In a recent company announcement, the Free Software Foundation, or FSF, has shed light on a staggering challenge facing its small but determined tech team: an ongoing battle against millions of bots.

Detailed in a blog post on their official website, the FSF reveals the scale and persistence of cyberattacks that have targeted their infrastructure since August 2024, highlighting the resilience required to protect their mission of advancing software freedom.

The FSF, a charity with a global reach, operates with a modest team of system administrators who are tasked with safeguarding critical platforms like gnu.org and GNU Savannah, their collaborative software development system. According to the announcement, these sites have been under siege by distributed denial-of-service (DDoS) attacks and aggressive web crawlers, including those powered by large language models, or LLMs. The sheer volume of malicious traffic—emanating from botnets controlling up to five million IP addresses—underscores the asymmetry of this digital warfare.

A Year of Relentless Assaults

The initial wave of attacks began last August with a targeted strike on gnu.org, an assault the FSF believes was intended to completely disable the site. As reported in the announcement, the pattern and scope of this attack suggested a deliberate attempt to disrupt operations rather than a mere data scrape by an LLM crawler. While the perpetrator remains unknown, the FSF team has successfully mitigated this threat, though not without significant effort.

Since then, the attacks have only escalated in severity. GNU Savannah, a cornerstone of the FSF’s collaborative development efforts, became the next major target, facing a barrage from a massive botnet. The sysadmins describe this as an “intense” campaign, one that has tested the limits of their resources and expertise over nearly a full year of sustained pressure.

Shielding Freedom Through Innovation

Despite these challenges, the FSF’s tech team remains steadfast. Their announcement emphasizes a commitment to defending their infrastructure for as long as the attacks persist, a promise rooted in their mission to ensure access to free software. This resolve is not just ideological; it’s operational, as the team has deployed innovative strategies and hardened their systems to withstand the onslaught.

The broader implications of these attacks are worth noting. As the FSF points out, the rise of LLM crawlers and sophisticated botnets represents a growing threat to organizations of all sizes, particularly those with limited resources. The fact that a small nonprofit can hold its ground against such overwhelming odds speaks to the ingenuity and dedication of its staff, but it also raises questions about the future of cybersecurity for mission-driven entities.

A Call for Community Support

In their announcement, the FSF implicitly calls for community support, a reminder that their fight is not just technical but collective. The battle against bots is emblematic of the larger struggle for digital freedom, where every line of code and every server uptime metric matters.

For industry insiders, the FSF’s experience is a case study in resilience. It highlights the need for robust defenses, strategic resource allocation, and perhaps most critically, a unified front against cyber threats that seek to undermine the principles of open access and collaboration. As the FSF continues to stand firm, their story serves as both a warning and an inspiration for the tech community at large.