Blender under a heavy DDOS attack

Blender’s website (blender.org) is currently under a heavy DDOS attack. Their websites are currently offline. Attackers are using a wide range of IPs addresses and keep switching them. The origin of the attack is currently unknown and the Blender administration is rushing to defend against the attacks. On Mastodon, the official blender account posted the notification of the attack.

While I was writing this, Francesco Siddi (COO and General Manager of Blender) published an update to the situation and said that a light version of the Blender site has been moved behind a DDOS protection service. (most likely Cloudflare, as mentioned in the post) However, at least from my attempts, blender is still offline and struggling to keep up with this attack. This may be a sign that it is a more sophisticated attack if it is managing to bypass anti-DDOS.

My biggest question is who would do this to Blender? They are a non-profit open-source software developer, who have they made enemies with? An attack of this caliber shows that whoever behind this has numerous resources and likely has knowledge of evading DDOS prevention.

I’m not an expert on DDoS attacks, but something tells me that there’s nothing special about Blender. Attackers just show off that way for potential clients and Blender is just their punching bag that they probably chose at random.

5 Likes

I just talked to a friend of mine who is in cybersecurity and they suggested that it could be a test of their DDOS tools and how an organization responds and mitigates the threat.

That’s so interesting, I never thought about it like that. I guess I never considered DDOS services as having marketing and them giving you a “test drive” of the services. That’s such an intriguing concept I never even thought about. I never stopped to think about how other dark web or criminal services are marketed and sold either.

1 Like

Their services are down for a quite lengthy period of time. Would they keep them down for so long if it was intentional? I doubt so. Well, i might be wrong, of course, but it seems very counterintuitive to me.

I just find it funny that someone woke up and just decided that they no longer want blender’s website up.

2 Likes

But think about the people who’s making 3D animations their work is going to be gone for good after Weeks/Months/Years of making them This isn’t a good sign for our favourite open source 3D Model Editing Software

2 Likes

DDoS attacks are typically very low effort and often done for attention by people who can’t actually do any remotely ‘complex’ hack. They often just rent a botnet that someone else actually put the effort into building.

Also here is their blog post on the situation. Attack mitigation appear to be working, things should be accessible now. I don’t think Blender was being protected by Cloudflare before this which is why the attack was initially working. I don’t think there’s any special reason why Blender specifically was targeted.

2 Likes

What exactly do you mean by this? The DDOS only affected the website, hindering downloads and documentation reading. Projects were not impacted by it nor was the main functionality of Blender.

1 Like

I could only assume that maybe they wanted to see how Blender responded and test their anti-DDOS systems? Or continuing with the “showing off services” theory, they could be showing that the DDOS is hard to protect against and showing how it is stable enough to keep running for long periods of time.

Ok i thought that people’s works are gone but gosh that isn’t the main reason

1 Like

Yeah, which makes it more confusing to understand the attack’s motives. It simply inconveniences people for a short period of time. Why? What is the goal here? Did they achieve it?

1 Like

Not really but at least we can continue our work flow until the website get working again

As mentioned by @ThiccRaiden, the anti-ddos protection seems to be working and the site is back online. Their blog post has been updated with some good info about the attack and their handling of it.

1 Like

Honestly, some of this stuff is pretty surprising.

the blender.org website was affected by a DDoS attack, executed by a botnet with hundreds of IP addresses sending over 1.5 billion malicious request, at a peak rate of 100 thousand rps (request per second)

This size of scale and system confuses me even more. Who would execute this attack and for what motive? I feel like all the theories discussed here so far don’t really make too much sense for this size and scale of an attack.

“Maybe it’s them testing their botnet?” - Would they really risk the discovery of their botnet, patching and analysis of the botnet, and facing law enforcement over a simple test? Wouldn’t they do this with less devices? Their control servers would also get shutdown when cybersecurity agencies start investigating.

“Maybe they are showing off to a client” - Still to me the most likely, however, again, why would they use such large scale and risk detection and mitigation of their future attacks?

“Maybe they were just targeting Blender” - Explains why they used so many resources, but who would do this? And why? How do they benefit from the attack?

1 Like

we don’t know if they are going to attack another open source project like Godot or Lunar Magic

I mean the answer is simply that we’ll never know unless the perpetrator is caught. You can come up with all sorts of conspiracy theories, it coincides with the release of Blender 4.0, maybe someone was mad a feature was removed? Maybe the NSA is exploiting people using Blender 3 and didn’t want anyone to upgrade?? Maybe Cloudflare just wanted another customer???

It’s probably a pretty mundane reason though :man_shrugging:

1 Like