Why not get the latest backup of the project?
Every time we rewind, we have to reinstall. Gogs has a system where the first user gets admin and the DDOSer has admin
We’ve had to force rewind twice
Not rewinding, @glitch_support can get the latest backup of the project from their servers…
We did that and have a backup link potch gave us
We are suffering repeated DDOS attacks, this should help
Too many DDoS attacks in the past few days…and project spams that happend last week…
The user with admin is called HydrogenDiscord. I believe he is the DDOSer
Can’t you ban him or something? Any ways to find out who’s DDoSing the project?
When we got hit last night with a DDOS, the DB messed up and gave him admin as he wa the first user to sign in.
We plan to wipe the databases and start over (sqlite3)
My theory is to grab a list of IP addresses that access the site and ban them. We are looking into custom domains and cloudflare protection.
We can’t ban him until we get our admin perm back
Well, I was able to log in and I am currently handling the situation.
- IP addresses changes over the day once or twice. Surely, I would’ve use a VPN for a DDoS attack, so there’s no point in catching IP addresses.
- Cloudflare requires it’s own DNS servers which might be no possible to change on Glitch
And lastly, why do regular people need their own GitHub clone? Ofc companies would use their own replicas to not to share with everyone their production mess, but having a GitHub on Glitch sounds like a joke
I have a idea, how about we set up a custom domain which everyone can publicly use and then setup cloudflare for dns so it can handle DDoS attacks for us(you might need to manually turn on I’m under attack mode).
Oh sry 17lwinn didn’t see your reply there.
A little question before I signup: how are the passwords protected. Are the hashed, if so what method(don
't have to be that specific)
We actually have a domain thanks to tech dude! Once the mess is cleared we will set it up
Our databases and code (including passwords) are completely hidden so no developer console could access it. The DDOS attack did not expose any details and we plan to implement password hashing some day.
Nobody except you will know your password, we have 2 factor verification for extra security available in your account settings. We will NOT ASK FOR YOUR PASSWORD.
We are constantly trying to improve security, feel free to sign up today!
I understand how feel.
We will need to log IP addresses somehow, regardless of wether they use a VPN. And we plan to move to a new domain soon.
As for your last point, regular people may wish to dive into development with a sense of how popular code-sharing sites like github work. It really is for experience! But we understand your criticism fully and we will never force you to join in any way.
You could set up a glitch reverse proxy(like the one i made) as a secondary glitch project and whenever that project gets a request it forwards it to the actual project but then logs the ip, rate limits, and all the other security stuff.
By the way I see this “Project pt-gogs suspended: Unknown”
Also another thing. If u don’t want the first person to get admin, make a copy of the database when the proper admins have been chosen and restore the database to that point when the database breaks.
oof, it got suspended due to the aws alert this weekend.