Servers operated by Ubuntu and its parent company Canonical were knocked offline on Thursday morning and have remained down ever since, a situation that’s preventing the OS provider from communicating normally following the botched disclosure of a major vulnerability.
Attempts to connect to most Ubuntu and Canonical webpages and download OS updates from Ubuntu servers have consistently failed over the past 24 hours. Updates from mirror sites, however, have continued to work normally. A Canonical status page said: “Canonical’s web infrastructure is under a sustained, cross-border attack and we are working to address it.” Other than that, Ubuntu and Canonical officials have maintained radio silence since the outage began.
A decades-long scourge
A group sympathetic to the Iranian government has taken credit for the outage. According to posts on Telegram and other social media, the group is responsible for a DDoS attack using Beam, an operation that claims to test the ability of servers to operate under heavy loads but, like other “stressors,” are in fact fronts for services miscreants pay for to take down third-party sites. In recent days, the same pro-Iran group has taken credit for DDoSes on eBay.
According to a moderator on AskUbuntu.com, URLs that remained unavailable include:
- security.ubuntu.com
- jaas.ai
- archive.ubuntu.com
- canonical.com
- maas.io
- blog.ubuntu.com
- developer.ubuntu.com
- Ubuntu Security API – CVEs
- Ubuntu Security API – Notices
- academy.canonical.com
- ubuntu.com
- portal.canonical.com
- assets.ubuntu.com
Ubuntu and Canonical infrastructure went down hours after researchers released potent exploit code that allowed untrusted users in data centers, university settings, and elsewhere to gain all-powerful root control of servers running virtually all Linux distributions, including Ubuntu. The outage has limited Ubuntu’s ability to communicate security guidance to affected users. As noted earlier, updates remain available from mirror sites.
Stressor sites, also known as booter sites, have operated for decades. The DDoS-as-a-service operators have come under the attention of law enforcement in multiple countries, but attempts to shut down this scourge have never succeeded.
It’s unclear why the infrastructure has remained unavailable for so long. There’s a wealth of DDoS protection services, at least one of which is free.
