Microsoft's GitHub Under Fire For DDoSing Crucial Open Source Project Website
Published on June 29, 2023 at 04:20AM
The servers used by the GMP project, an open source arithmetic library at the heart of GCC and other programs, slowed to a crawl earlier this month due to a large amount of network traffic originating from Microsoft servers. The Register reports: Torbjorn Granlund, principal author of GMP, raised the alarm in a note to the project's mailing list. "The GMP servers are under attack by several hundred IP addresses owned by Microsoft Corporation," he wrote. "We do not know if this is made with malice by Microsoft, if it is some sort of mistake, or if [it is one] of their cloud customers ... running the attack. The attack targets the GMP repo, with thousands of identical requests. The requests are cleverly chosen as to cause heavy system load. "We're firewalling off all of Microsoft's IP addresses as an emergency response." The following day, Mike Blacker, director of threat hunting, operations, and response at Microsoft's GitHub, had identified the culprit: a GitHub Actions Workflow that clones a Mercurial repo and has been forked more than 700 of times. "Microsoft and GitHub have investigated the issue and determined that a GitHub user updated a script within the FFmpeg-Builds project that pulled content from https://gmplib.org," explained Blacker. "This build was configured to run parallel simultaneous tests on 100 different types of computers/architectures. This activity does not appear to be nefarious. [GMP] appears to have limited infrastructure that could not sustain the limited, yet simultaneous requests." [...] As of last week, the excessive traffic was still an issue. "Our servers are fully available again, but that's the result of us adding all participating Microsoft network ranges to our firewall," the GMP project explains on its webpage. "We understand that we are far from the first project to take such measures against Github." The Register asked Granlund whether he was satisfied with Microsoft-GitHub's response, and he told us he had only heard once from Blacker. "I blocked about 40 IP ranges from accessing our web server," he explained. "A week after this started, there was still intensive traffic from the same IP addresses, perhaps 100 different Microsoft addresses all in all, belonging to about 40 ranges. The difference was that that traffic just caused minuscule load, and a log line in the firewall." "Problem solved. I cannot care less if they no longer can access gmplib.org. I find it interesting how little responsibility Github/Microsoft assume here. They seem to think that they are entitled to bash away at smaller sites."
Published on June 29, 2023 at 04:20AM
The servers used by the GMP project, an open source arithmetic library at the heart of GCC and other programs, slowed to a crawl earlier this month due to a large amount of network traffic originating from Microsoft servers. The Register reports: Torbjorn Granlund, principal author of GMP, raised the alarm in a note to the project's mailing list. "The GMP servers are under attack by several hundred IP addresses owned by Microsoft Corporation," he wrote. "We do not know if this is made with malice by Microsoft, if it is some sort of mistake, or if [it is one] of their cloud customers ... running the attack. The attack targets the GMP repo, with thousands of identical requests. The requests are cleverly chosen as to cause heavy system load. "We're firewalling off all of Microsoft's IP addresses as an emergency response." The following day, Mike Blacker, director of threat hunting, operations, and response at Microsoft's GitHub, had identified the culprit: a GitHub Actions Workflow that clones a Mercurial repo and has been forked more than 700 of times. "Microsoft and GitHub have investigated the issue and determined that a GitHub user updated a script within the FFmpeg-Builds project that pulled content from https://gmplib.org," explained Blacker. "This build was configured to run parallel simultaneous tests on 100 different types of computers/architectures. This activity does not appear to be nefarious. [GMP] appears to have limited infrastructure that could not sustain the limited, yet simultaneous requests." [...] As of last week, the excessive traffic was still an issue. "Our servers are fully available again, but that's the result of us adding all participating Microsoft network ranges to our firewall," the GMP project explains on its webpage. "We understand that we are far from the first project to take such measures against Github." The Register asked Granlund whether he was satisfied with Microsoft-GitHub's response, and he told us he had only heard once from Blacker. "I blocked about 40 IP ranges from accessing our web server," he explained. "A week after this started, there was still intensive traffic from the same IP addresses, perhaps 100 different Microsoft addresses all in all, belonging to about 40 ranges. The difference was that that traffic just caused minuscule load, and a log line in the firewall." "Problem solved. I cannot care less if they no longer can access gmplib.org. I find it interesting how little responsibility Github/Microsoft assume here. They seem to think that they are entitled to bash away at smaller sites."
Read more of this story at Slashdot.
Comments
Post a Comment