How can we help with the recent AUR outages?
AUR seems to have had some very rough days this week. Uncharacteristically so. I've only been in the Arch world for a short time, but I'd really like to help sort whatever is going on out, if at all possible. If the AUR servers are straining, I'm sure I can marshal some resources to have those expanded. If it's because there's an attack, I already have a commitment from the Cloudflare CTO to help protect against it. I'm not sure who to reach out to in order to deliver assistance, resources, or whatever is needed, though. Again, I'm quite new here in the Arch world, but I'm incredibly motivated to help resolve whatever is plaguing the server farm. Thanks in advance for everything all of those working on this and the rest of the Arch infrastructure does! ✌️
On 8/14/25 11:52 PM, David Heinemeier Hansson wrote:
AUR seems to have had some very rough days this week. Uncharacteristically so. I've only been in the Arch world for a short time, but I'd really like to help sort whatever is going on out, if at all possible. If the AUR servers are straining, I'm sure I can marshal some resources to have those expanded. If it's because there's an attack, I already have a commitment from the Cloudflare CTO to help protect against it.
I'm not sure who to reach out to in order to deliver assistance, resources, or whatever is needed, though. Again, I'm quite new here in the Arch world, but I'm incredibly motivated to help resolve whatever is plaguing the server farm.
Thanks in advance for everything all of those working on this and the rest of the Arch infrastructure does! ✌️
Hi, First, I want to thank everyone working on this incident. From what I understood these days, the DDoS is not on the HTTP level, but somehow a TCP/UDP flood. Cloudflare can proxy your requests based on the Host header, authority header, SNI, etc., on the HTTP level where "aur.archlinux.org" is available in the request. However, because of the nature of the AUR, it must expose an SSH port that cannot be proxied through Cloudflare without using cloudflared, which I'm sure brings a lot of complications for users. Disclaimer: I'm not a package maintainer, DevOps, staff, or have any inside knowledge about the incident. This is just my guess. Best Regards, Amin Vakil
On 8/15/25 7:22 AM, Amin Vakil wrote:
Cloudflare can proxy your requests based on the Host header, authority header, SNI, etc., on the HTTP level where "aur.archlinux.org" is available in the request. However, because of the nature of the AUR, it must expose an SSH port that cannot be proxied through Cloudflare without using cloudflared, which I'm sure brings a lot of complications for users.
Wouldn't Cloudflare Spectrum be the tool for this kind of scenarios? Fermín Olaiz.
On 8/15/25 2:13 PM, Fermín Olaiz wrote:
Wouldn't Cloudflare Spectrum be the tool for this kind of scenarios?
Fermín Olaiz.
You're right, I didn't know about Cloudflare Spectrum and was thinking about Cloudflare Access > Cloudflare Applications. Cloudflare Spectrum can be of one solutions alright, thanks! Best Regards, Amin Vakil
On 15-08-2025 11:48:35, Amin Vakil wrote:
On 8/15/25 2:13 PM, Fermín Olaiz wrote:
Wouldn't Cloudflare Spectrum be the tool for this kind of scenarios?
Fermín Olaiz.
You're right, I didn't know about Cloudflare Spectrum and was thinking about Cloudflare Access > Cloudflare Applications.
Cloudflare Spectrum can be of one solutions alright, thanks!
Best Regards, Amin Vakil Could an IP block list also be used to stop requests/connections from known malicious IPs?
Kr, Adam
Hi, my gut feeling tells me that the Arch Admins don't need advice, but know very well what they can do. As users and non-admins, we should always remember that even DDoS countermeasures can be flooded by DDoS attacks ;)! We should just be patient. Regards, Ralf
As someone who've been through quite a few DDoS attacks, I'll say that the only sure-fire way I've found of dealing with a sufficiently large attack has been to take cover under an even larger shield. There's just not much you can do if your network pipes are completely swamped. That's why Cloudflare has been such a god-send for many companies. They have an incredible shield that makes even the biggest DDoS attacks irrelevant a lot of the time. This has been going on for a week now. Can imagine how exhausting and stressful it must be for the admin team dealing with this! So just want to extend the offer again that there's help available, and that Cloudflare is a great option. Especially in the short term, so the attacks just stop, giving the team time to properly consider how they want to address the single-point-of-failure design of the AUR without the stress of an active outage. On August 18, 2025, Ralf Mardorf <ralf.mardorf@alice-dsl.net> wrote:
Hi,
my gut feeling tells me that the Arch Admins don't need advice, but know very well what they can do.
As users and non-admins, we should always remember that even DDoS countermeasures can be flooded by DDoS attacks ;)!
We should just be patient.
Regards, Ralf
participants (5)
-
Adam Tazul
-
Amin Vakil
-
David Heinemeier Hansson
-
Fermín Olaiz
-
Ralf Mardorf