Codeberg Service Status
Slight modifications were made, in order to create more clarity, the date notation 2025-02-13 was added to the lines lacking them, and some slight formatting differences, that is all.
Note that by now, the announcement below no longer displays on the Status Page anymore.
Network-level DDoS
Situation as of 2025-02-14, 23:56 UTC: Connectivity via IPv4 is stable again. All traffic to Codeberg is now behind a DDoS mitigation system, pending DNS propagation. More information on the DDoS mitigation system.
Situation as of 2025-02-14, 21:40 UTC: We are currently suffering from another network-level DDoS attack, connectivity via IPv4 is impacted. If you are able to use IPv6 you should be able to have good connectivity to Codeberg.
Situation as of 2025-02-14, 07:33 UTC: SSH access via IPv4 has been fixed and all systems should be fully available. It was previously unavailable due to a configuration mistake in the firewall, which was overlooked at the time of setting it up because DNS propagation delay has made the tests run on another host. We are still monitoring closely.
Situaton as of 2025-02-13, 23:20 UTC: Email delivery has been restored a few hours ago (also see the announcement on Mastodon for details about this decision). We dropped most email that was generated today. If you require someone's attention, please ping them again. If you tried to register, please sign in and re-send your activation email (or re-register your account in case it was pruned due to the pending activation). The situation is mostly stable, except for occassional hiccups that seem to originate from the typical abusive AI crawling. Due to the current workarounds in place (to protect against DDoS), our normal abuse detection for AI crawling doesn't work very well.
Situation as of 2025-02-13, 18:12 UTC: IPv6 connectivity was restored a while ago. IPv4 now also works after we discovered a configuration issue that lead to increased false positive rates in our rate-limiting. Email delivery was still impacted.
Situation as of 2025-02-13, 13:56 UTC: We have added multiple servers to DNS entries. If you are lucky, you can use Codeberg just fine, depending on which machine is currently under attack. We are still investigating.
We have been suffering from a network-level DoS that currently takes up all bandwidth available to our server. We are currently investigating potential workarounds to route traffic and restore connectivity.
Status Notification Date Created: 2025-02-13 10:55:07
Status Notification Last Updated: 2025-02-15 00:28:30
nl-NL
Codeberg: spam en DDoS-aanvallen op niet-commercieel ontwikkelingsplatform.
De originele post is het Duits, later hebben ze een Engelse versie gemaakt, waarvan je de vertaling hieronder kan vinden.
Massa's aan spamberichten, overvolle E-mailinboxen en verstopte internetlijnen: anonieme aanvallen op het non-profit GitHub-alternatief.
Aanvallers werken zich een weg door een berg van code en proberen het open platform te verlammen.
(Afbeelding: Erstellt Durch Ki Mit Bing Designer / CKU)
Om 16:06 CET/UTC+1
Door Dr. Christopher Kunz
Het non-profit softwareontwikkelingsplatform Codeberg staat al dagen centraal in verschillende aanvallen. De vrijwillige initiatiefnemers van het project vermoeden een politieke motivatie achter haatberichten, spam en DDoS aanvallen.
Een paar dagen geleden, rond 10 februari, begon de aanvallen op Codeberg e.V. met spamcampagnes tegen individuele projecten op het platform. Hun bug -trackers werden bijvoorbeeld overspoeld met onzinnige foutmeldingen. Bovendien waren de E-mailaccounts van leden van de vereniging gevuld met beledigende nieuwsbriefregistraties.
Racistische berichten in de mailbox
Op de ochtend van 12 februari volgde de volgende stap: de onbekende aanvallers creëerden duizenden problemen (dwz foutmeldingen) met een vulgaire racistische term in de titel, gekoppelde gebruikersaccounts daar en gegenereerde dus massale E-mailmeldingen. De herrieschoppers hebben hun aanpak meerdere keren veranderd om in de tussentijd door Codeberg te ontsnappen door de tegenmaatregelen die door Codeberg zijn genomen.
Sinds de middag op 13 februari verstopt een volumetrische Denial-of-Service aanval de internetverbinding van de club en veroorzaakt herhaalde verbindingsproblemen.
Geen gebruikersgegevens gestolen
In hun blog (archieflink) leggen de Codeberg makers uit dat er geen persoonlijke gegevens van gebruikers of repository-beheerders werden aangeboord. Hoewel massa's spam E-mails met aanstootgevende inhoud naar leden van het platform werden verzonden via een meldingsfunctie, hadden de aanvallers geen toegang tot de E-mailadressen van de servers of gebruikers. Een woordvoerder van Codeberg benadrukte dit opnieuw op Heise Security.
Codeberg werd gelanceerd als een Europees alternatief voor de belangrijkste platforms voor softwareontwikkeling zoals GitHub of GitLab en is gebaseerd op Forgejo, wat een fork is van Gitea. De vereniging wordt gefinancierd door donaties.
en-EU
Codeberg: Spam and DDoS attacks on non-commercial development platform.
The original post is in German, but they also created an English variant, which you can also find here below.
Masses of spam messages, overflowing email inboxes and clogged internet lines: Anonymous attacks plague the non-profit Github alternative.
Attackers are working their way through a mountain of code and trying to paralyze the open platform.
(Image: Erstellt durch KI mit Bing Designer / CKU)
At 16:06 CET/UTC+1
The non-profit software development platform Codeberg has been at the center of various attacks for days. The voluntary initiators of the project suspect a political motivation behind hate messages, spam and DDoS.
A few days ago, around February 10, the attacks against Codeberg e.V. began with spam campaigns against individual projects on the platform. Their bug trackers, for example, were flooded with nonsensical error messages. In addition, the email accounts of association members were filled with abusive newsletter registrations.
Racist messages in the mailbox
On the morning of February 12, the next step followed: the unknown attackers created thousands of issues (i.e., error messages) with a vulgar racist term in the title, linked user accounts there and thus generated mass email notifications. The troublemakers changed their approach several times to escape the countermeasures taken by Codeberg in the meantime.
Since midday on February 13, a volumetric denial-of-service attack has been clogging up the club's internet connection and causing repeated connection problems.
No user data stolen
In their blog entry (archive link), the Codeberg makers explain that no personal data of users or repository administrators was tapped. Although masses of spam emails with offensive content were sent to members of the platform via a notification function, the attackers did not have access to the servers or users' email addresses. A Codeberg spokesperson emphasized this once again to heise security.
Codeberg was launched as a European alternative to the major software development platforms such as GitHub or GItlab and is based on Forgejo, a fork of Gitea. The association is financed by donations. ##