Arch Linux Faces 'Ongoing' DDoS Attack (theregister.com)
- Reference: 0178834938
- News link: https://linux.slashdot.org/story/25/08/23/0513229/arch-linux-faces-ongoing-ddos-attack
- Source link: https://www.theregister.com/2025/08/22/arch_linux_ddos/
Arch maintainer Cristian Heusel [2]announced Thursday on the project's web site that the attack "primarily impacts our main webpage, the Arch User Repository (AUR), and the Forums."
> We are aware of the problems that this creates for our end users and will continue to actively work with our hosting provider to mitigate the attack. We are also evaluating DDoS protection providers while carefully considering factors including cost, security, and ethical standards... As a volunteer-driven project, we appreciate the community's patience as our DevOps team works to resolve these issues.
A status update Friday acknowledged "we are suffering from partial outages." [3]The Register reports :
> The attack comes as the project has been enjoying a boost in mainstream success. The distro was picked by Valve to underpin the SteamOS software running on its Steam Deck handheld gaming gadget, with the company providing the project with funding for further development. Late last year, a new version of the archinstall tool was released, with a view to making the system more friendly to newcomers...
>
> For now, the Arch team is working to mitigate the attack's impact, which highlights a bootstrapping issue. Tools designed to shift traffic to mirrors in the event the main infrastructure is unavailable rely on a mirror list obtained from that same main infrastructure, with Heusel advising that users should "default to the mirrors listed in the pacman-mirrorlist package" if tools like reflector fail. Installation media can be downloaded from a range of mirrors, too, but should be checked against the project's official signing key before being trusted.
[1] https://www.theregister.com/2025/08/22/arch_linux_ddos/
[2] https://archlinux.org/news/recent-services-outages/
[3] https://www.theregister.com/2025/08/22/arch_linux_ddos/
It takes a special kind of low-life (Score:2)
Who in their right mind would attack a community project? Why?
Is it some disgruntled user who got banned from their forums?
Re: (Score:2)
The answer is in your question. They aren't in their right mind, they are some warped wretch that technology has empowered to be actually dangerous, rather than merely annoying.
Re: (Score:2)
> Who in their right mind would attack a community project? Why?
> Is it some disgruntled user who got banned from their forums?
Some one/company looking to make a buck? From TFS, "We are also evaluating DDoS protection providers ..." /cynical
Hmmm... (Score:3)
I wonder who would benefit from one of the world's most popular Linux distros having issues like these? Anyone? Anyone? Bueller? Bueller?
Re: (Score:2)
This seems to imply that you have some idea. Can you say it? Because I honestly have no idea why anyone would attack a middling distro. Sure, it's used by Valve, and Steam OS is successful, but an attack like this would have no effect on Steam OS, only on Arch, which by itself is not near the top of distros.
So please clarify who you think might benefit from this.
Re: (Score:2)
[1]https://archive.org/download/l... [archive.org]
[1] https://archive.org/download/linux_vs_bill_gates/linux%20vs%20bill%20gates%20%5BKwnBZZ7_FGg%5D.mp4
Re: (Score:2)
Calling it "one of the world's most popular Linux distros" is well overstating the case. I've heard about it, and it's supposed to be technically good. But a bit difficult. I can't imagine comparing it's popularity with SuSE, Debian, Red Hat, Ubuntu, ...at least not favorably. I'll admit I've considered installing it, though I've never gotten around to actually doing so, but I've also installed Mint and Mandrake and lots of other distros.
This is why we have CDNs (Score:3)
This is why we have Akamai, CloudFront, and CloudFlare.
How much you want to bet that.. (Score:2)
Cloudflare IP addresses were used in this ddos? At which point even state actors could be doing it.
I'm reminded of the Boondocks episode where Samuel L Jackson and his friend are creating demand for their home security business by also donning masks and breaking into homes around town.
Re: (Score:2)
Charlie Chaplin's film "The Kid" from 1921 illustrates the same technique, where a little brat breaks people's windows, and the protagonist has a business repairing them.
Cloudflare (Score:4, Informative)
Even their free plan blocks ddos [1]https://www.cloudflare.com/pla... [cloudflare.com]
[1] https://www.cloudflare.com/plans/free/
Tx! (Score:1)
I feel dumb I didn't know that, but i'm happy to know it now.
Re: (Score:1)
Hm, the WAF is not free and it won't tell me what their lowest tier does without me giving a ton of info to 'talk to an expert'. Bleh. The rest looked good though. I was hoping I could add theirs in front of my raspberrypi, or at least dockerize my rockberrypi or something and send it to them for free.
Re: (Score:1)
what nonsense. spewing trash like that makes you a suspect for this DoS.
Arch is great, many small-medium businesses use it and I've worked on their systems as consultant.
Re:Well, it's Arch, so... (Score:4, Insightful)
> Arch Linux users are some of the insufferable arrogant assholes who think they know everything when they usually know absolutely nothing.
Let's just say this is true, for the sake of argument. What about it it justifies a DDOS?
Re: (Score:3)
I use Arch Linux. That I also happen to know everything is purely coincidental.
Re: (Score:2)
The folks in #archlinux on Libera chat are all pretty friendly in my experience.