Arch Linux continues to feel the force of a DDoS attack after two brutal weeks — attackers yet to be identified as project struggles to restore full service

News
By published

The motive for the attack has not yet been disclosed

A hacker holding Tux the Penguin
(Image credit: Pexels / OpenCLipArt)

The last two weeks have been hard for the Arch Project, which has been experiencing a DDoS (Distributed Denial of Service) attack, causing service outages for the popular Linux distribution as documented by Arch maintainer Cristian Heusel in a recent update.

Heusel's post states, "The Arch Linux Project is currently experiencing an ongoing denial of service attack that primarily impacts our main webpage, the Arch User Repository (AUR), and the Forums."

Arch Linux Service Status

(Image credit: Arch Linux)

Looking at this page right now, I can see that the website and AUR are taking the brunt of the attack. The August 22, 2025 update states that, "We are suffering from partial outages due DDoS attacks and try our best to keep the services accessible to all!"

Arch Linux forms the base for Valve's SteamOS, used on its Steam Deck. This exposure has significantly boosted Arch's popularity, particularly among intermediate and advanced Linux users who are moving away from distributions like Ubuntu / Fedora. Other Arch-based distros include EndeavourOS and Manjaro Linux (the latter powered this editor's Teclast T5 laptop for a long time).

Founded in 2002 by Judd Vinet, Arch Linux was inspired by the KISS principle (Keep It Simple, Stupid) and provided a base install from which users would build their own Linux experience. This differs from the typical "kitchen sink" approach that many distros offer.

Heusel ends the update with a token of thanks to the community.

"As a volunteer-driven project, we appreciate the community's patience as our DevOps team works to resolve these issues. Please bear with us, and thank you for all the support you have shown so far."

Les Pounder
Les Pounder

Les Pounder is an associate editor at Tom's Hardware. He is a creative technologist and for seven years has created projects to educate and inspire minds both young and old. He has worked with the Raspberry Pi Foundation to write and deliver their teacher training program "Picademy".

10 Comments Comment from the forums
  • DS426
    Some uber-disgruntled developer?
    Reply
  • coolitic
    What sort of bizarre or petty motivation could someone have to target an open-source project?
    Reply
  • bit_user
    coolitic said:
    What sort of bizarre or petty motivation could someone have to target an open-source project?
    Oh, it's not that uncommon. Some government gets upset about a project or package. Github has gotten hit with a great firehose, for hosting projects someone doesn't like, and I could believe there's some stuff on the Arch forums and in their User Repository that's drawn someone's ire.

    What sorts of projects could draw such a reaction? Maybe ones that contain some content that goes against an official narrative or perhaps VPN tools for circumventing certain firewalls. Might even be anonymizing technologies, of one sort or another.
    Reply
  • 93QSD5
    > Some things will never change

    Instead of attacking malicious actors — which, in today's political and economical climate, there are PLENTY of — people like this waste resources attacking common goods.

    They could go after McKinsley, BR, WH&FoxnFriends, literally any Fortune500 company, any entity on Panama Papers....instead they attack a FOSS repo.
    Reply
  • bit_user
    93QSD5 said:
    Instead of attacking malicious actors — which, in today's political and economical climate, there are PLENTY of — people like this waste resources attacking common goods.

    They could go after instead they attack a FOSS repo.
    First, who is "they"? Probably, "they" are not someone you'd regard as any better than the list of targets you mentioned. Why would you expect them to go after other random targets you'd like to see someone take down? They're quite likely doing this out of self-interest, not simply as a means of moral outrage.

    Secondly, not to diminish the effect of DDOS attacks, but they're mostly a nuisance, especially to the kind of well-resourced entities you listed. They're not an effective remedy to social ills, leaving aside the matter of any hacking or cybersecurity laws they might violate. The main way that DDOS can be effective is when going after small fries, like Arch, Internet Archive, Wikipedia, etc. In other words, they've become just another tool that big, well-resourced actors can use to work their agenda.
    Reply
  • USAFRet
    coolitic said:
    What sort of bizarre or petty motivation could someone have to target an open-source project?
    Reply
  • bit_user
    USAFRet said:
    "Some people just want to see the world burn."
    Sure, there are those with anarchist, nihilist, etc. ideologies. However, a sustained DDOS attack, like this, costs money. It certainly could be some deep-pocketed individual, but is more likely an organization with a specific grievance.

    I'd wager Arch actually knows more than they've publicly said about why they're being targeted. Revealing the objective of the attacker could create even more pressure on them to do something that goes against their values, hence why they've stayed mum.

    I was a little surprised not to see anything about this being reported by Phoronix. That doesn't necessarily mean anything, but it could mean Michael fears drawing the ire of whomever is behind this. One thing I did just notice is this bit of news, which seems to align roughly with the timing of the attack's initiation:
    Arch Linux AUR Packages For Firefox & Other Browsers Removed For Containing Malwarehttps://www.phoronix.com/news/Arch-Linux-Malicious-AURs(July 19th)
    Reply
  • 93QSD5
    bit_user said:
    First, who is "they"? Probably, "they" are not someone you'd regard as any better than the list of targets you mentioned.
    I'm not going to do the thinking for you.
    Either you didn't read the article, like at all or want to play dumb.
    Also, yes whatever group or individual is responsible is miles better than any politican and F500 company. I advise you to educate yourself on this matter properly.

    bit_user said:
    Why would you expect them to go after other random targets you'd like to see someone take down? They're quite likely doing this out of self-interest, not simply as a means of moral outrage.
    Oh....REALLY.....? Almost as if that's exactly what happened....

    bit_user said:
    Secondly, not to diminish the effect of DDOS attacks, but they're mostly a nuisance, especially to the kind of well-resourced entities you listed. They're not an effective remedy to social ills, leaving aside the matter of any hacking or cybersecurity laws they might violate. The main way that DDOS can be effective is when going after small fries, like Arch, Internet Archive, Wikipedia, etc. In other words, they've become just another tool that big, well-resourced actors can use to work their agenda.
    Again -> oh....REALLY? At no point was a wikipedia-like copy of what a ddos attack is necessary or relevant in reply to my comments. So now, I'm starting to question whether this is an LLM.

    Judging by the amount of news threads you reply to, you should seriously lower the amount of comments and increase the quality, because this is atrocious.
    Reply
  • bit_user
    93QSD5 said:
    I'm not going to do the thinking for you.
    Either you didn't read the article, like at all or want to play dumb.
    I did read the article. Just double-checked to make sure I didn't miss anything. I have no idea what you're getting at, but I don't appreciate the aspersions.

    93QSD5 said:
    Also, yes whatever group or individual is responsible is miles better than any politican and F500 company. I advise you to educate yourself on this matter properly.
    Um, no. I'm not invested in the matter, so I'm not about to go on a deep dive. If you have links to more information, I might check them out. Don't assume everyone is as interested in this as perhaps you are.

    93QSD5 said:
    So now, I'm starting to question whether this is an LLM.
    Again, if you keep throwing shade, this whole exchange is going to go downhill really fast.

    You have an opportunity to educate us, if you have any more details to share about this incident. If that's your goal, I'd say don't blow your opportunity.

    93QSD5 said:
    Judging by the amount of news threads you reply to, you should seriously lower the amount of comments and increase the quality, because this is atrocious.
    I put a lot of thought and effort into most of my posts. Most of the time, I know quite a bit about what I'm saying, though I clearly don't know everything. That's all I'm going to say about that.
    Reply
  • 93QSD5
    bit_user said:
    I did read the article. Just double-checked to make sure I didn't miss anything. I have no idea what you're getting at, but I don't appreciate the aspersions.


    Um, no. I'm not invested in the matter, so I'm not about to go on a deep dive. If you have links to more information, I might check them out. Don't assume everyone is as interested in this as perhaps you are.


    Again, if you keep throwing shade, this whole exchange is going to go downhill really fast.

    You have an opportunity to educate us, if you have any more details to share about this incident. If that's your goal, I'd say don't blow your opportunity.


    I put a lot of thought and effort into most of my posts. Most of the time, I know quite a bit about what I'm saying, though I clearly don't know everything. That's all I'm going to say about that.
    > Who is "they".
    Who could "they" mean in this context (a cyber security incident) ?

    >








    Reply