thePHP.cc Logo Deutsch Contact

DDoS Attacks on Open Source Infrastructure

Denial of Service attacks, distributed or not, usually target companies in an effort to sabotage their business; most commonly for the financial gain of the attackers by extorting money.

We never imagined that such an attack would target not-for-profit Open Source projects and their infrastructure. We could not have been more wrong. In May 2022, we noticed a spike in traffic—500 times its usual average! The webserver that hosts the repository for PHP Archives (PHAR) of PHPUnit was being assaulted with a Distributed Denial of Service (DDoS) attack using HTTP flooding, almost fully exhausting the server’s bandwidth.

In this post-mortem analysis, Arne Blankerts, the system administrator for phpunit.de, and Sebastian Bergmann, the maintainer of PHPUnit, share the lessons they had to learn while dealing with this attack.