China's national firewall hijacks JavaScript to DDoS GitHub - Slashdot

Want to read Slashdot from your mobile device? Point it at m.slashdot.org and keep reading!

×

Submission + - China's national firewall hijacks JavaScript to DDoS GitHub (solidot.org) 3

Submitted by wzyboy on Friday March 27, 2015 @01:37AM

wzyboy writes: Twitter user @yegle discovers that HTTP requests to a certain JavaScript is being hijacked to some attack code, which will make reqeusts to GitHub. Since the JavaScript is used on many Chinese websites, GitHub is in fact being DDoSed. This trick is discovered by users when GitHub starts to return alert("WARNING: malicious javascript detected on this domain") in response to these DDoS requests. This will pop up a alert dialog with English text on those Chinese websites.

This discussion was created for logged-in users only, but now has been archived. No new comments can be posted.

China's national firewall hijacks JavaScript to DDoS GitHub

Load All Comments

Search 3 Comments Log In/Create an Account

Comments Filter:

Just adding a few facts. (Score:2)

by Nekoworkshop ( 4053625 ) writes:

1) The hijack is targeting traffic originating outside China which means people living in China will not see the hijacked js file.
2) So far it seems that it's targeting mainly traffic originating from Google's servers which is where many Chinese people deploy their proxy servers to circumvent sensorship. In my case I can see the modified js file if I turn on Data Saver ( an extension that will fetch webpages from Google's servers in order to speed up browsing and save bandwidth) in Chrome but if I access

There may be more comments in this discussion. Without JavaScript enabled, you might want to turn on Classic Discussion System in your preferences instead.

The price one pays for pursuing any profession, or calling, is an intimate knowledge of its ugly side. -- James Baldwin