Skip to main content

DDoS attack hits GitHub after Chinese police force developer to remove code

GitHub has fallen prey to a DDoS attack this week, allegedly perpetrated by Chinese actors, in response to tools available on the site that would help users circumvent censorship.

On Tuesday the site found that it was under attack from malicious sources, following a similar tirade against the site in March of this year. This time, though, the attacks have been much more intense.

GitHub was supposedly targeted because the code repository hosts many different tools and resources for bolstering security and undermining censorship measures in countries like China. As a result it is believed that China-based attackers flooded the site with fake traffic to deny service to legitimate users., which regularly tracks sites blocked in China by the “Great Firewall,” reports that the open source project ShadowSocks, which calls itself a “secure socks5 proxy, designed to protect your Internet traffic” similarly to VPNs, has since been pulled from GitHub.

GitHub user, clowwindy, who is reportedly the developer of the protocol. claims the police told him or her to remove the code.

“Two days ago the police came to me and wanted me to stop working on this. Today they asked me to delete all the code from GitHub. I have no choice but to obey. I hope one day I’ll live in a country where I have freedom to write any code I like without fearing,” clowwindy wrote in a now-deleted comment. The ShadowSocks code has since been mirrored by other users and can be found on GitHub. also says a similar anti-censorship tool called GoAgent was removed from the site.

GitHub initially struggled to recover the site from this latest attack and return to normal operations, but on August 26 at midnight GMT, the site reported that everything was running 100 percent. That’s a much quicker recovery than in March, when a similar attack took the site down for nearly a week.

The graphic below shows how the site was hit rapidly with traffic.

github traffic

At this time, users are speculating that Chinese authorities are behind the demands that the code be removed or for the DDoS attack itself, but no one has specifically been blamed.

Today the VPN Astrill also reported that its service was being disrupted in China ahead of the country’s World War II anniversary celebrations in a bid to stamp out any dissent against the government online.

Editors' Recommendations