For more than a week, the Arch Linux Project’s maintainers have been responding to a sustained distributed denial-of-service (DDoS) attack that impacted most of the project’s resources.
The project’s maintainers first confirmed that the outage was caused by a DDoS attack on August 16, noting that the Arch User Repository (AUR), the Arch Linux main webpage, and the forums were down.
“As you might be aware some of our services (AUR, Forums, main website) are currently affected by a DDoS attack. We are aware of the issue and are actively working on mitigation efforts,” the maintainers said.
“We are aware of the problems that this creates for our end users and will continue to actively work with our hosting provider to mitigate the attack. We are also evaluating DDoS protection providers while carefully considering factors including cost, security, and ethical standards,” they said in an update last week.
The services have been gradually restored over the weekend, as reflected on the project’s status page. Currently, the user repository and the forums are fully operational, while the website continues to be affected, albeit it is accessible.
“We are suffering from partial outages due DDoS attacks […]. Some services may wrongly be displayed as ‘Down’ due to some of the mitigation tactics. See our announcement for a more detailed update on the situation,” the page reads.
The incident also impacted package mirrors, as the mirror list endpoint that some tools rely on is also hosted on the website, and the maintainers directed users to switch to mirrors listed in the pacman-mirrorlist package.
For installation images downloaded from mirrors, the maintainers recommend that users perform integrity and signature checks.
The Arch Linux Project did not share technical details on the attack, such as origin and response tactics, citing the ongoing efforts to mitigate it.
Related: RapperBot Botnet Disrupted, American Administrator Indicted
Related: ‘MadeYouReset’ HTTP2 Vulnerability Enables Massive DDoS Attacks
Related: DDoS Attacks Blocked by Cloudflare in 2025 Already Surpass 2024 Total
Related: Record-Breaking 7.3 Tbps DDoS Attack Targets Hosting Provider
