We are currently suffering a DDOS attack which has effectively killed the server, this means performance will be degraded and all repositories are corrupted.
Protech IT solutions are currently working on a solution, please do not view the site or the source as we are in the process of a forced rewind.
Thank you
@random, CEO of ProTech IT solutions and lead admin. @Techy, Lead Developer and community manager/ Trust and Safety Team Specialist
We remixed it and we provide it as a free service, but in order to keep things safe and prevent further attacks we have set some ground rules for both users and admins.
All changes must be tested first outside the working area
Any cryptic usernames will be banned, we recommend that you use your glitch name so we can identify you.
All repositories must have some kind of README
Also, your account will be deleted if:
you are under 13
you glorify or threaten violence
you are given unauthorized admin privileges
a report is made against you
you launch a DDOS attack against us, we are working on IP address monitoring to improve security
Thank you
@random, CEO of ProTech IT solutions/head admin @Techy, Lead Developer and community manager/ Trust and Safety Team Specialist
If people are able to run malicious code on the server side then you have some major security flaws which should be addressed immediately.
Also, if your database was accessed, are user’s passwords hashed? If so, what algorithms. Also, are they salted? If neither hashed or salted that wouldn’t look very good for you (as a business). (Also if your not salting hashed passwords I recommend you do so).
@charliea21 We are currently investigating the problem. But for some reason the site give’s all new users admin perms. We’re trying to fix that issue right now.
Hm, it could be a malicious code execution then. In that case, I’d take your project offline, backup the database to a secure location (perhaps on your local disk) and do a thorough investigation. Keep in mind though, it could all be down to a default or simple password. One of my personal servers was hit with a remote ransomware attack once - it was all down to using an extremely simple password (which I’ve now changed).
@charliea21 Thing is I’m puzzled how they were able to corrupt all of our Data with just creating new account. After I investigated I could not really find any evidence that users were “running malicious” code.
If the data was actually corrupted (file overwritten with binary nonsense) then someone’s managed to login remotely to your database (if it’s not a file based one, e.g MongoDB, MySQL, etc). On the other hand, if the database is file based (e.g SQLite) then it could be signs of code execution or there’s some random API endpoint letting anyone access project files.
In our case it’s a file based one. When users mass create a bunch of accounts our project just ends up crashing. We’re taking extra steps to ensure this doesn’t happen again.
Eh, likely unrelated. If you hit the disk limit Glitch won’t let you write to a file anymore. Thus, corrupting your data. Is your project scribing “nice” to the container limits?
@charliea21 Gogs is written in Go and uses no complicated technologies, this means that it stays below the container limits.
As for our databases, we are considering wether to move to a different and more secure database such as SQL. Please note that all databases and repositories are stored in private folders that are inaccessible through the editor.
As for the other issues you raised, the Site Security Team are working on ways to prevent future attacks. If you hold an account and feel that you are at risk then you reserve the right to delete it.