this post was submitted on 27 Oct 2025
124 points (100.0% liked)

Linux

9942 readers
2056 users here now

A community for everything relating to the GNU/Linux operating system (except the memes!)

Also, check out:

Original icon base courtesy of lewing@isc.tamu.edu and The GIMP

founded 2 years ago
MODERATORS
Ategon@programming.dev
anzo@programming.dev
dwraf_of_ignorance@programming.dev
124
Arch Linux AUR Hit by Another DDoS Attack, Port 22 Access Disrupted (linuxiac.com)
submitted 3 days ago by cm0002@lemmy.zip to c/linux@programming.dev
17 comments fedilink hide all child comments
 

The Arch Linux team has once again been forced to respond to a distributed denial-of-service attack targeting its AUR repository infrastructure. As a result, DDoS protection has been enabled for aur.archlinux.org to help mitigate the ongoing disruption.

While this measure helps keep the AUR website accessible, it has introduced a significant side effect: pushing to the AUR is currently not possible.

you are viewing a single comment's thread
view the rest of the comments
[–] beerclue@lemmy.world 13 points 3 days ago (2 children)

But... why? I mean, who's targeting Arch? Sounds like the Arch team has some info that they won't release (for now), but this is so confusing to me...

[–] BurgerBaron@piefed.social 27 points 3 days ago* (last edited 3 days ago) (2 children)

Nobody has been claiming responsibility. Some of the AUR forum peoples think it's butthurt malware devs who got caught uploading malware, but it's just a shot in the dark.

https://status.archlinux.org/

Been on and off for months now.

[–] Fecundpossum@lemmy.world 6 points 3 days ago (1 children)

I wonder if it could be a state actor? I can imagine that the powers that be in MANY countries could be motivated to keep users away from operating system software that isn’t spyware.

[–] Laser@feddit.org 12 points 3 days ago (1 children)

Then why go against the AUR and not the official mirrors? The former isn't always exactly the epitome of securely packaged trusted applications

[–] Fecundpossum@lemmy.world 5 points 3 days ago (1 children)

Just spitballing, because honestly the amount of effort that must go into sustaining this attack in the long term just baffles me. Like, why?

[–] Alaknar@sopuli.xyz 1 points 2 days ago

It costs, like $10 to rent a botnet for a couple-hour attack.

[–] teawrecks@sopuli.xyz 2 points 2 days ago (1 children)

If it's blocking AUR updates, it could be an attempt to keep some patches to certain exploits from going out? But it seems unlikely that the cost of a ddos is worth the tiny number of possibly vulnerable AUR users out there...

[–] krooklochurm@lemmy.ca 5 points 2 days ago

If people just used Hannah Montana Linux then we wouldn't have these problems.

[–] lengau@midwest.social 3 points 3 days ago

Services I know that have both HTTPS and SSH access have seen all sorts of weird stuff seemingly related to LLM bot scraping over the past few months. Enough to bring down some git servers.