The update from the Arch Linux project says that details of the attack will not be made available as long as it’s still ongoing.
Apparently for the first time, the Arch Linux project has posted an update that addresses the extended distributed denial of service attack it’s been experiencing for at least the past week and a half.
“The Arch Linux Project is currently experiencing an ongoing denial of service attack that primarily impacts our main webpage, the Arch User Repository (AUR), and the Forums.”
On Monday we reported that the popular Linux distro had been experiencing a DDoS attack for at least a week. It was severe enough to make connecting to the project’s repository difficult if not impossible. In addition, we mentioned that there were unconfirmed reports on Reddit that Cloudflare had reached out to the Arch project to offer its DDoS protection services. Information about both of these issues was included in the update:
“We are aware of the problems that this creates for our end users and will continue to actively work with our hosting provider to mitigate the attack. We are also evaluating DDoS protection providers while carefully considering factors including cost, security, and ethical standards.”
The update also offered the following workarounds for users having trouble connecting to either the project’s website or the AUR repository:
- In the case of downtime for archlinux.org:
- Mirrors: The mirror list endpoint used in tools like
reflectoris hosted on this site. Please default to the mirrors listed in thepacman-mirrorlistpackage during an outage. - ISO: Our installation image is available on a lot of the mirrors, for example the DevOps administered geomirrors. Please always verify its integrity as described on the wiki and confirm it is signed by 0x54449A5C (or other trusted keys that may be used in the future).
- Mirrors: The mirror list endpoint used in tools like
- In the case of downtime for aur.archlinux.org:
- Packages: We maintain a mirror of AUR packages on GitHub. You can retrieve a package using: $
git clone --branch--single-branch https://github.com/archlinux/aur.git
The update also said that the project won’t be releasing information about the attack, its origin, or their ongoing mitigation tactics as the attack continues.
Christine Hall has been a journalist since 1971. In 2001, she began writing a weekly consumer computer column and started covering Linux and FOSS in 2002 after making the switch to GNU/Linux. Follow her on Twitter: @BrideOfLinux
Be First to Comment