Arch Linux’s AUR Runs into Recent Service Interruptions

Arch Linux’s AUR users have experienced downtime in recent days after a DDoS attack. Maintainers are investigating and working on restoring the service.

Arch Linux’s AUR Runs into Recent Service Interruptions

Arch’s AUR—one of the distro’s biggest selling points—has been through quite a rough patch lately. First came several back-to-back attempts to slip malicious software into the repository, which understandably set off alarm bells in the community.

And now, over the past few days, many users say they’ve been running into problems accessing the service almost daily.

A quick check here confirms it — since August 12, the AUR has been having daily access issues, and today, August 16, seems to be the worst so far. Right now, as I’m writing this, trying to access the AUR just ends up timing out.

A quick look through a few different sources sheds some light on what’s going on. In a Reddit post, one of Arch’s package maintainers explained:

Yes, we are suffering from some services outages (including the AUR) due to a DDOS attack. This is being investigated & worked on.

Another message on the Arch mailing list backs up what’s already been said:

Arch sites are currently experiencing a DoS. Work is underway to make them available again. AUR should be mostly fine now — in particular access over IPv6 is reported to be in perfect shape. Access to other services may be spotty.

It’s obvious this is a targeted attack on the AUR. Whether it’s a DoS (Denial of Service—coming from a single source) or a DDoS (Distributed Denial of Service—coming from multiple sources) isn’t exactly clear, but that’s not really the main point. Uptima’s stats show that over the past two days, not only the AUR but the distribution’s main website itself has also been hit.

So far, the distribution hasn’t released an official statement about the incident. However, from the messages, it’s clear that Arch maintainers are working hard to sort out the details of these attacks and reduce their impact, keeping the service available for users.

In closing, I have to say—naive as it might sound—that from an ethical standpoint, attacks like this on open-source projects are downright despicable. I’m confident the Arch team will handle this unpleasant situation quickly and will do everything they can to minimize the impact of such actions in the future (as far as possible, of course).

Bobby Borisov

Bobby Borisov

Bobby, an editor-in-chief at Linuxiac, is a Linux professional with over 20 years of experience. With a strong focus on Linux and open-source software, he has worked as a Senior Linux System Administrator, Software Developer, and DevOps Engineer for small and large multinational companies.

One comment

  1. Rob

    a botnet attack from compromised devices? I do not use arch and doubt I would ever feel safe using it if I used aur for software since I see no reason nowadays for not using official sources for software.

    Reply

Leave a Reply

Your email address will not be published. Required fields are marked *

Related Posts