Check out their status page:
This raises many questions in my mind. Why attack Arch? Is Linux becoming so popular that we can expect an increase in attacks? What are the bad actors hoping to gain from attacking volunteers? Are other big Linux players next?
These are certainly interesting times.
3 Likes
This is a growing issue of automated traffic on the web. It does not leave much legroom for any spike or genuine attacks.
The past few months I’ve been helping clients mitigate this. As far as DDoS it must be really targeted because between services like Cloudflare and data center’s with built in mitigation, it’s not a common or long-lasting thing these days.
To give you an idea, here are the edge stats from Cloudflare WAF that sits in front of our forums:
Of the 108k “unique visitors,” 100k were non-human. 
And a whopping 4 million requests most of which mitigated by firewall rules. If it weren’t for their WAF, I’m sure the forums would have been largely unavailable or slower. (The specs of this VM is lower than an iPhone lol)
A quick check and archlinux.org does not have a proxy/firewall in place (unless they are using a custom server in front of their HTTP server). The IP is exposed, is showing regular hosting:
Hosted by Hetzner which is a good hosting company. However, often DDoS its only so much hosting companies will invest in it. It’s going to be Arch’s responsibility to mitigate.
The internet is fast becoming an environment where self-hosting anything more than a hobby-site requires serious consideration about automated traffic, targeted and non-targeted scanning, flooding, and DDoS.
2 Likes
That one flew so far over my head. 
1 Like
Arch, the ones under DOS Attack, took the hackers inflatable doll to make him go get a life and he got mad about it 
1 Like
Aha lately I read Arch AUR is increasing malware on the AUR repositories, I’m not surprised to read Arch server are under attack.
https://linuxcommunity.io/t/should-i-stay-on-arch-or-try-fedora/
I personally took this decision as well. I’m stable on Fedora.
- Arch: a distro for geek without a central point of distribution. You need to choose every package you want to install into. (and pray something won’t get broken
)
I was right couple of months ago: the Arch AUR repository is allowing packages from all users around the world and it would be hard keeping all under control byt he mantaiers. Using Arch nowdays it might be dangerousâť—
2 Likes
This thought gave me a pause to think. Dangerous to use the beloved Arch? I have always looked at the AUR with caution. To me both the AUR and Github seem to be in the same bracket, very popular and infiltrated with malware. Just like any software one has to be cautious about what is being downloaded. All the regular checks have to be done.
- Who is the author? What is his reputation?
- When last has the package been updated?
- Wait a few days, if possible, before downloading a brand new package.
@hydn had a nice check list of what to do. With that in mind my conclusion is this, if you don’t have time to research before you download, yes Arch can be dangerous. If you know what you are doing, then it can be fun.
One last point, I see where something like SELinux can really help, as if something suspicious is downloaded, hopefully it will alert you before it makes a mess of things.
1 Like
Doing installation and updates with cleverance is the key.
The exact opposite might be a greenhorn thinking he’s cool because “bwt I use arch”, and then start installing random packages from AUR without any check. That would be bad.
The objective fact is malware is increasing on AUR, just keep an additional eye while doing installation upgrading.
For sure Fedora is more secure because there’s Red Hat behind it, and the company is famous for it’s seriousness and transparency.
2 Likes