OpenChain Web-App Under Coordinated Attack - Service Intermittent or Down - Data Safe - Assistance Welcomed


 

Dear all

We are under a coordinated automated attack against our self-certification web app. Over 57,000 false accounts were created in a matter of a few hours in an attempt to take down the system. Thanks to the quick thinking of Gary, the brunt of this attack has been mitigated. However, there are a few consequences:
(1) Access to the self-certification web app is disabled for non-registered users
(2) Our May quota of emails sent by the service for May has been used
(3) We are still digging into how to harden the service and ensure full return

If you can assist, that would be much appreciated. Gary is heading into vacation and will be offline until Mid-May. While we are calling in LF Technical to assist, a community member familiar with AWS would be of incredible use to us right now.

My apologies for the interruption. As Gary noted, the attack was planned out and beyond a typical “script kiddie” event. We have no idea why and we have yet to isolate and report the computer(s) involved. Once we do, they will be reported to law enforcement in the relevant jurisdiction.

Regards

Shane


Shane Coughlan
General Manager, OpenChain
e: scoughlan@linuxfoundation.org
p: +81 (0) 80 4035 8083
w: www.linuxfoundation.org

Schedule a call:
https://meetings.hubspot.com/scoughlan