To all gogs users, we are suffering a DDOS attack (SITE HAS BEEN FIXED)

To all gogs users

We are currently suffering a DDOS attack which has effectively killed the server, this means performance will be degraded and all repositories are corrupted.

Protech IT solutions are currently working on a solution, please do not view the site or the source as we are in the process of a forced rewind.


Thank you

@17lwinn, CEO of ProTech IT solutions and lead admin.
@tech_dude1, Lead Developer and community manager/ Trust and Safety Team Specialist

How did you get DDOSed?

Everytime I view the project the editor crashes too. So I’m trying to remix it right now.

People have made multiple accounts, running malicious code and crashed the database.

We are trying to fix it now

What is “gogs” or “gog”?

gogs is a GitHub clone written in Go.

https://support.glitch.com/t/built-a-github-clone-with-gogs-join-for-free-today/19163/2

1 Like

Yep, we got it from a dev.to article

We remixed it and we provide it as a free service, but in order to keep things safe and prevent further attacks we have set some ground rules for both users and admins.

  1. All changes must be tested first outside the working area
  2. Any cryptic usernames will be banned, we recommend that you use your glitch name so we can identify you.
  3. All repositories must have some kind of README

Also, your account will be deleted if:

  • you are under 13
  • you glorify or threaten violence
  • you are given unauthorized admin privileges
  • a report is made against you
  • you launch a DDOS attack against us, we are working on IP address monitoring to improve security

Thank you

@17lwinn, CEO of ProTech IT solutions/head admin
@tech_dude1, Lead Developer and community manager/ Trust and Safety Team Specialist

1 Like

If people are able to run malicious code on the server side then you have some major security flaws which should be addressed immediately.

Also, if your database was accessed, are user’s passwords hashed? If so, what algorithms. Also, are they salted? If neither hashed or salted that wouldn’t look very good for you (as a business). (Also if your not salting hashed passwords I recommend you do so).

@xXProGamerXx We are currently investigating the problem. But for some reason the site give’s all new users admin perms. We’re trying to fix that issue right now.

Hm, it could be a malicious code execution then. In that case, I’d take your project offline, backup the database to a secure location (perhaps on your local disk) and do a thorough investigation. Keep in mind though, it could all be down to a default or simple password. One of my personal servers was hit with a remote ransomware attack once - it was all down to using an extremely simple password (which I’ve now changed).

@xXProGamerXx Thing is I’m puzzled how they were able to corrupt all of our Data with just creating new account. After I investigated I could not really find any evidence that users were “running malicious” code.

If the data was actually corrupted (file overwritten with binary nonsense) then someone’s managed to login remotely to your database (if it’s not a file based one, e.g MongoDB, MySQL, etc). On the other hand, if the database is file based (e.g SQLite) then it could be signs of code execution or there’s some random API endpoint letting anyone access project files.

In our case it’s a file based one. When users mass create a bunch of accounts our project just ends up crashing. We’re taking extra steps to ensure this doesn’t happen again.

Likely signs of remote code execution or the file just got corrupted due to a Glitch outage (has happened to me before).

I’ve noticed that a bunch of spam bot’s sign up for accounts shortly before every DDOS attack in the past 3 days.

Eh, likely unrelated. If you hit the disk limit Glitch won’t let you write to a file anymore. Thus, corrupting your data. Is your project scribing “nice” to the container limits?

Yeah, We’re well below the container limits.

@xXProGamerXx Gogs is written in Go and uses no complicated technologies, this means that it stays below the container limits.

As for our databases, we are considering wether to move to a different and more secure database such as SQL. Please note that all databases and repositories are stored in private folders that are inaccessible through the editor.

As for the other issues you raised, the Site Security Team are working on ways to prevent future attacks. If you hold an account and feel that you are at risk then you reserve the right to delete it.


Please PM me or @tech_dude1 if you have any questions

We are about to implement features and wiping of the database. DO NOT ENTER THE SITE