Arch websites slow or unresponsive

ArKayDe · 2025-08-14 21:17:39

Aren't there services that help with that? Cloudflare?

njodoin · 2025-08-14 21:43:13

There are many ways they could work to prevent a DDOS. As you mentioned, Cloudflare does offer DDOS protection, but there may be a reason why they are not utilizing Cloudflare for the AUR. Speculation is pointless, unfortunately, though.

It is mildly frustrating, but there are workarounds for most AUR packages in the meantime by manually downloading and building from source. I understand DDOSing a corporation or some government entity out of some perception of harm done, or intent for personal gain, but what legitimate reason is there to DDOS the AUR? There's really nothing to gain except some weird personal satisfaction.

Last edited by njodoin (2025-08-14 21:43:57)

Succulent of your garden · 2025-08-14 22:23:42

seth wrote:

summer school break. lulz. coping for an extremely tiny penis.

So maybe the microplastics in food disrupts his hormone system during development and we are dealing now with this ? Damn it maruchan. Please school teach them that the vagina is a complex system of nerves which can be stimulated in many different areas, the inner whole does not finish all the job by himself. Wait you said is one micron ? Never mind.

But also today the web page and the forum was shut down just a little of minutes. His botnet size is inverse proportional to his penis size I guess.

Okey but how he was able to shut down from two days the services ? I mean is he in someway rotating the ip addresses ? you are making an ip ban right ? at least temporarily i guess.

seth · 2025-08-14 22:33:59

I mean is he in someway rotating the ip addresses ? you are making an ip ban right ? at least temporarily i guess.

https://en.wikipedia.org/wiki/Denial-of … ibuted_DoS

Succulent of your garden · 2025-08-14 22:43:37

But do you think just one kid can have a very big botnet with many nodes ? I understand that could be many valid reasons for not doing this. But why not just making a temporal ban like 2 hours of the weird ips ? It's difficult to make that list in real time ? Just curious.

Last edited by Succulent of your garden (2025-08-14 22:43:51)

gehenna14 · 2025-08-14 23:02:39

Happening for me too, website and AUR have been intermittently going up and down again, only some packets go through
I don't know why someone would decide to ddos arch linux, truly the lowest of the low

fijarom · 2025-08-14 23:07:10

gehenna14 wrote:

truly the lowest of the low

I know right, this really is a new low. At least go DDOS something with a political / ideological motivation or something. I just imagine a bunch of kids behind their keyboards DDOSing AUR just because someone using Arch insulted their favourite distro.

fijarom · 2025-08-14 23:09:56

fijarom wrote:

At least go DDOS something with a political / ideological motivation or something.

For legal purposes: Please don't that. :*

Succulent of your garden · 2025-08-14 23:18:43

gehenna14 wrote:

I don't know why someone would decide to ddos arch linux, truly the lowest of the low roll

Instead of learning operation research to solve real world problems, earn some good money and went to Barbados island vacation

seth · 2025-08-14 23:19:36

Nobody gets DDOSed, for no disagreement over nothing and not because it's criminal, but because it's wrong.

Idk what has happened, but keep in mind that otoh 4chan pulled off the LOIC, essentially just to "stick it to them" (so "kids" can figure how to stage a massive attack out of limited resources) and otoh this could also just have been sparring (ie. you're testing your approach and measure the response in order to improve the system before going after the actual target)

Succulent of your garden · 2025-08-14 23:40:56

well if someones are really trying to LOICing arch linux or similar, that make more sense with everything.

EDIT: so probably there is a very boring private group chat of kids having for some weird reason high dopamine stimulus in their brains as they watch how the AUR collapses.

So long story short:

Girlfriend[probably some LLM anime girl with kids now days] or joint: You had to decide, me or the hacking of the AUR.

script kid: Sorry darling, hacking the AUR is heating me more than you.

Last edited by Succulent of your garden (2025-08-14 23:53:00)

mpan · 2025-08-15 08:19:18

Please, stop with bashing and with all these hypotheses. They are not based in reality. It’s just wild fantasies. And they can’t be verified either. In other words: useless.

The logorrheic attack on perpetrators is equally of no value, but it fills the thread with noise. People who search for actual information and help, have to dig through cesspool to fetch anything of use.

So, if I may ask again: quit DDoS-ing this thread with packets of nonsense.

Succulent of your garden · 2025-08-15 12:21:46

Okey get it. Just useful information from now on in this thread.
The AUR is still being attack right ? It went down minutes ago :C

Last edited by Succulent of your garden (2025-08-15 12:22:03)

seth · 2025-08-15 12:27:51

https://status.archlinux.org/

Succulent of your garden · 2025-08-15 12:32:25

TY, still not get used to the status site yet

SzBenedek2006 · 2025-08-15 13:04:08

Is there any official announcement from arch linux confirming what's happening and what can they or us or someone do to help resolve this? Do somebody know who's behind this?

gromit · 2025-08-15 13:07:46

No there has been no official announcement yet, as we were still evaluating and mitigating the issue.

hypnagogic · 2025-08-15 18:16:57

Well everything has been working much better today... Websites are loading fine and I'm able to update packages again.

discrete · 2025-08-15 22:25:45

Can confirm the AUR endpoint has been mostly responsive over the past day. I had jumped back into Arch as a daily driver after a decade hiatus and was shocked to outages, but just assumed it was from an influx of users as of late.

Thanks for sharing the status site and good luck with dealing with the DDoS. Look forward to reading any post-mortem write-up of how Hetzner was able to help mitigate.

andradei · 2025-08-15 22:58:30

aur.archlinux.org only worked for a couple of hours for me today.
Thank you, maintainers, for working on this. Hopefully it isn't being too stressful.
I hope the root cause in the end is some small change instead of an intentional attack.

One positive thing is that this got me reading a lot about AUR, looking at PKGBUILDs, looking at something like Chaotic AUR, and generally moving towards extra/multilib repos and Flatpak as much as possible.

(today was a bad day to decide to reinstall arch to test my new setup scripts haha).

Allan · 2025-08-15 23:07:42

andradei wrote:

I hope the root cause in the end is some small change instead of an intentional attack.
.

Given the system maintainers have pointed out it is a DDoS, you hopes have been shattered...

murffatksig · 2025-08-16 01:09:55

andradei wrote:

One positive thing is that this got me reading a lot about AUR, looking at PKGBUILDs, looking at something like Chaotic AUR, and generally moving towards extra/multilib repos and Flatpak as much as possible.
(today was a bad day to decide to reinstall arch to test my new setup scripts haha).

I reinstalled my system 3 days ago, I've been in the same boat learning to not rely on the AUR and use core/extra as much as I can.

fijarom · 2025-08-16 14:49:21

murffatksig wrote:

to not rely on the AUR and use core/extra as much as I can.

That right there, must be the motto of AUR.

mpan · 2025-08-16 20:50:09

To return back to the topic: for the past day all three affected services appear to experience no disruption. Thanks to devops.

For those, who are not subscribed to ML, here’s an announcement from Leonidas Spyropoulos:

Hello,
As you might be aware some of our services (AUR [0], Forums [1], main
website [2]) are currently affected by a DDoS attack. We are aware of
the issue and are actively working on mitigation efforts. We are working
with our data center operator and various network security providers,
and we are aware of the community offers to help.
We appreciate your patience and will provide periodic keeping technical
detail internal for security reasons.
Thanks,
The Arch Linux DevOps Team
[0]: https://aur.archlinux.org/
[1]: https://bbs.archlinux.org/
[2]: https://archlinux.org/

To my knowledge there is no official or semi-official evaluation of the effects, and I doubt there ever will be. From what I observed, it seems that the only major fallout is the users of pacman-wrapping AUR helpers had to switch to using pacman directly and postpone the rebuilding of some AUR-based packages. The main site and forum were sometimes harder to reach, but hardly beyond what would be bad internet weather. All other services, the above three beyond the web interface, and accessing over IPv6 seemed completely unaffected.

Of course it also wasted time of people keeping the services running. Which may be a good time to remind everybody that donations for servers upkeep are always welcome. Now you know what they’re spent on.

Last edited by mpan (2025-08-16 21:05:01)

Succulent of your garden · 2025-08-17 00:50:49

As an user form Latin America everything works fine the day of today. I went all the day in the computer studying and being here.

Thanks infra team

Arch Linux

#26 2025-08-14 21:17:39

Re: Arch websites slow or unresponsive

#27 2025-08-14 21:43:13

Re: Arch websites slow or unresponsive

#28 2025-08-14 22:23:42

Re: Arch websites slow or unresponsive

#29 2025-08-14 22:33:59

Re: Arch websites slow or unresponsive

#30 2025-08-14 22:43:37

Re: Arch websites slow or unresponsive

#31 2025-08-14 23:02:39

Re: Arch websites slow or unresponsive

#32 2025-08-14 23:07:10

Re: Arch websites slow or unresponsive

#33 2025-08-14 23:09:56

Re: Arch websites slow or unresponsive

#34 2025-08-14 23:18:43

Re: Arch websites slow or unresponsive

#35 2025-08-14 23:19:36

Re: Arch websites slow or unresponsive

#36 2025-08-14 23:40:56

Re: Arch websites slow or unresponsive

#37 2025-08-15 08:19:18

Re: Arch websites slow or unresponsive

#38 2025-08-15 12:21:46

Re: Arch websites slow or unresponsive

#39 2025-08-15 12:27:51

Re: Arch websites slow or unresponsive

#40 2025-08-15 12:32:25

Re: Arch websites slow or unresponsive

#41 2025-08-15 13:04:08

Re: Arch websites slow or unresponsive

#42 2025-08-15 13:07:46

Re: Arch websites slow or unresponsive

#43 2025-08-15 18:16:57

Re: Arch websites slow or unresponsive

#44 2025-08-15 22:25:45

Re: Arch websites slow or unresponsive

#45 2025-08-15 22:58:30

Re: Arch websites slow or unresponsive

#46 2025-08-15 23:07:42

Re: Arch websites slow or unresponsive

#47 2025-08-16 01:09:55

Re: Arch websites slow or unresponsive

#48 2025-08-16 14:49:21

Re: Arch websites slow or unresponsive

#49 2025-08-16 20:50:09

Re: Arch websites slow or unresponsive

#50 2025-08-17 00:50:49

Re: Arch websites slow or unresponsive

Board footer