If you’re having trouble accessing the Ubuntu website, the Snap store or Launchpad then you’re not alone: Canonical’s websites are currently facing a “sustained, cross-border” attack.
The company says it is “working to address” the attack and will provide more details shortly. Websites and services have been affected since around 6PM (UK time) 30 April.
What is and isn’t affected right now
The Ubuntu APT repos are not offline, as they’re mirrored across multiple locations, countries and servers, although the main archive.ubuntu.com is offline (at the time of writing). It’s still possible to download OS ISO images too, due to distributed mirrors/repos.
The Ubuntu OS is also not compromised or affected directly.
Websites and services which are offline (at the time of writing) include any website hitched to the main Ubuntu website including lists.ubuntu.com, security.ubuntu.com, login.ubuntu.com, archive.ubuntu.com and keyserver.ubuntu.com:11371.
The Livepatch API is impacted, as is Landscape, the maas.io website, launchpad.net and Canonical’s own website along with some subdomain services (contracts.canonical.com, portal.canonical.com), but not all.
Canonical don’t call it a DDoS, but they do say it is ‘sustained’. That points some sort of volumetric onslaught intentionally affecting availability. The who, how and (importantly) why is unknown, but a hacktivist group has reportedly claimed responsibility1.
I figured something unusual was up last night, as snap commands I ran to grab the new Shotcut release from the Snap store to complete my April Linux App Release Roundup error’d out and the Snapcraft website wouldn’t load – neither has happened before.
You can monitor the status of the situation on status.canonical.com.
- Canonical has not confirmed this. ↩︎