GitHub hit by another major DDoS attack to because Chinese developers have been forced by police to remove projects of tools to circumvent “Great Firewall.”

The software collaboration site GitHub was hit by another DDoS on Tuesday morning that made the website unavailable to many users for several hours.

g1

The GitHub platform already suffered a major DDoS attack in March, in that case the attacker exploited the redirection of users who were connecting to many other websites on the Internet. The attackers injected malicious JavaScript code into the pages of those websites that was responsible for the hijacking of their visitors to Github.

Visitors who tried to access several websites in Internet used has DDoS gunner, noticed that those websites was serving advertisements and tracking code from Chinese Baidu, the code used by attackers instructs browsers of visitors to those websites to connect GitHub.com every two seconds. The technique allowed the attackers to generate “an extremely large amount of traffic,” according to researcher Anthr@x from Insight-labs.

The DDoS variant run in March was conducted to hit two popular Github projects, the GreatFire and CN-NYTimes, that are two anti-censorship tools used to avoid censorship operated by China and circumvent The Great Firewall Of China.

This time the DDoS attack seems to be the consequence of the decision of the platform to remove software capable of bypassing the Chinese censorship.

On August 22, an open source project called ShadowSocks was removed from GitHub, the author explained that the police contacted him and asked him to stop working on the software and to remove it from GitHub. Shadowsocks is a secure SOCKS5 proxy plug-in protocol for Internet users, it is used to circumvent the Chinese Great Firewall.
According to the GreatFire.org organization, another repository was recently removed from GitHub, GoAgent, another tool used to Chinese censorship.

“GoAgent’s Github repo is also removed today (Aug 25, 2015). GoAgent was the most popular circumvention tool in China. It relied on Google App Engine to tunnel traffic across GFW. It was hosted on Google Code(link is external) and later moved to Github.

The author phuslu deleted the repo without explanation but changed his account description to be “Everything that has a beginning has an end”.” states the GreatFire.org organization. 

Pierluigi Paganini