700+ self-hosted Git instances battered in 0-day attacks
www.theregister.com
: More than half of internet-exposed instances already compromised

By ‘Git instances’ they mean Gogs instances that allow open registration. I know most of the community moved from Gogs to Gitea, and then to Forgejo, but thought this was still worth noting.

  • Jason2357@lemmy.caEnglish
    2·
    1 day ago

    Theres a HUGE difference between hosting it essentially read-only to the world, vs allowing account creation, uploading, and processing unknown files by the server.

    I have thought of blocking access to the commit history pages at the reverse proxy to cut off 99% of the traffic from bots. If anyone wants to look at the history, its just a git clone away.