Announcement

Collapse
No announcement yet.

The world's largest DDoS attack took GitHub offline for <10 mins; your site might be vulnerable too!

Collapse
X
Collapse
First Prev Next Last
 
  • Page of 1
  • Filter
  • Time
  • Show
Clear All
new posts
Previous template Next
    #1

    The world's largest DDoS attack took GitHub offline for <10 mins; your site might be vulnerable too!

    On Wednesday, February 28, 2018 GitHub.com was unavailable from 17:21 to 17:26 UTC and intermittently unavailable from 17:26 to 17:30 UTC due to a distributed denial-of-service (DDoS) attack. Click link below for complete info.

    Github said the attackers used Memcached to do the DDoS attack.

    Cloudflare has a recent blog post on how Memcached can be used to perform a DDoS attack. If you are using Memcached, you might be vulnerable to DDoS too. Read the blog on how to fix this vulnerability.

    Cloudflare says that if you are using Cloudflare, you are safe:
    Originally posted by CloudFlare
    Finally, you are OK if you are a Cloudflare customer. Cloudflare's Anycast architecture works well to distribute the load in case of large amplification attacks, and unless your origin IP is exposed, you are safe behind Cloudflare.
    Cloudflare said they received word from hosts such as Digital Ocean, OVH, Linode and Amazon that they have tackled the Memcached issue. If you are using one of those hosts, then you are safe:
    Originally posted by CloudFlare
    We received a word from Digital Ocean, OVH, Linode and Amazon that they tackled the memcached problem, their networks should not be a vector in future attacks. Hurray!
    The world’s largest DDoS attack took GitHub offline for fewer than 10 minutes | TechCrunch
    https://techcrunch.com
    In a growing sign of the increased sophistication of both cyber attacks and defenses,Β GitHub has revealed that this week it weathered the largest-known DDoS..
    Helpful? Donate. Thanks!
    Buy me a coffeePayPal QR Code
    Fast VPS Host for vBulletin:
    A2 Hosting & IONOS
    Tags: None
    • Top
    • Translate
    • Bottom
    • Likes 1
    #2
    By default, Memcached has UDP support enabled. This is the attack vector used in this DDoS attack. If you are using Memcached, you must disable UDP support ASAP!
    Helpful? Donate. Thanks!
    Buy me a coffeePayPal QR Code
    Fast VPS Host for vBulletin:
    A2 Hosting & IONOS
    • Top
    • Translate
    • Bottom

    Comment

      #3
      My unused server from another web host was DDoS attacked without me knowing it. I just happened to log in to my account after a long time (months or a year) and found out my server was suspended. After inquiring with support, they told me my server was attacked via DDoS. So I had to disable UDP port to prevent this attack via Memcached.
      Helpful? Donate. Thanks!
      Buy me a coffeePayPal QR Code
      Fast VPS Host for vBulletin:
      A2 Hosting & IONOS
      • Top
      • Translate
      • Bottom

      Comment

      Previous template Next

      Users Viewing This Page

      Collapse

      There is 1 user viewing this forum topic.

      • Guest Guest

      Latest Posts

      Collapse
      View All
      Working...
      X
      Searching...Please wait.
      An unexpected error was returned: 'Your submission could not be processed because you have logged in since the previous page was loaded.

      Please push the back button and reload the previous window.'
      An unexpected error was returned: 'Your submission could not be processed because the token has expired.

      Please push the back button and reload the previous window.'
      An internal error has occurred and the module cannot be displayed.
      There are no results that meet this criteria.
      Search Result for "|||"