The least impolite thing I can say about these hackers is that they are complete and total scumbags.
Pro-Iran crew turns DDoS into shakedown as Ubuntu.com stays down
Canonical says its web infrastructure is under attack after a pro-Iran hacktivist group instructed its members to target the open source giant. "I can confirm that Canonical's web infrastructure is under a sustained, cross-border Distributed Denial of Service (DDoS) attack" a Canonical spokesperson told The Register. "Our …
-
-
-
-
-
-
-
-
This post has been deleted by its author
-
-
-
-
-
-
Monday 4th May 2026 17:10 GMT bombastic bob
they just rage against everyone
Their only goal is to elevate their own relevance by terrorizing as many people as possible, whether or not it is related to the USA and Department of War and the Trump administration.
They're like babies who throw food because they didn't get what they wanted.
I have been personally seeing a lot of traffic from Brazil and Uraguay, and complaint e-mails sent to those ISPs all bounce. Basically it's the entire netblock from those countries listed in my firewall block list. These IP addresses were sending SYN floods to port 443 and the only fix was to block the IP addresses from which they came. I also tightened up my DNS a bit 'cause they were trying to DDoS that via recursive requests (default FreeBSD config did not disallow this) so i fixed the config to stop THAT.
This activity was occasional up until the attack on Iran, after which it increased a LOT. And I don't even have a high traffic site, just a locally hosted web page with my own domain that's on a fixed IP for testing and prototyping things, but I noticed the disruption whenever their DDoS's ran.
Grok analysis was that it was likely a "test run" or series of them, mostly irritating [like making certain web sites or e-mail go slow] and revealed that servers in Brazil are known to be used for "penetration testing" like that.
-
-
-
-
-
-
Saturday 2nd May 2026 10:07 GMT mickaroo
Re: disturbing timing
Now up to 29 downvotes at the time of reading. Rock on...
And the answer to your question is... No, the majority of Linux USERS have never built a kernel and will never need to. They're USERS, not DEVELOPERS.
And yes, I use Linux. And yes, I built a kernel from sources once. It was lengthy, confusing, and certainly not easy for a novice. But it did boot.
-
Saturday 2nd May 2026 18:02 GMT That Badger
Re: disturbing timing
Compiling a kernel doesn't make you a developer. It really isn't that diffcult either.
There's no reason why a self-compiled kernel wouldn't boot, unless you unchecked essential drivers for some inexplicable reason.
I'm getting really disappointed at where this site is going, seems like the herd-mentality of "oh, it's been downvoted once, i must downvote too, even though i have no idea why i'm doing it" is infecting it.
Don't let this become another reddit.
-
Monday 4th May 2026 11:37 GMT David Hicklin
Re: disturbing timing
> No, the majority of Linux USERS have never built a kernel and will never need to
I am in that band, been in IT for 30+ years, seen and done most of it - and quite capable of compiling a program or whatever.
And also a recent migrant from windows 10 (for me it IS the last windows ever) to Mint - and I want an OS that *just works* and Mint ticks all the boxes just nicely.
Sure the hardcore geeks can go and get the latest kernel and compile it but the general public have no knowledge of how to do this - nor should they need to especially if we are going to get them off Windows and onto linux , after all do people recompile Windows every time it goes wrong ? (ignoring that you can't get the Windows source files !)
-
-
Sunday 3rd May 2026 01:14 GMT doublelayer
Re: disturbing timing
One problem with your comment is that some of us have been getting others onto Linux or suggesting that governments or companies do. The more people do that, the lower the percentage of Linux users who know how or why to compile a kernel will be. If you want Linux to only be for the IT types, your comment makes more sense, but most of us disagree with you. If you don't want that, then you're overestimating how common that knowledge is.
But let's take my example, since I can and have compiled kernels before. It's not that hard, but in order to drop in a replacement, I need to be careful about which version and which features get configured into it so they match the rest of the config, a config I intentionally chose not to create because the distro creators' one is fine. Can I do that? Sure. Is it as simple as grabbing the sources and running the build? No, I have to do plenty more work. You've interpreted opposition to your comment as people being unable to do what you recommend. Sometimes, people have reasons for not doing something or doing it but not wanting to other than incapability.
-
Sunday 3rd May 2026 11:21 GMT That Badger
Re: disturbing timing
This was my solution to the problem of people wanting to fix a problem right at that moment instead of waiting a bit until the respository was accessible again (or using the mitigations avaiable by doing a quick google search). Apparently this was some kind of sin that "needed" downvoting.
-
-
-
-
This post has been deleted by its author
-
-
-
-
Sunday 3rd May 2026 20:28 GMT DoctorNine
Re: disturbing timing
Well, when the attack hit, I was updating one of my machines, and thought for a moment it was simply the internet connection. Then I queried the connection and found the problem. So instead, I just cleaned files and went to bed. By the time I woke up, it was fine.
However, I would like to point out to any IRGC apologists out there, that such indiscriminate flailing about simply makes more people hate the regime. Shooting ballistic missiles at your neighbors and targeting tech repositories might make enemies of people who were either neutral or sympathetic to your cause. Simply, it is a bad plan.
-
-
-
-
-
Friday 1st May 2026 23:33 GMT Benegesserict Cumbersomberbatch
Unfortunately, no one is talking sense.
A US administration lacks the skills, intelligence or courage to end the war it started. It attacked Iran without a casus belli. That country feels obliged to make the whole world share as much of its pain as possible.
Every other country in the world is now in a zero sum game of Whom Do We Loathe More?
-
-
Friday 1st May 2026 15:13 GMT Not Yb
Re: I'm confused why...
That's what I'm thinking as well. Any target company running Ubuntu on their devices is probably ALSO under attack right now via unpatched vulns. While the patch mirrors are probably still up, since there's more than just a few of those, the instructions for patching out the attacked vulnerability aren't available.
Luckily the instructions are (as usual) "update to latest security release using known good mirrors".
-
Friday 1st May 2026 15:41 GMT Liam Proven
Re: I'm confused why...
> registered in the UK
Excuuuuuuuse me.
Canonical Ltd
1 Circular Road
Douglas, Isle Of Man
IM1 1AF
Not in the UK at all. About 100km across the sea from the nearest bits of the UK, in fact.
Although on a clear day, from here in the office of the Irish Sea wing of Vulture Towers -- 600 metres from the official Canonical address -- I can see the hilltops of the Lake District.
Today is _not_ a clear day.
-
Saturday 2nd May 2026 01:04 GMT IGotOut
Re: I'm confused why...
Depends on which variant you look at
Wikipedia has London as their registered headquarters, as do most other sites.
Then you have:
Correspondence Address for all companies:
Canonical Group Limited,
3 More London Riverside
London
SE1 2AQ
United Kingdom
Canonical Group Limited
5 New Street Square,
London EC4A 3TW,
United Kingdom
Canonical UK Limited
5 New Street Square,
London EC4A 3TW,
United Kingdom
https://canonical.com/legal/companies
Then you have.
Company Information
Company Number 06870835
Company Name CANONICAL GROUP LIMITED
Address 5 New Street Square
5 New Street Square
London
EC4A 3TW
ENGLAND
Company Category Private Limited Company
Company Status Active
Origin Country United Kingdom
Incorporation Date 2009-04-06
-
Sunday 3rd May 2026 16:06 GMT Anonymous Coward
Re: I'm confused why...
Canonical has registered entities in the Isle of Man. Canonical Limited and Canonical Services Limited are registered at 2nd Floor, Clarendon House, Victoria Street, Douglas, IM1 2LN. However... The company is globally distributed, with its primary base in London and other offices in cities like Austin, Boston, Shanghai, and Tokyo. Notably, CANONICAL GROUP LIMITED -- Company number 06870835, registered office address 5 New Street Square, 5 New Street Square, London, England, EC4A 3TW, and listed as currently active with the next account statement due Sep 2026 ;)
PS Canonical Group Limited is the primary operating company and the main entity listed for legal and commercial agreements within the Canonical corporate structure
No way would I post that other than as an AC
-
-
-
Friday 1st May 2026 15:00 GMT doublelayer
Re: Would it not be a plan to have spare domains?
It wouldn't make a difference. They're not attacking resolution of a domain. They're attacking the multiple servers serving that domain, including some targeted subdomains. The solution is more servers, and you could easily have those serving one domain anyway, but more servers is expensive and Canonical wants to be efficient.
-
Friday 1st May 2026 23:58 GMT Tron
Re: Would it not be a plan to have spare domains?
I was talking loosely. Having the basic files that people need to access whilst the primary servers are under attack, on other servers, with a different domain, set up at speed or ready, to go live when required. You can program the alt locations into the OS, to switch to in an emergency as a Plan B that is not otherwise advertised. Or the major Linux distros could offer server space to each other for incidents like this. Is it such a bad idea that you all jump in with downvotes. The idea that the internet just routes around stuff has to die. We are being censored by governments and attacked by malign hackers. Everything digital needs a Plan B, because everything digital will fall over sooner or later.
-
Saturday 2nd May 2026 07:50 GMT MONK_DUCK
Re: Would it not be a plan to have spare domains?
In theory, however the attackers would just attack both instead. Now you could suggest you have twice as many servers and dpuble the bandwidth available for such an eventuality, but that would be extremely expensive and may not even resolve the issue.
-
Saturday 2nd May 2026 15:41 GMT doublelayer
Re: Would it not be a plan to have spare domains?
"I was talking loosely."
Were you really? Because if that's actually what you were doing, this might be a useful lesson in talking specifically enough that you don't appear to be talking about something else plausible but completely different. I did not downvote either of your comments, but don't be surprised when people interpret "spare domain" as another domain and explain why that wouldn't work.
And, unless you're still talking loosely and mean something other than what you say, it still wouldn't help. There are a few ways to do that, most of which they already did. Backup servers on a backup domain would be easily located, requiring a one-line change to their attack software. Since it's in a public operating system, they could easily find it before starting so they didn't even have to do that. There would be no improvement other than the extra servers, and since you could just have taken some of the ones being attacked and moved them to your backup system, you wouldn't even need those. That would be very easy to build but very ineffective.
The next suggestion is lending space to others. They've got that, it's called mirrors. There are a lot of those. That's one reason the archives weren't down very long compared to the rest of the systems, because it was easier for people to take load off them by switching to mirrors outside the usual ones used and because Ubuntu already distributes load across quite a few of them.
-
-
-
-
Friday 1st May 2026 14:45 GMT Nate Amsden
archive was down
Unsure for how long but for me at least a couple of hours yesterday, I was assuming due to lots of folks trying to patch the kernel bug. It stabilized eventually well enough to get my aptly mirror to fully sync. Stumbled upon the Ubuntu status page and saw all the red, last I noticed last night they had 16 sites in major outage still.
During the 2 or 3 hours I noticed it, aptly was saying timeout for http headers, manually testing showed it taking about 30 seconds to process a request.
Another similar situation a few months back again a kernel package thing, though in that case I think it was just somehow that one package, which was a huge file was timing out for hours.
-
-
-
-
Saturday 2nd May 2026 15:46 GMT doublelayer
DDoS attackers usually have access, either what they built or something they bought*, to a bunch of machines that aren't theirs. Otherwise, attacks are too easy to defend against. It's probably not even mostly coming from Iraq.
* The most common is buying the access from people smarter than them because most people who use DDoS attacks are pretty stupid as online attackers go. The attacks aren't very effective and burn lots of resources, so they're frequently run by people who don't have the skill to do anything else, and that often includes building the botnets needed to run the attack in the first place.
-
-
-
-
Saturday 2nd May 2026 02:07 GMT Anonymous Coward
Re: why
It's really cool and clever how people like you manage to cram your political obsessions into every single discussion, no matter how unrelated.
Whether it's "hur hur thanks Obama" or "hur hur orange man bad", it's witty, sharp, original, and creative; it'll certainly win hearts & minds and converts to your side. Give yourself a pat on the back, why not.
-
Saturday 2nd May 2026 05:44 GMT Anonymous Coward
Re: why
Does the emphasis on orange colour reflect racism towards Scottish people and people of Scottish descent?
Off topic in a different way, in times of war I think paying ransoms to fund the bad guys might be less legal than usual.
To me Ubuntu is a target of low enough value that trading a little downtime in exchange for identifying a huge number of infected computers and fixing them would be a net gain. To make it fair, maybe install Ubuntu as the fix.
-
-
Saturday 2nd May 2026 16:19 GMT Not Yb
Re: why
There was a recent news report about some of the so-called "ransomware experts" actually working for a ransomware gang. Just in case we really needed another reason not to pay ransoms for data.
-
Saturday 2nd May 2026 22:19 GMT Anonymous Coward
Re: why
> Paying ransoms is always the wrong thing to do
Yup, that's right up there with "we never negotiate with terrorists". :-)
FYI:
- We (governments / corporations) *always* pay ransoms if possible
- We *always* negotiate with terrorists
I understand that the general public are led to believe otherwise but that's really not how it works.
-
-
Friday 8th May 2026 01:01 GMT Anonymous Coward
Re: why
> Is this (always) true?
Obviously, no absolute is always true (not even this one), but close enough.
It's the same logic why corporations (and countries) choose to settle lawsuits they believe they could win, even when they are innocent of the claims. It's just seen as more effective.
As for terrorists, that is what you call the opposition's freedom fighters. Mrs Margaret Thatcher let's not negotiate position did not end the troubles. Mr Anthony Blair's let's negotiate position led to the good Friday agreement (this is not an endorsement of either politician, just an illustration via two well-known examples).
-
-
-
-
-
-
-
-
Monday 4th May 2026 10:06 GMT Groo The Wanderer - A Canuck
Well, yes, as I did find out after your comment was posted, Canonical is not a US company.
But they sure as hell were quick to jump on the age/identity verification bandwagon, and you can expect them to kowtow the same way to any future demands for a remote kill switch or "Recall" style functionality to be baked into the OS at the behest of the good old fashioned dictatorial USG.
Still, I wonder what their investor nationality percentages look like...
-
-
-
Sunday 3rd May 2026 01:33 GMT Paul Hovnanian
Lots of stuff is down
I'll spare them the the embarrassment of naming them. But one engineering site I use went down the other day. And they had only just started using CloudFlare for DDoS/Bot protection (I noticed the "security check popups about a week ago). So I checked https://www.isitdownrightnow.com/. Not only is the engineering site reported down. But so is CloudFlare.
-
-
Monday 4th May 2026 20:23 GMT Paul Hovnanian
Re: Lots of stuff is down
True. CloudFlare is a very large and distributed CDN (among other things). The fact that I may see something as up doesn't mean that you or isitdownrightnow.com will see the same thing*. Or vice versa. But you'd think that a company who's primary service is protecting against DDoS attacks could keep their own site up.
*This applies to CloudFlare's customers as well. Since each exit in their CDN could be under a different level of attack, some will be up and others down for users geographically near each portal.
-
-
Monday 4th May 2026 09:49 GMT Pirate Peter
tangerine tyrant screws normal people yet again
so it started with his tariffs that screwed over all Americans and many other people around the world
then he started this Iran war (which Putin loves as it splits American resources for war and less support for Ukraine)
due to the war Iran has blockaded the straight of hormuz, meaning fuel prices are up screwing everyone globally
due to fuel issues airlines will be cancelling flights meaning globally people are being screwed again for holidays etc (wait for food prices going up yet again and shortages due to flight cancellations / aviation fuel shortages)
now it's disrupting our hobbies with ubuntu being targeted
thank god the tangerine tyrant has no more terms in office he can run for,
