Post Ar4sz3pRALKtvsYCvI by jalict@mastodon.gamedev.place
(DIR) More posts by jalict@mastodon.gamedev.place
(DIR) Post #Ar4sfXGA249pQ4jwwq by Codeberg@social.anoxinon.de
2025-02-13T09:38:04Z
1 likes, 2 repeats
We are currently suffering from a network-level DDoS attack. Or maybe just a single actor. Anyway, our downlink is jammed.
(DIR) Post #Ar4smbEXej79ltLqEa by Turre@mementomori.social
2025-02-13T12:29:19Z
1 likes, 0 repeats
@Codeberg It's a sick, sad world where folks want to attack an entity like Codeberg.It's also a reminder how vulnerable any single instance service is. I was just thinking, how neat it'd be if the whole thing could be federated, but of course somebody already dreamed this up already, so it's at least a work in progress: https://forgejo.org/2023-01-10-answering-forgejo-federation-questions/ Herd immunity really is a thing...
(DIR) Post #Ar4sz3pRALKtvsYCvI by jalict@mastodon.gamedev.place
2025-02-13T12:54:12Z
1 likes, 1 repeats
@Codeberg Means whatever you are doing is great :)Here is the (latest) archive donation page for Codeberg in case anyone wants to show capital support.https://web.archive.org/web/20250211164659/https://donate.codeberg.org/Paypal: https://PayPal.Me/codebergStripe: https://donate.stripe.com/14k28rbiX7dMfS0bII
(DIR) Post #Ar4szJ2kb7tl7VtYG0 by thoralf@soc.umrath.net
2025-02-13T12:57:42Z
0 likes, 0 repeats
@Codeberg Is there any chance to create some kind of #Fediverse-like structure that is more robust against this kind of attacks because the infrastructure is distributed and there is no single point you can attack?
(DIR) Post #Ar4szK3Upq5aG7Ff3g by fabian@floss.social
2025-02-13T13:16:01Z
1 likes, 0 repeats
@thoralf https://forgejo.org/, die Basis von Codeberg, arbeitet an Föderation. Wie sehr/ob das gegen so was hilft? Viele (große) zukünftige Forge-Instanzen vollzuspammen ist auch nicht so komplex. Bissl Sand im Getriebe wäre es sicher; Last und Verantwortung liegt dann natürlich auch verteilt bei den Instanzbetreibern.Also ich bin voll für (mehr) Föderation in dem Bereich. Ob das das aktuelle Problem deutlich geringer gemacht hätte? 🤷
(DIR) Post #Ar5DIKjGYKCMvx8DKa by Chzikken_1486@poa.st
2025-02-13T17:46:39.807133Z
0 likes, 1 repeats
@Codeberg Because it was gay
(DIR) Post #Ar5MpMBb3WUQb1CkJU by Codeberg@social.anoxinon.de
2025-02-13T18:34:43Z
1 likes, 0 repeats
@silverfish Well, using cloudflare would kinda mean giving up on all our ideals:- no big corporate services, everything under our control- privacy by default, but Cloudflare likes to decrypt traffic in the middle- no proprietary dependencies, everything runs using free/libre softwareHowever, we have currently used DDoS mitigation from a smaller provider that does not do man in the middle sniffing, so we only had to sacrifice partially using non-free software for a while. ~f
(DIR) Post #Ar5SBggW1Rl4JU8N3g by Codeberg@social.anoxinon.de
2025-02-13T17:21:12Z
0 likes, 0 repeats
We have finally reached a somewhat stable level of operation. In the past hours, we managed to partially restore service, but mostly managed to do so only for a subset of our users (due to DNS propagation delays and IPv6 vs IPv4 connectivity differences).Currentely, Codeberg is available for all the situations we monitor for, and we expect that most connectivity issues will be resolved soon after all DNS caches clear.
(DIR) Post #Ar5SBi2B0OgAUxHBSa by Codeberg@social.anoxinon.de
2025-02-13T17:26:03Z
0 likes, 0 repeats
We appreciate all the love and support we receive from you, thank you so much.However, the sad story is, that this day was a massive disruption for most people who develop software on a serious level on Codeberg, from large Free/libre software projects to companies and freelancers, and we are sorry about this.We acknowledge if this makes you want to move elsewhere, but we're of course happy about everyone who can stay ❤️.
(DIR) Post #Ar5SBj1VKNjfZ9yA3E by Codeberg@social.anoxinon.de
2025-02-13T17:40:41Z
0 likes, 1 repeats
Bad news: DDoS has followed to the new location.Good news: There, we have at least basic DDoS protection.Bad news: The server is still unreachable.We have received first numbers. The DDoS is apparently about 11Gbit/s over UDP traffic currently.
(DIR) Post #Ar5UK4n2U21hIcJTma by Codeberg@social.anoxinon.de
2025-02-13T20:45:10Z
0 likes, 0 repeats
🔔 Heads-Up: Notification emails generated today won't be sent. If you require someone's attention, please ping them again. If you tried to register, please sign in and re-send your activation email (or re-register your account in case it was pruned due to the pending activation).
(DIR) Post #Ar5UK5t6OyTEhi9ps8 by Codeberg@social.anoxinon.de
2025-02-13T20:49:22Z
1 likes, 0 repeats
We were still struggling with email delivery from Forgejo. It looks like some queues are corrupted and restoring them is very hard. Most queued messages are spam or registration emails with already expired tokens. Finally, we made the decision to reset the queue and will do that in a few minutes.We are using the opportunity to switch the queues to #redict / #redis, which was a planned project anyway (a requirement for clustering our Forgejo to multiple instances).
(DIR) Post #Ar89Y8ir8z05zF6Kga by zeh@mstdn.io
2025-02-14T13:39:32Z
1 likes, 0 repeats
@Codeberg I hope that works and that you go through this and come out stronger. You can also look at Deflect (https://deflect.ca/). I have direct contact, they're willing to help if you ping them.@silverfish
(DIR) Post #Ar89YDjkV5gZXSYcGu by Codeberg@social.anoxinon.de
2025-02-14T20:54:25Z
1 likes, 0 repeats
@zeh Thank you for the offer, and the service sounds really interesting as an alternative to Cloudflare, especially for smaller-scale websites.Unfortunately, having a third-party decrypt traffic to Codeberg is currently a no-go and it looks like their service mostly relies on that.However, we are receiving some help setting up network-level DDoS protection and more is in preparation, so we're confident we'll find an alternative soon.@silverfish