Blender has confirmed that recent site outages have been caused by ongoing DDoS (distributed denial of service) attacks that started on Saturday.
Blender is a popular 3D design suite for creating animated films, video games, motion graphics, visual effects, soft body and particle simulation, and many more.
The project's team says the attacks started over the weekend, rendering them unable to process legitimate connection requests, causing a severe disruption to operations.
"Since last Saturday, 18 November, the blender.org servers are under a DDoS attack; bringing down our servers by overloading them with requests," reads the announcement.
"The administrators have been working on it non-stop. Attempts to block IP ranges from attackers did not work, as they quickly came back from other locations."
Even in the short periods during which the attackers paused the attacks, Blender's infrastructure remained overloaded by large volumes of pending legitimate requests, making it hard for their servers to catch up.
Eventually, after four days of continual problems, the team moved its main website to CloudFlare today, which they say helped reduce the impact of the attacks.
Stats shared by Blender's COO, Francesco Siddi, on X, show that the attacks are ongoing, counting over 240 million bogus requests directed at the project's servers.
Blender warns that the following problems may persist when attempting to use their services and sites:
- Accessing the site requires solving a bot-filtering "challenge" for some users.
- The "blender.org" may still be inaccessible for technical reasons, but "www.blender.org" works.
- Websites that host Blender's code, developer documents, devtalk, the wiki, and the download portal are still unavailable.
The threat actors responsible for the attacks on Blender and their motives are currently unknown.
In case disruptions return in the next couple of days, it is important to note that downloading Blender from third-party sites or promoted results on Google Search can lead to malware infections.
If you're looking to get a Blender installer and the official site is down, you may always source a DRM-free version from Steam, which doesn't require Valve's client to run.
Blender is also available through GitHub, while Windows users can also get it directly from the Microsoft Apps Store.
Top 10 MITRE ATT&CK© Techniques Behind 93% of Attacks
Based on an analysis of 14M malicious actions, discover the top 10 MITRE ATT&CK techniques behind 93% of attacks and how to defend against them.
Comments
GT500 - 1 year ago
Who the Hell would want to DDoS Blender's website? What on Earth could Blender have done to anyone to get them upset enough to launch a multi-day DDoS attack?
Jaybee02 - 1 year ago
The purpose is to put the real site offline so more people download a copy from a google ad leading to a typosquatting domain with an installer modified with malware.
GT500 - 1 year ago
Doesn't it cost a lot of money to run DDoS attacks for that long? Usually they don't persist more than a few hours because of that, so whoever is doing this is either in control of a botnet or doesn't mind paying someone who is to continually attack Blender's website for days.
Dominique1 - 1 year ago
I'm asking myself the same question.