Built a GitHub clone with gogs- join for free today

Too many DDoS attacks in the past few days…and project spams that happend last week…

The user with admin is called HydrogenDiscord. I believe he is the DDOSer

Can’t you ban him or something? Any ways to find out who’s DDoSing the project?

When we got hit last night with a DDOS, the DB messed up and gave him admin as he wa the first user to sign in.

We plan to wipe the databases and start over (sqlite3)


My theory is to grab a list of IP addresses that access the site and ban them. We are looking into custom domains and cloudflare protection.

We can’t ban him until we get our admin perm back

Well, I was able to log in and I am currently handling the situation.

  1. IP addresses changes over the day once or twice. Surely, I would’ve use a VPN for a DDoS attack, so there’s no point in catching IP addresses.
  2. Cloudflare requires it’s own DNS servers which might be no possible to change on Glitch

And lastly, why do regular people need their own GitHub clone? Ofc companies would use their own replicas to not to share with everyone their production mess, but having a GitHub on Glitch sounds like a joke

I have a idea, how about we set up a custom domain which everyone can publicly use and then setup cloudflare for dns so it can handle DDoS attacks for us(you might need to manually turn on I’m under attack mode).
Oh sry 17lwinn didn’t see your reply there.
A little question before I signup: how are the passwords protected. Are the hashed, if so what method(don
't have to be that specific)

We actually have a domain thanks to tech dude! Once the mess is cleared we will set it up

Our databases and code (including passwords) are completely hidden so no developer console could access it. The DDOS attack did not expose any details and we plan to implement password hashing some day.

Nobody except you will know your password, we have 2 factor verification for extra security available in your account settings. We will NOT ASK FOR YOUR PASSWORD.

We are constantly trying to improve security, feel free to sign up today!

I understand how feel.

We will need to log IP addresses somehow, regardless of wether they use a VPN. And we plan to move to a new domain soon.

As for your last point, regular people may wish to dive into development with a sense of how popular code-sharing sites like github work. It really is for experience! But we understand your criticism fully and we will never force you to join in any way.

You could set up a glitch reverse proxy(like the one i made) as a secondary glitch project and whenever that project gets a request it forwards it to the actual project but then logs the ip, rate limits, and all the other security stuff.

By the way I see this “Project pt-gogs suspended: Unknown”

Also another thing. If u don’t want the first person to get admin, make a copy of the database when the proper admins have been chosen and restore the database to that point when the database breaks.

oof, it got suspended due to the aws alert this weekend.

Yep, We’re working on getting it up and running as soon as possible!

1 Like

Good luck getting it up. This is a very nice project that I would love to see continue

2 Likes
  • thank you sooo much @javaarchive, we should try reverse proxys!

  • @Nicsena AWS alert? please explain

  • We may have to disable registration to prevent bots joining, a last resort idea

@17lwinn There was an AWS issue which ended up suspending our project.

yep, glitch have been emailed

It’s still not unsuspended!

It was banned because it got hacked and spammed with NSFW content. You will have to ask @17lwinn about updates.