For greater than every week, the Arch Linux Undertaking’s maintainers have been responding to a sustained distributed denial-of-service (DDoS) assault that impacted many of the venture’s assets.
The venture’s maintainers first confirmed that the outage was attributable to a DDoS assault on August 16, noting that the Arch Person Repository (AUR), the Arch Linux principal webpage, and the boards had been down.
“As you may be conscious a few of our providers (AUR, Boards, principal web site) are at the moment affected by a DDoS assault. We’re conscious of the problem and are actively engaged on mitigation efforts,” the maintainers stated.
“We’re conscious of the issues that this creates for our finish customers and can proceed to actively work with our internet hosting supplier to mitigate the assault. We’re additionally evaluating DDoS safety suppliers whereas fastidiously contemplating components together with value, safety, and moral requirements,” they stated in an replace final week.
The providers have been regularly restored over the weekend, as mirrored on the venture’s standing web page. At the moment, the person repository and the boards are totally operational, whereas the web site continues to be affected, albeit it’s accessible.
“We’re affected by partial outages due DDoS assaults […]. Some providers might wrongly be displayed as ‘Down’ because of a few of the mitigation ways. See our announcement for a extra detailed replace on the state of affairs,” the web page reads.
The incident additionally impacted bundle mirrors, because the mirror record endpoint that some instruments depend on can also be hosted on the web site, and the maintainers directed customers to change to mirrors listed within the pacman-mirrorlist bundle.
For set up pictures downloaded from mirrors, the maintainers suggest that customers carry out integrity and signature checks.Commercial. Scroll to proceed studying.
The Arch Linux Undertaking didn’t share technical particulars on the assault, comparable to origin and response ways, citing the continued efforts to mitigate it.
Associated: RapperBot Botnet Disrupted, American Administrator Indicted
Associated: ‘MadeYouReset’ HTTP2 Vulnerability Allows Huge DDoS Assaults
Associated: DDoS Assaults Blocked by Cloudflare in 2025 Already Surpass 2024 Whole
Associated: File-Breaking 7.3 Tbps DDoS Assault Targets Internet hosting Supplier
