What a bad day for #Ubuntu to be down and under attack, especially with everyone looking for details on copy.fail and cPanel.

nygren@hachyderm.io

What a bad day for #Ubuntu to be down and under attack, especially with everyone looking for details on copy.fail and cPanel.

Since people chasing down info on them keep running into Ubuntu issues, they seem to be under active attack:
https://www.theregister.com/2026/05/01/canonical_confirms_ubuntu_infrastructure_under/?td=rt-3a

They are now returning localhost addresses for www.ubuntu.com:

$ host www.ubuntu.com
www.ubuntu.com has address 127.0.0.1
www.ubuntu.com has IPv6 address ::1

#ubuntu #DDoS #infosec

nygren@hachyderm.io

Side-note relative to:

$ host www.ubuntu.com
www.ubuntu.com has address 127.0.0.1
www.ubuntu.com has IPv6 address ::1

it would be good for "us" (IETF?) to define a better way to indicate "this site is authoritatively unavailable for now". On IPv6 the discard prefix might be an option, but there's no clear option for IPv4.

damien@layer8.space

@nygren yeah, but it's nice to think that some DDoS folk might be hammering 127.0.0.1 as hard as they can?

jtk@infosec.exchange

@nygren Wouldn't an nxdomain do that? But I'm not sure I would want to make any change like that. Surprised to see them pointing to a loopback, that is very unusual and seems like the wrong approach to me.