Project GMP’s servers suffered a DDoS attack from an attacker last month. In fact, investigations revealed that many Microsoft servers were involved in the attack. According to the GMP project, GitHub’s architecture provides a quick transition to such attacks, Microsoft blames it.
Torbjörn Granlund, director of GMP, revealed the news in a message to newsletter subscribers. “GMP servers are being attacked through a bunch of IP addresses through collaboration with Microsoft,” Granlund said. GMP is a loose open source where visitors can locate a library. for arbitrary precision calculations.
It was highly unlikely that GMP would remain active without the intervention of the organization. Therefore, it was to deny access to all IP addresses from a Microsoft device.
“We don’t know if this was done because of Microsoft’s bad intentions, if it was a mistake or if any of their cloud consumers were attacked,” Granlund said.
Microsoft later introduced its own investigation into the incident. The day after the attack, it became clear that this was a GitHub Actions workflow. He copied a Mercurial repository for this purpose.
“Microsoft and GitHub investigated the factor and decided that a GitHub user had updated a script in the FFmpeg-Builds task that pulled content from gmplib. org,” explained Mike Blacker, director of risk search. It is configured to run parallel concurrent tests on another hundred types of computers/architectures. “
GMP assignment made the decision to continue sending all requests from Microsoft-managed IP addresses directly to the firewall. On its website, it reads: “After the factor was reported here and on GMP mailing lists, a Github representative responded by downplaying the factor and blaming our servers for the denial-of-service attack. They did nothing to prevent the attack! In fact, a week later, it still continues.
According to the GMP project, GitHub’s architecture may be too hijacked to launch such attacks. “Github’s configuration encourages forks of your projects, and those forks then make adjustments to the default main project. “
Also read: Research shows millions of GitHub repositories are vulnerable to RepoJacking
Techzine focuses on IT professionals and business solvers through publishing the latest IT news and backstories. Perceive products and services.