GitHub Hacked : World Largest DDOS Attack


The World Largest DDOS Just Hit the Github with surprisingly the source is suspected to be from China, doing those malicious activities.

In computing, a denial-of-service attack (DoS attack) is a cyber-attack where the perpetrator seeks to make a machine or network resource unavailable to its intended users by temporarily or indefinitely disrupting services of a host connected to the Internet.

Denial of service is typically accomplished by flooding the targeted machine or resource with superfluous requests in an attempt to overload systems and prevent some or all legitimate requests from being fulfilled

GitHub said the attackers hijacked something called ‘memcaching’ — a distributed memory system known for high-performance and demand — to massively amplify the traffic volumes they were firing at GitHub.

To do that, they initially spoofed GitHub’s IP address and took control of memcached instances that GitHub said are “inadvertently accessible on the public internet.”

Memcached system utilized about five times the amplified traffic that caused an uneven rose in traffic for that period of time and thus the GitHub servers went down.

GitHub took help from Akamai Prolexic, which rerouted traffic to GitHub through its “scrubbing” centers which removed all the malicious traffic to balance the traffic flow on the website.

In total, GitHub was offline for five minutes between 17:21 to 17:26 UTC, with intermittent connectivity between 17:26 to 17:30 UTC.

The service became critical unstable for any company handling code — very many, indeed —

An Company Never welcomes a outage, but the response is impressive and certainly bodes well by github. GitHub said it is continually observing this attack, and others, to ensure it is suitably defensed.

Making GitHub’s edge infrastructure more resilient to current and future conditions of the internet and less dependent upon human involvement require better-automated intervention.

We’re investigating the use of our monitoring infrastructure to automate enabling DDoS mitigation providers and will continue to measure our response times to incidents like this with a goal of reducing mean time to recovery (MTTR).