing DDoS attack after search engine traffic was redirected to flood the code repository.

On March 25, Baidu traffic began hitting a pair of URLs hosted on GitHub and causing temporary disruptions of the service.

“We are currently experiencing the largest DDoS attack in github.com`s history,” the company announced. “The attack involves a wide combination of attack vectors. These include every vector we`ve seen in previous attacks as well as some sophisticated new techniques that use the web browsers of unsuspecting, uninvolved people to flood github.com with high levels of traffic.”

More specifically, JavaScript is injected when people visit Baidu. The JavaScript tells the user’s browser to request two GitHub URLs: https://github.com/greatfire/ and https://github.com/cn-nytimes/.

The URLs link to two projects created to combat censorship in China, which raises suspicions over the source of the attack.

Based on reports we`ve received, we believe the intent of this attack is to convince us to remove a specific class of content,” Jesse Newland wrote on the GitHub blog on Saturday.

GitHub has managed to successfully mitigate the attack several times and, 118 hours later, it seems to have stopped.

“The ongoing DDoS attack has shifted again to include Pages and assets. We are updating our defenses to match,” the GitHub status page reports.

Baidu denied involvement in the attack, and says its own internal security hasn’t been compromised. “After careful inspection by Baidu`s security engineers, we have ruled out the possibility of security problems or hacker attacks on our own products,” the company told Ars Technica.