The Free Software Foundation’s services face “ongoing (and increasing) distributed denial of service (DDoS) attacks,” senior systems administrator Ian Kelling wrote Wednesday.
The FSF SysOps team consists of two full-time tech team employees and a handful of dedicated volunteers. A large part of our work is running the software and physical servers that host websites and other services for GNU, FSF, and other free software projects, including virtual machines for the browser extension JShelter, the desktop environment and software collection KDE, and Sugar Labs, an organization that creates learning tools for children. We recently counted seventy different services, and have a dozen physical servers across two Boston-area data centers.
Since we last wrote, much has happened, and while I’d love to talk about all of it, including the process of deploying four new servers to our data centers, I want to focus on the huge task of maintaining our services in the face of ongoing (and increasing) distributed denial of service (DDoS) attacks. A DDoS attack typically happens when attackers control thousands or millions of machines and get them all to send requests or other traffic to a target server. Then, the server gets overwhelmed with processing those requests and fails to respond to requests from legitimate users. A common way of defending against a DDoS attack, which we often use, is to figure out a way of identifying which IP addresses are sending requests as part of the DDoS, and then have the server ignore requests from those IP addresses.
Our infrastructure has been under attack since August 2024. Large Language Model (LLM) web crawlers have been a significant source of the attacks, and as for the rest, we don’t expect to ever know what kind of entity is targeting our sites or why.
