Between 18 and 22 November 2023, the blender.org website was affected by a DDoS attack, executed by a botnet with hundreds of IP addresses sending over 1.5 billion malicious request, at a peak rate of 100 thousand rps (request per second). The website was intermittently available for a few days until going offline on November 21. The issue was resolved by moving behind a dedicated DDoS mitigation service, and the attack stopped at the end of the day. Besides the main blender.org website, a few other services were made unavailable – they are actively being restored.
Responsibility for the attack has not been claimed, and motives are unknown. The attack was focused on denial of service. Project and user data have not been affected.
Special thanks to the team that has been working around the clock to resolve this: Anna, Arnd, Danny, Oleg, Pablo and Sergey. Also thanks to everyone who reached out offering help and support!
Original Announcement
Since Saturday, 18 November, the blender.org servers are under a DDoS attack; bringing down our servers by overloading them with requests. The administrators have been working on it non-stop. Attempts to block IP ranges from attackers did not work, as they quickly came back from other locations.
Moreover, in the short periods they don’t attack blender.org, pending logs of regular requests overload the servers again, sending the infrastructure into a loop of self-destruction.
After four days of fending off the attacks, the team decided to move the core of our website to a secure service that provides DDoS protection. This means that www.blender.org is back!
Timeline
2023-11-18. Initial signs of malicious traffic on the blender.org website, mitigated by blocking offending addresses.
2023-11-19. Malicious traffic intensifies to the point of intermittently interrupting availability of the blender.org website.
2023-11-20. Several blender.org services (developer forum, wiki, etc.) are unavailable due to excessive traffic. Blocking IP ranges is no longer effective.
2023-11-21. Attack reaches full scale, requiring for the blender.org services to be fully stopped. A decision is made to move behind a dedicated DDoS mitigation service. At the end of the day the blender.org website is available again, operating normally.
2023-11-22 01:30. The attack is still ongoing, peaking at over 5 million requests per minute. While most of www.blender.org functionality is back to normal, there are still a few issues:
- Users might presented with a “challenge” to verify that they are not a bot before visiting the website
- blender.org (without www) is still not accessible, due to technical reasons. If you want to visit blender.org, make sure you type www.blender.org
- Several websites are still unavailable (code, developer, docs, devtalk, download, wiki, etc.) – and we keep working to bring them back.
2023-11-22 10:30. The attack has stopped. We continue working to restore all other websites today.
2023-11-22 20:30. All blender.org sites are back online and operating normally. Unfortunately another attack has started, but it’s being mitigated and should not be affecting the website experience.
2023-11-23 20:30. The attack has stopped. In total over 2.1B requests (up to 100K rps) were mitigated. We consider the issue closed for now, and will only report further if the user experience on blender.org is affected.
Francesco Siddi
COO – Blender