June 30, 2023

The GMP project, an open-source math library at the heart of GCC and other programs experienced a surge in traffic from Microsoft-affiliated websites. The attack, which originated in a GitHub Actions Workflow, directly targeted the GMP repository, flooding it with many identical requests designed to overload the system and shut down the GMP servers.

The workflow in question has been cloned over 700 times and was set up to run parallel concurrent tests on a variety of computer architectures. While the action did not appear to be malicious, it put a significant strain on the GMP servers, which were not designed to manage such a large level of traffic.

Torbjörn Granlund, the project’s main creator, informed the project’s email list about the problem and expressed worry about the servers receiving a large number of inquiries from Microsoft-owned IP addresses. He went on to say It is unknown if this was done on purpose, by accident, or by one of Microsoft’s cloud users.

In response to the assault, the GMP team blocked all IP addresses affiliated with Microsoft. The attack, however, lasted for several days, even after the process was changed to spread out the build schedules.

After creating a firewall that covered all Microsoft network ranges, the GMP team was finally able to restore full availability. They admitted that they were not the first project to take such safeguards against GitHub, and they recommended other projects to take similar precautions.

The sources for this piece include an article in TheRegister.