DDoS Attack on Arch Linux Disrupts Project’s Website, Repository, and Forums

The Arch Linux team reports that it has been battling a sustained DDoS attack for more than a week, severely disrupting access to several of the project’s key resources.

The attack, which began on August 16, has intermittently affected the Arch User Repository (AUR), the official website, the Wiki, and the forums, leaving them partially or fully inaccessible at times.

“As you may have noticed, some of our services (AUR, forums, main website) are currently affected by a DDoS attack. We are aware of the issue and are actively working on measures to resolve it,” maintainers wrote in an update on August 16.

Ongoing Disruptions

While services were briefly restored over the past weekend, problems persist. The project’s status page shows that performance continues to degrade periodically, and maintainers caution that some services may appear offline due to the defense tactics being employed.

“We understand the problems this creates for our end users and will continue to work actively with our hosting provider to mitigate the attack. We are also evaluating DDoS protection providers, carefully considering factors such as cost, security, and ethical standards,” the Arch Linux team stated.

Impact on Mirrors

The incident has also affected package mirrors, since the mirror list endpoint—relied upon by some tools—is hosted on the main site. Users are advised to switch to mirrors listed in the pacman-mirrorlist package.

No Technical Details Yet

For now, Arch Linux representatives have declined to share technical details of the attack, citing ongoing mitigation efforts