The FSF SysOps team consists of two full-time tech team employees and a handful of dedicated volunteers. A large part of our work is running the software and physical servers that host websites and other services for GNU, FSF, and other free software projects, including virtual machines for the browser extension JShelter, the desktop environment and software collection KDE, and Sugar Labs, an organization that creates learning tools for children. We recently counted seventy different services, and have a dozen physical servers across two Boston-area data centers.
FSF Sysops团队由两名全职技术团队员工和少数敬业的志愿者组成。我们的很大一部分是运行用于GNU,FSF和其他免费软件项目的网站和其他服务的软件和物理服务器,包括用于浏览器扩展Jshelter的虚拟机,桌面环境和软件Collection KDE,以及Sugar Labs,该组织为儿童创建学习工具。我们最近计算了70种不同的服务,并在两个波士顿地区数据中心拥有十几个物理服务器。
Since we last wrote, much has happened, and while I'd love to talk about all of it, including the process of deploying four new servers to our data centers, I want to focus on the huge task of maintaining our services in the face of ongoing (and increasing) distributed denial of service (DDoS) attacks. A DDoS attack typically happens when attackers control thousands or millions of machines and get them all to send requests or other traffic to a target server. Then, the server gets overwhelmed with processing those requests and fails to respond to requests from legitimate users. A common way of defending against a DDoS attack, which we often use, is to figure out a way of identifying which IP addresses are sending requests as part of the DDoS, and then have the server ignore requests from those IP addresses.
自从我们上次写作以来,发生了很多事情,尽管我很想谈论所有内容,包括将四个新服务器部署到我们的数据中心的过程,但我想专注于面对持续(并增加)分布式拒绝服务(DDOS)攻击的艰巨任务。当攻击者控制数千或数百万台机器并让它们全部将请求或其他流量发送到目标服务器时,通常会发生DDOS攻击。然后,服务器对处理这些请求的处理不知所措,并且无法响应合法用户的请求。防御DDOS攻击的一种常见方法是我们经常使用的,是找出一种识别哪些IP地址作为DDOS的一部分发送请求的方法,然后让服务器忽略这些IP地址的请求。
Our infrastructure has been under attack since August 2024.
自2024年8月以来,我们的基础设施一直受到攻击。
Our infrastructure has been under attack since August 2024. Large Language Model (LLM) web crawlers have been a significant source of the attacks, and as for the rest, we don't expect to ever know what kind of entity is targeting our sites or why.
自2024年8月以来,我们的基础架构一直受到攻击。大型语言模型(LLM)网络爬网一直是攻击的重要来源,就其余的而言,我们不希望知道什么样的实体针对我们的网站或原因。
In the fall Bulletin, we wrote about the August attack on gnu.org. That attack continues, but we have mitigated it. Judging from the pattern and scope, the goal was likely to take the site down and it was not an LLM crawler. We do not know who or what is behind the attack, but since then, we have had more attacks with even higher severity.
在秋季公告中,我们写了关于八月在gnu.org上的袭击。这种攻击仍在继续,但我们已经减轻了攻击。从模式和范围来看,目标很可能会使该站点降低,这不是LLM轨道。我们不知道攻击背后是谁或什么,但是从那以后,我们的攻击程度更高,严重程度更高。
To begin with, GNU Savannah, the FSF's collaborative software development system, was hit by a massive botnet controlling about five million IPs starting in January. As of this writing, the attack is still ongoing, but the botnet's current iteration is mitigated. The goal is likely to build an LLM training dataset. We do not know who or what is behind this.
首先,FSF的协作软件开发系统GNU Savannah受到一家巨大的僵尸网络的袭击,该僵尸网络从一月份开始控制约500万IP。截至撰写本文时,攻击仍在进行中,但是僵尸网络的当前迭代得到了减轻。目标可能是建立LLM培训数据集。我们不知道这背后是谁或什么。
Furthermore, gnu.org and ftp.gnu.org were targets in a new DDoS attack starting on May 27, 2025. Its goal seems to be to take the site down. It is currently mitigated. It has had several iterations, and each has caused some hours of downtime while we figured out how to defend ourselves against it. Here again, the goal was likely to take our sites down and we do not know who or what is behind this.
此外,GNU.org和ftp.gnu.org是从2025年5月27日开始的新DDOS攻击中的目标。其目标似乎是将站点降低。目前正在减轻它。它已经进行了几次迭代,每个迭代都造成了几个小时的停机时间,而我们弄清楚了如何捍卫自己。再次在这里,目标很可能会将我们的网站降低,我们不知道这背后是谁或什么。
In addition, directory.fsf.org, the server behind the Free Software Directory, has been under attack since June 18. This likely is an LLM scraper designed to specifically target Media Wiki sites with a botnet. This attack is very active and now partially mitigated.
此外,自由软件目录背后的服务器Directory.fsf.org自6月18日以来一直受到攻击。这可能是一个LLM Scraper,旨在专门针对具有僵尸网络的媒体Wiki网站。这次攻击非常活跃,现在部分缓解了。
As we developed programs to identify IP addresses belonging to the botnet, they sometimes misidentified legitimate user's IP addresses. We've removed them from the list of DDoS IP addresses and improved our defenses to be more precise. If you do not have access to gnu.org right now, please send us an email at sysadmin@fsf.org with your IP address and we will look into it. If you are having trouble with a VPN (virtual private network), try switching exit nodes and skip writing us -- we know our attackers use VPNs, which leads us to block the ones they are using.
当我们开发程序来识别属于僵尸网络的IP地址时,他们有时会误导合法用户的IP地址。我们已将它们从DDOS IP地址列表中删除,并改进了我们的防御能力。如果您现在无法访问gnu.org,请通过您的IP地址向我们发送电子邮件至sysadmin@fsf.org,我们将研究它。如果您在VPN(虚拟专用网络)方面遇到麻烦,请尝试切换出口节点并跳过写作 - 我们知道我们的攻击者使用VPN,这会导致我们阻止他们使用的vpn。
More recently, automated software build systems have become an issue for us. These usually go by the non-obvious term CI/CD, which stands for"continuous integration or continuous deployment." They send automated requests to check for new code on Savannah in order to rebuild their software. They often send far more requests than is necessary, which looks and acts like a DDoS attack even though it is not intended to be. The CI/CD tooling does not typically have contact information labeling their traffic, so we do not have a way to contact them if there is a problem outside of banning their addresses or sending abuse reports if we can find a place to send them. We had to block some of these IP addresses, which often prompts them to search for better ways to accomplish the same goals.
最近,自动化软件构建系统已成为我们的问题。这些通常由非明显术语CI/CD进行,该术语代表“连续集成或连续部署”。他们发送自动请求以检查萨凡纳(Savannah)上的新代码,以重建其软件。他们通常发送的请求远远超过必要的要求,即使不是打算,它看起来和表现都像DDOS攻击。CI/CD工具通常没有联系信息标记其流量的信息,因此,如果在禁止其地址或发送滥用报告的问题之外存在问题,我们将无法与他们联系。我们必须阻止其中一些IP地址,这通常会促使他们寻找更好的方法来实现相同的目标。
On top of all of that, we have our run-of-the-mill standard crawlers, SEO (search engine optimization) crawlers, crawlers pretending to be normal users, crawlers pretending to be other crawlers, uptime systems, vulnerability scanners, carrier-grade network address translation, VPNs, and normal browsers hitting our sites. It is taxing for our sites and for our team of staff and volunteers, since we have to figure out a specific defense approach for each attack. Some of the abuse is not unique to us, and it seems that the health of the web has some serious problems right now.
最重要的是,我们拥有普通的标准爬行者,SEO(搜索引擎优化)爬行者,假装是普通用户的爬行者,假装是其他爬行者的爬行者,正常运行时间系统,脆弱性扫描仪,载体网络地址转换,VPN,VPN和普通浏览器击中我们的网站。它为我们的网站和我们的员工和志愿者团队征税,因为我们必须为每次攻击找出一种特定的防御方法。其中一些虐待并不是我们所独有的,现在网络的健康目前存在一些严重的问题。
When you visit a website, it might send your browser one or more JavaScript programs. These JavaScript programs are usually proprietary. We explain this more in"The JavaScript Trap." If a website sends you a free JavaScript program, you can develop a modified version, share that with other people so they can benefit, and you can configure your browser to run your modified version instead of what the website sends. But some JavaScript programs are malware, which do things like spy on you, and the only modification any user would want is to stop it from ever running.
当您访问网站时,它可能会发送浏览器一个或多个JavaScript程序。这些JavaScript程序通常是专有的。我们在“ JavaScript陷阱”中更多地解释了这一点。如果网站向您发送免费的JavaScript程序,则可以开发一个修改版本,请与其他人共享,以便他们受益,并且您可以配置浏览器以运行修改版本而不是网站发送的版本。但是,有些JavaScript程序是恶意软件,它可以在您身上进行间谍之类的事情,而用户想要的唯一修改就是阻止其运行。
Some web developers have started integrating a program called Anubis to decrease the amount of requests that automated systems send and therefore help the website avoid being DDoSed. The problem is that Anubis makes the website send out a free JavaScript program that acts like malware. A website using Anubis will respond to a request for a webpage with a free JavaScript program and not the page that was requested. If you run the JavaScript program sent through Anubis, it will do some useless computations on random numbers and keep one CPU entirely busy. It could take less than a second or over a minute. When it is done, it sends the computation results back to the website. The website will verify that the useless computation was done by looking at the results and only then give access to the originally requested page.
一些Web开发人员已经开始集成一个名为Anubis的程序,以减少自动化系统发送的请求量,从而帮助该网站避免被付诸实践。问题是Anubis使网站发送了一个免费的JavaScript程序,该程序像恶意软件一样。使用Anubis的网站将响应使用免费JavaScript程序的网页请求,而不是请求的页面。如果您运行通过Anubis发送的JavaScript程序,它将对随机数进行一些无用的计算,并使一个CPU完全忙碌。可能需要不到一秒钟或一分钟的时间。完成后,它将计算结果发送回网站。该网站将通过查看结果来验证无用的计算是否完成,然后才能访问最初请求的页面。
At the FSF, we do not support this scheme because it conflicts with the principles of software freedom. The Anubis JavaScript program's calculations are the same kind of calculations done by crypto-currency mining programs. A program which does calculations that a user does not want done is a form of malware. Proprietary software is often malware, and people often run it not because they want to, but because they have been pressured into it. If we made our website use Anubis, we would be pressuring users into running malware. Even though it is free software, it is part of a scheme that is far too similar to proprietary software to be acceptable. We want users to control their own computing and to have autonomy, independence, and freedom. With your support, we can continue to put these principles into practice.
在FSF上,我们不支持此计划,因为它与软件自由的原则冲突。Anubis JavaScript程序的计算与加密货币挖掘程序完成的计算相同。用户不想完成的计算的程序是恶意软件的一种形式。专有软件通常是恶意软件,人们经常运行它不是因为他们愿意,而是因为他们被迫陷入困境。如果我们使网站使用Anubis,我们将向用户施加压力运行恶意软件。即使它是免费的软件,它也是该计划的一部分,该计划与专有软件太相似,无法接受。我们希望用户控制自己的计算,并拥有自治,独立性和自由。在您的支持下,我们可以继续将这些原则付诸实践。
Even though we are under active attack, gnu.org, ftp.gnu.org, and savannah.gnu.org are up with normal response times at the moment, and have been for the majority of this week, largely thanks to hard work from the Savannah hackers Bob, Corwin, and Luke who've helped us, your sysadmins. We've shielded these sites for almost a full year of intense attacks now, and we'll keep on fighting these attacks for as long as they continue.
即使我们受到了积极的攻击,gnu.org,ftp.gnu.org和savannah.gnu.org目前正处于正常的响应时间,并且本周大部分时间都在大部分时间,这在很大程度上要归功于Savannah Hackers Bob,Corwin,Corwin,Corwin和Luke,他帮助了您的Sysadmins,我们的Sysadmins。现在,我们已经屏蔽了这些站点将近一年的激烈攻击,只要它们继续前进,我们就会继续对这些攻击进行战斗。
Our full-time FSF tech staff is just two systems administrators, and we currently lack the funds to hire more tech staff any time soon. I know many of the readers support the free software movement in a variety of ways which we appreciate greatly, but in order to improve our staffing situation we need more associate members.
我们的专职FSF技术人员只是两个系统管理员,目前我们缺乏很快雇用更多技术人员的资金。我知道许多读者都以多种方式支持自由软件运动,我们非常感谢,但是为了改善我们的人员配置状况,我们需要更多的合伙人。
Can you join us in our crucial work to guard user freedom and defy dystopia? Become an associate member today! Every associate member counts, and every new member will help us reach our fundraising goal of 200 new members. By supporting us today, you help defy the dystopia Big Tech is trying to bring on us.
您可以加入我们的关键工作,以捍卫用户自由和抗拒反乌托邦吗?今天成为同学!每个合伙人都很重要,每个新成员都将帮助我们实现200名新成员的筹款目标。通过今天支持我们,您可以帮助反抗反乌托邦Big Tech试图带给我们。
We know not everyone is in a position to donate $140 USD or more, which is why we also offer the Friends membership at $35 USD that comes with a few less benefits. In addition, you can now apply to receive a sponsored FSF membership.
我们知道,并非每个人都可以捐赠140美元或以上的价格,这就是为什么我们还以35美元的价格向朋友会员资格提供较少收益的原因。此外,您现在可以申请获得赞助的FSF会员资格。
Thank you for supporting the tech team!
感谢您支持科技团队!
"DDoS keyboard button" © 2025 by Arielinson. This image is licensed under a Creative Commons Attribution 4.0 International license.
“ DDOS键盘按钮”©2025 Arielinson。此图像是根据创意共享归因4.0国际许可证获得许可的。
