I wonder how GitHub mitigated the attack so successfully. I can't find any baidu scripts using the injected code anymore (in fact the original tracking scripts on baidu's own domain return nothing), and GitHub is now serving the two repos that were originally targeted.
What happened? Whatever it is, I'm glad they were able to mitigate the attacks.
Right. Not looking for specifics. My curiosity would be satisfied by something like "we've reached out to Baidu and they've done X and Y. Meanwhile, traffic has decreased so we've unblocked the affected repos."
What do you mean "has been" stopped? There's no definitively stopping this without HTTPS, which I'm pretty sure hasn't magically "happened" in China in the last couple days.
The GFW may have ceased its attack, but there's no check you can possibly add into an asset delivered over HTTP which can't be undone by the GFW.
As long as there's a script being delivered over HTTP, the GFW can intercept that script request and replace with a script of its own.
I mean the Javascript hijacking has been stopped. This DDoS mixes several ways and during the js hijacking period, GitHub returns `alert()` on specific url for blocking browsers sending ajax requests. For now, the infected urls are back to normal.
What happened? Whatever it is, I'm glad they were able to mitigate the attacks.