Frühere Suchanfragen
Suchoptionen
Verwaltet von:
Anoxinon e.V. 
We are currently suffering from a network-level DDoS attack. Or maybe just a single actor. Anyway, our downlink is jammed.
We have finally reached a somewhat stable level of operation. In the past hours, we managed to partially restore service, but mostly managed to do so only for a subset of our users (due to DNS propagation delays and IPv6 vs IPv4 connectivity differences).
Currentely, Codeberg is available for all the situations we monitor for, and we expect that most connectivity issues will be resolved soon after all DNS caches clear.
We appreciate all the love and support we receive from you, thank you so much.
However, the sad story is, that this day was a massive disruption for most people who develop software on a serious level on Codeberg, from large Free/libre software projects to companies and freelancers, and we are sorry about this.
We acknowledge if this makes you want to move elsewhere, but we're of course happy about everyone who can stay 
.
Bad news: DDoS has followed to the new location.
Good news: There, we have at least basic DDoS protection.
Bad news: The server is still unreachable.
We have received first numbers. The DDoS is apparently about 11Gbit/s over UDP traffic currently.
Heads-Up: Notification emails generated today won't be sent. If you require someone's attention, please ping them again. If you tried to register, please sign in and re-send your activation email (or re-register your account in case it was pruned due to the pending activation).
We were still struggling with email delivery from Forgejo. It looks like some queues are corrupted and restoring them is very hard. Most queued messages are spam or registration emails with already expired tokens. Finally, we made the decision to reset the queue and will do that in a few minutes.
We are using the opportunity to switch the queues to #redict / #redis, which was a planned project anyway (a requirement for clustering our Forgejo to multiple instances).
We have just fixed a connection issue resulting in degraded SSH access via IPv4. All services should be fully available now.
We overlooked a mistake in the firewall configuration of one host, because DNS propagation delay has resulted in our tests running against another server.
@Codeberg what does Codeberg use UDP for? Isn't git TCP? Can't you block all UDP requests, or is it too much for your systems anyway?
(I know you've likely tried all of this I'm just curious lmao)
Have you filed a criminal case? I'd love to see the absolutely lifeless individual who did this get arrested, turns out I use codeberg a *lot* on the day to day basis, this was annoying af
@laxla The malicious traffic is UDP. At Codeberg, we currently don't do any UDP traffic except for a VPN to secure offsite backups.
Our provider seems to have blocked all UDP traffic.
@Codeberg do you have bgp access, can you announce flowspec rules for blackholing?
@4censord Not yet. We are working with our provider on improving the networking, but currently there is no such thing yet.
@Codeberg now I known why I could not open codeberg.
man why on earth they need to attack codeberg .
using cl**dflare isn't on the table rn is it? i remember when this was happening to AO3 a couple months ago...
@silverfish Well, using cloudflare would kinda mean giving up on all our ideals:
- no big corporate services, everything under our control
- privacy by default, but Cloudflare likes to decrypt traffic in the middle
- no proprietary dependencies, everything runs using free/libre software
However, we have currently used DDoS mitigation from a smaller provider that does not do man in the middle sniffing, so we only had to sacrifice partially using non-free software for a while. ~f
@Codeberg
I hope that works and that you go through this and come out stronger.
You can also look at Deflect (https://deflect.ca/). I have direct contact, they're willing to help if you ping them.
@silverfish
@zeh
Thank you for the offer, and the service sounds really interesting as an alternative to Cloudflare, especially for smaller-scale websites.
Unfortunately, having a third-party decrypt traffic to Codeberg is currently a no-go and it looks like their service mostly relies on that.
However, we are receiving some help setting up network-level DDoS protection and more is in preparation, so we're confident we'll find an alternative soon.
@silverfish
@Codeberg this incident has only made me more resolved to continuing my donations to y'all
@Codeberg Will the block to South American IPs be permanent?
@4c31 There was no intentional block, but we recently rate-limited all users of IPv4 equally strict due to a mistake. Does it work again?
@Codeberg Thank you , it's all good now!
@Codeberg Not sure, if this is relevant in your setup, but when I read "redis" and "mail queues" I immediately remembered a (German) blog post by @ubernauten about missing TTL for hash keys, that caused heavy CPU load for trying to rate limit SMTP traffic:
https://blog.uberspace.de/2024/07/wie-ein-bisschen-rate-limiting/
@Codeberg Kiss kiss, hug hug. Remain calm. You have done well, you will do well.
@Codeberg All the best to you. You are doing a great job.
@Codeberg they got you good
@Codeberg Keep up the good work and I'll be ready to sign up when you are ready!
Is there a donationslink?
