DDoS Attacks on Open Source Infrastructure

Sebastian BergmannArne Blankerts | International PHP Conference |

Denial of Service attacks, distributed or not, usually target companies in an effort to sabotage their business; most commonly for the financial gain of the attackers by extorting money. We never imagined that such an attack would target not-for-profit Open Source projects and their infrastructure. We could not have been more wrong. In May 2022, we noticed a spike in traffic—500 times its usual average! The webserver that hosts the repository for PHP Archives (PHAR) of PHPUnit was being assaulted with a Distributed Denial of Service (DDoS) attack using HTTP flooding, almost fully exhausting the server’s bandwidth. In this post-mortem analysis, Arne Blankerts, the system administrator for phpunit.de, and Sebastian Bergmann, the maintainer of PHPUnit, share the lessons they had to learn while dealing with this attack.

3 / 100
Als PDF speichern

Über die Referenten

Sebastian Bergmann

Sebastian Bergmann setzt als Autor von PHPUnit Standards bei der Qualitätssicherung.

Arne Blankerts

Arne Blankerts hat schon Lösungen parat, bevor andere ein Problem erkannt haben.