DDoS Attacks on Open Source Infrastructure

Sebastian BergmannArne Blankerts | International PHP Conference |

Denial of Service attacks, distributed or not, usually target companies in an effort to sabotage their business; most commonly for the financial gain of the attackers by extorting money. We never imagined that such an attack would target not-for-profit Open Source projects and their infrastructure. We could not have been more wrong. In May 2022, we noticed a spike in traffic—500 times its usual average! The webserver that hosts the repository for PHP Archives (PHAR) of PHPUnit was being assaulted with a Distributed Denial of Service (DDoS) attack using HTTP flooding, almost fully exhausting the server’s bandwidth. In this post-mortem analysis, Arne Blankerts, the system administrator for phpunit.de, and Sebastian Bergmann, the maintainer of PHPUnit, share the lessons they had to learn while dealing with this attack.

More information and tickets: https://phpconference.com/munich/

About the presenters

Sebastian Bergmann

Sebastian Bergmann is the author of PHPUnit and sets the industry standard of quality assurance.

Arne Blankerts

Arne Blankerts has solutions ready before others have even understood the problem.