Arch’s AUR has been busy battling DDoS attacks and malware. Trouble’s not over—and it’s anybody’s guess what’s next… if anything.
It hasn’t been a good summer for the folks maintaining the Arch User Repository at Arch Linux. For about a week now, AUR has been under a sustained distributed-denial-of-service attack that’s made the site difficult — but not impossible — to reach.
Although there’s been no official statement about the attack from the Arch project, we can surmise from the fact that connecting with the repository is still possible — albeit with great difficulty — that this isn’t one of those server-breaking attacks generating anywhere from six million to over 70 million requests per second. That doesn’t matter, because smaller, garden-variety sustained attacks below 100,000 RPS can cause plenty of headaches for admins and frustration for users.
It turns out, those incidents are just the latest in what was already a long, hot summer for AUR maintainers. In mid-July, Arch deleted three malicious AUR packages — targeting Firefox-based LibreWolf and Zen browsers, along with Firefox itself. They were infected with a Remote Access Trojan that created an open door that attackers could use to transfer files, execute commands, open reverse shells, steal data, and essentially take full control of a user’s computer.
About 10 days later, AUR deleted more malicious content in browser-related code. This time the target was the google-chrome-stable package, which was infected with similar malware.
The latest DDOS attacks aren’t anywhere near as worrisome since — on the surface at least — they don’t appear to pose a security threat. They’re still a pain in the keister for the DevOps teams tasked with the job of keeping AUR available, the app developers who need to keep their software available, and users of Arch-based Linux distributions needing to install apps.
According to social chatter, mainly on Reddit, Cloudflare has reached out to AUR with an offer to help mitigate the attack, but there’s no indication that Arch or AUR has accepted that offer — likely on philosophical grounds. From what I’ve been able to observe, as of this writing AUR availability remains spotty.
I’ll let you know more as soon as I know more.
Editor’s note: On Friday August 22, 2025, the Arch Linux project issued its first update on the ongoinging attack, which FOSS Force has covered in a separate article.
Christine Hall has been a journalist since 1971. In 2001, she began writing a weekly consumer computer column and started covering Linux and FOSS in 2002 after making the switch to GNU/Linux. Follow her on Twitter: @BrideOfLinux
Interesting isn’t it. Hypothetically at least right around the same time Microsoft and the hardware manufactures are trying to forced consumers to break out their wallets? Oh no such a big organization would never had under the table money to hire hackers to scare people out of “trusting” anything not Windows, apple of android? Certainly this wouldn’t happen during a time when Goliaths are allowed to run unchecked for the same of the economy? What Linux distribution would have the financial resources to qualify as equal in a court of so called justice? Why did money come out in top over anything that benefits the general population at large. Nope it must be that phrase that was coined to make people silly for understanding how these mechanisms actually get away with so much, the phase coined by the CIA and disseminated via mainstream media, first by familiar so called reliable faces to the public, then into popular media TV shows movie video game. Now of you even think of connections we are allowed to immediately yell conspiracy theory. What exactly is so hidden they want the citizens they are here to serve to be afraid to ask questions, of engage in conversion, ever tried to state connections to self serving rather than serving of the general public