The Ubuntu website and its other components (snap, launchpad and more) have been down since April 30 due to some. See https://status.canonical.com/ and https://askubuntu.com/questions/1566282/ubuntu-infrastructure-not-responding-returning-503-or-other-errors
A few days ago, AUR was under DDoS. Today Ubuntu. Yesterday, copy-fail vulnerability was discovered. This is worrying.
The link to status.canonical has this message now:
Canonical’s web infrastructure is under a sustained, cross-border attack and we are working to address it. We will provide more information in our official channels as soon as we are able to.
Their Discourse site is up, at least for now.
All these attacks are very concerning.
I suspected 
for the latest AUR DDoS and someone is claiming responsibility for this one.
What is the point of attacking open source os like ubuntu and Archlinux ? They are not owned by major coporations related to big western countries (yes somes distro are supported by some corpos) There is no money to be made, no ideological message to pass ( you are against open software ?) You have to have a lot of time to lose going against that kind of target. Show a flaw in their website ? Ok then you’ve shown that they are vulnerable to DDOS like any other sites to a degree. Cause trouble ? again for what purpose ? Most attacks on the web have a purpose be it monetary, ideological, or technological, others are created by script kiddies trying to show they are good at hacking. It would be interesting to understand the point behind those DDOS attacks.
Edit : As the X message suggest it’s caused by Iran ??? Again ubuntu is not the US and Arch either. They are global open source initiatives supported by many people in different countries.
The aim is merely to cause disruption to whatever can be disrupted 
Softer target than attacking a federal site which will have more protection.
I think it’s Microsoft 
Thy are getting scared that Linux is growing and people are leaving Win11.
Or fan boys “drones” that don’t like Linux. 
Yeah I understand that but it’s not related to the United States. Normally those groups targets things that are strongly related to the country. There is plenty of soft targets inside the US like hospital, local cities entities, schools, casinos even that are less protected than the main federal entities. The goal is to cause more damages because in this case it’s a physical war with an agressor. if you are at the point of attacking soft target like ubuntu and arch you are most likely desperate or just don’t have the power to achieve more damages.
There is a lot of stuff going on Rather it be Political or just A.I related. And even those intertwine. The DDOS attacks will become more and more common as Linux Grows. When the Market share was low there was no need to attack the projects but some of these are as big as corporations now. The bigger We grow the Bigger our target grows
This is indeed an interesting point. I truly hope they will protect those sites behind some service like cloudflare in order to help mitigate those kinds of attacks.
I don’t need Ubuntu. I have endeavourOS!
For some reason someone has flagged my post above that contained a screenshot from X.com by VECERT Analyser that showed that someone had claimed responsibility for the DDoS attack on Ubuntu. VECERT are a cybersecurity service (https://vecert.io) who post information about attacks.
My post was to provide information (and only information) from a reliable source about a claim (which is not in itself proof) of responsibility for the attacks on Ubuntu services. It wasn’t in any way an attempt to pass comment or engage in politics.
I am disappointed that my post above has been flagged as it was on topic and providing relevant information. I would ask whoever flagged it to think again.
The problem is it does mention information that is of a Political Nature that opens the door to posts that get into that Political realm. So the flag is correct as an attempt to stop the conversation to get into the Political realm. Otherwise if the posts aren’t removed and the topic goes off in that direction we would have to close the topic.
Edit: You opened the door to that with your first line that you posted.
And I went right through it … inadvertently 
So, to whomever flagged my post, thank you so much! I appreciate it. Learnt a lesson today: don’t go through any doors, wide open or shut, if you don’t know where it leads.
It is a statement of fact that a claim of responsibility has been made, and that claim has been reported by a cybersecurity service. That fact is not in itself political, and was posted to provide information about the topic subject - the attacks on Ubuntu services. In addition that claim of responsibility makes no mention of motivation or politics, merely the name of the group.
While you talk about opening doors, a different analogy comes to mind for me. We can’t stick our heads up our backsides and ignore on this forum that some people are carrying out DDoS and other attacks on the AUR and Ubuntu, that directly impact our usage of Linux.
I’m struggling to understanding your reasoning here. Are you saying:
- That a claim of responsibility by hackers seeking $100 billion from Ubuntu would be OK to post in this topic?
- That a claim of responsibility that makes no mention of motivation, politics, or any current world events but is by a group named “The Islamic Cyber Resistance in Iraq” is not OK to post in this topic?
If this is the case, can you please clarify further. “Islamic” can be used to describe art & architecture, as well as religious movements. Are all mentions of religious movements deemed to be inherently political here? The word “Resistance” is sometimes used by political organisations (as well as by electrical engineers). Should any organisation with the word “Resistance” in it’s name be banned from being mentioned on this forum, even when it claiming to be undertaking an action that directly impacts Linux users?
Edit: typo.
I think this is right, the information is relevant to the topic and is not a political statement of any kind.
Just a point of clarification, Iran and Iraq are not the same country but they appear to be conflated to some degree in this topic.
If the discussion can remain on topic (the DDoS attack against Canonical) it can remain open. If it devolves into political banter or otherwise drifts off-topic, we will close it down.
Thank you.
For further clarification (and not at all for political discussion), the Islamic Resistance in Iraq is considered to be “an informal network of Iranian-backed Shia Islamist factions in Iraq”.