The Arch Linux team reports that it has been mitigating a prolonged DDoS attack for more than a week, affecting most of the project’s services. The attack began on August 16, and as a result the Arch User Repository (AUR), the Arch Linux website, the Wiki, and the forums may be unavailable.
“As you may have noticed, some of our services (AUR, forums, main site) are currently affected by a DDoS attack. We are aware of the issue and are actively working on measures to mitigate it,” wrote the maintainers on August 16.
However, the attack was not quickly contained. Although the services nearly regained full functionality over the past weekend, issues persist and performance periodically degrades, as shown on the project’s status page. It is also noted that some services may be incorrectly displayed as unavailable due to the defensive measures in use.
“We understand the problems this creates for our end users and will continue to work closely with our hosting provider to mitigate the attack. We are also evaluating DDoS protection providers, carefully considering factors such as cost, security, and ethical standards,” reports the Arch Linux team.
The ongoing incident also affects package mirrors, since the mirror list endpoint that some tools rely on is hosted on the site. As a result, the maintainers advise users to switch to the mirrors listed in the pacman-mirrorlist package.
At present, representatives of Arch Linux are not disclosing any technical details of the attack, citing ongoing efforts to mitigate it.