Canonical Ubuntu being targeted by a DDoS attack
Posted by onechroma@reddit | linux | View on Reddit | 56 comments
Canonical has been reporting multiple sites being down in their Component "Ubuntu Security API - CVEs" and a few other components are Down status page. This includes:
Now, Vecert Analyzer says on X:
Grandfunk14@reddit
People still mad over that Unity thing I guess...dude the war is over.
hkmaly@reddit
Yeah, people should move on ... to Devuan.
NobleDiceDream@reddit
I always wonder what’s the goal of these DDoS attacks. Is it for instance to slow down distribution of patches so there’s more time for an attack on a specific target?
the_german_flag@reddit
pretty sure they want to deny servers running unattended-upgrades to auto-patch the "Copy-Fail" kernel vulnerability (CVE-2026-31431). Why ubuntu no idea...
DoubleOwl7777@reddit
would make sense given the copy.fail exploit situation
CodeSpoof@reddit
I agree, but I wonder how that'd be supposed to work, since the repo servers have been up the whole time. I did the upgrade of kmod before I even heard of the DDoS attack.
nooone2021@reddit
I have also been able to upgrade slightly slower than usual.
However, I decided to upgrade to 26.04, and that does not work at all. At leas for me.
Jethro_Tell@reddit
Sometimes it's just to keep people busy and doing other things. A DDoS can be an extremely painful thing to deal with, and depending on your setup, expensive.
So you can get all the sysadmins working on stopping one thing while you exploit another. Just because the repo servers are up doesn't mean all the internal servers are patched.
bj0urne@reddit
They want to annoy Canonical and their users enough to make them pay them money to go away.
boar-b-que@reddit
Whenever I hear about a nonsensical attack like this, I assume that it's one of 3 things:
While Mark S. is a bit... well, Mark S., I can't think of anything he's immediately done to piss off Islamic extremists. I'm assuming that it's options b or c there.
Business_Reindeer910@reddit
or D): well known enough that attacking them generates headlines like this
RedDeadElite@reddit
Literal cyber-terrorism in "support" of the Iranian government.
snail1132@reddit
Aren't they Iraqi?
RedDeadElite@reddit
They're backed by Iran.
https://en.wikipedia.org/wiki/Islamic_Resistance_in_Iraq
Business_Reindeer910@reddit
that's the point. now everybody is talking about them.
accelerating_@reddit
Iraq. But also they can claim to be anything at all.
My money is on trying to stop kernel updates to patch the recent vulnerability.
Actual__Wizard@reddit
No idea, but them attacking an open source software company makes no sense what so ever.
MrC00KI3@reddit
I mean Microsoft said they want their fans to come back, so they did kind of give a warning beforehand. /s
emmfranklin@reddit
Just guess who would it benefit
longdarkfantasy@reddit
They demo to their customers about how good their ddos service is.
Arxijos@reddit
Since ca. 10h W: Failed to fetch https://security.ubuntu.com/ubuntu/dists/noble-security/InRelease Could not resolve 'security.ubuntu.com'
davidxia@reddit
down again https://status.canonical.com/#/incident/KNms6QK9ewuzz-7xUsPsNylV20jEt5kyKsd8A-3ptQHaSsvbmm5Cy_grgC1BuSAmpabiiPVzo13-J6rlj0TbSQ==
delboy85341@reddit
I just checked status.canonical.com and it says ppa.launchpad.net works, but doesn't mention ppa.launchpadcontent.net which is still down. Why do they not mention it?
akp55@reddit
man these clowns still at it. *sigh*. so much for getting shit done today.
Rich_Dust8205@reddit
Fuckk
OGMYT@reddit
Incidents like this highlight the importance of decentralized, self-hosted infrastructure. For those running critical systems, mirroring key repos locally via apt-cacher-ng or setting up private rsync mirrors for security.ubuntu.com can maintain operations during outages. WeSearch is a solid option if you're building a custom feed aggregator—runs on commodity hardware, pulls from upstream CVEs and security lists directly. Not a fix for Canonical's immediate problem, but part of a broader resilience strategy for shops that need uptime when central services go dark.
Novel_Shop_7530@reddit
using chatgpt to write a comment
Iamauniqueuser@reddit
Maybe. Still a good point about rsync mirrors and apt-cacher though.
Rob4226@reddit
Are there any mirrors for PPAs
https://ppa.launchpadcontent.net?vilejor@reddit
The AUR recently suffered a DDOS attack as well.
Did the r/linuxsucks101 goblins get their hands on a bot net or something?
snail1132@reddit
You vastly overestimate their ability to do anything outside of scream into the void
vilejor@reddit
They're very competent, dangerous people.
PocketStationMonk@reddit
What are you, their marketing manager?
vilejor@reddit
They banned me from their sub :c
PocketStationMonk@reddit
I'm sure there is a support group somewhere for everyone who got banned there
Mama_iii@reddit
r/linuxsucks101sucks
OutsideChampion4637@reddit
Damn there's a subreddit for everything it seems
vilejor@reddit
Have you ever seen that sub?
Frankly, they're the ones that need the support group.
Jethro_Tell@reddit
The need a package manager more.
gigantipad@reddit
I was going to say, that would likely involve learning linux. :D
OutsideChampion4637@reddit
They can't even open a browser on linux without somehow deleting they're boot partition
MelodicMidnight369@reddit
I bet its the CIA / FBI really. May be microsoft are behind these attacks...
snarfvsmaximvs@reddit
For those that think you're serious: No. WSL is the one thing that makes Windows a somewhat tolerable development environment. Also Github (microsoft) depends heavily on Ubuntu runners.
Seerix@reddit
I cant tell if they are serious over there or not.
ClickLeafChick@reddit
I genuinely do not understand the motive here. Googled for any possible connection between Mark Shuttleworth and Israel; found none.
What the hell is going on here?
spicypsudo@reddit
The motive is that they are trying to disrupt supply chains to hinder funding to war in the middle east. Canonical being the largest Linux distribution, they use them as a target to disrupt as many systems as possible.
I think it is a dumb way to do it by going after FOSS for that, but in their mind that is why they are doing this. Canonical will likely not be their only target.
_dot_tea@reddit
The incident was marked as resolved, yet once again canonical.com and PPA Launchpad are down, and status page is still not functional apart from that one page which still says it's resolved.
onechroma@reddit (OP)
Yep, it seems the attackers stopped, everything came back, and now they are attacking again
Normal_Usual7367@reddit
Terrorists
okay_gray@reddit
Any reliable places to get Ubuntu Desktop 26.04 with the website down. Literally marked off my weekend to make the switch since I'm so sick of WSL.
JockstrapCummies@reddit
Torrents to the rescue!
Desktop ISO magnet link: magnet:?xt=urn:btih:dafc8c076ca2f3ed376eeae7c76a0d6be2415c45&dn=ubuntu-26.04-desktop-amd64.iso&xl=6518974464&tr=https%3A%2F%2Ftorrent.ubuntu.com%2Fannounce&tr=https%3A%2F%2Fipv6.torrent.ubuntu.com%2Fannounce
Server ISO magnet link: magnet:?xt=urn:btih:e1fc140a6391357fa1cf08ddb70274f9c05eb88b&dn=ubuntu-26.04-live-server-amd64.iso&xl=2918598656&tr=https%3A%2F%2Ftorrent.ubuntu.com%2Fannounce&tr=https%3A%2F%2Fipv6.torrent.ubuntu.com%2Fannounce
Cherlynne_NOT-Selina@reddit
Same... I just wanted to switch over to ubuntu server from ubuntu desktop and then we have this
okay_gray@reddit
Hey see my edit
DerlisGs@reddit
ya van 7 horas y sigue caido, no entiendo por que razon atacan a linux? (ubuntu) maicrosoft?
killersteak@reddit
'The Ubuntu: Manjaro flavor has claimed responsibility' Tch, those guys.
Userwerd@reddit
Go bother Microsoft, what the hell did Mark do to Iraq?