Editor’s note: This article was updated on 9/29/14 at approx. 5:30 p.m. to include update from Tux Machines publisher Roy Schestowitz.
Since sometime last week the popular Linux site Tux Machines has been under an apparent distributed denial-of-service (DDOS) attack. For the last several days, those trying to visit the site have been redirected to Tech Rights, another site operated by Roy Schestowitz, the owner of Tux Machines, to a post dated Saturday by Schestowitz which reads:
“Windows botnets have been hammering on Tux Machines for nearly a week. It got a lot of worse yesterday and the site became unaccessible much of the time. We don’t know who the attacker is and what the motivations are, but in the mean time the site can be read via the RSS feed. The RSS feed links to all the latest news and the pages ought to work as usual. We apologise for this issue and we are working hard to find a permanent solution.”
The public was first made aware of the problem in a blog post by Schestowitz on Wednesday in which he explained that the site’s aggregators, a key component of the site, had been disabled:
“Aggregators in Tux Machines have been universally disabled (temporarily we hope) after a week or so of heavy load that took the site down (well, over capacity and hence not accessible). The culprit seems to be mostly — although not exclusively — a bunch of bots that hammer on the aggregators with spammy requests. It’s sad that so many hours need to be spent just keeping script kiddies out of the site, resulting in fewer bits of output, slower pageloads (performance degradation), and restlessness (monitoring alerts all day long), not to mention crafting of rules that merely keep the site running. Running Tux Machines is not quite as peaceful and trivial/simple as it may seem from the outside. It’s like a full-time job, or at least it feels like it, especially whenever the site gets flooded by rogue bots, necessitating special attention 24/7.”
On Friday, Schestowitz updated the site’s visitors, saying the attack had gotten worse.
“The bots are getting harder to block. Strategies are changing. They are all acting like zombies/botnet and they all have a “Microsoft Windows” in their HTTP header.”
Since originally publishing this story, we’ve received an email update from Roy Schestowitz who tells FOSS Force that the site seems to be being hit in ten minute cycles:
“Several times per day I try to put down the defenses to see if the server can cope, but it cannot. I keep checking whether the attack persist. There seems to be a Windows botnet programmed/commandeered to send bursts of rubbish requests that bypass the cache (varnish) and hammer hard on the CPU (those pages are targeted and the targets move). The bursts are about 10 minutes apart. A week ago I was able to block some parts of the site (sub-optimal), but now even the front page is targeted, so I need to redirect the requests at varnish on another server, with 4 CPU cores (Tux Machines has 2).”
Here at FOSS Force, we will keep you advised as the situation progresses.