git.30p87.de/users/sign_up uhm… oops
Comment on 700+ self-hosted Git instances battered in 0-day attacks
scrubbles@poptalk.scrubbles.tech 5 days ago
Good note, and good callout, we should always call out these things.
But yes if you’re self hosting and you both have a public facing instance and allow open registration, you are a much much braver person than I.
30p87@feddit.org 5 days ago
jeena@piefed.jeena.net 5 days ago
I’m not allowing random people hosting their git repos on mine but it’s public and they can fork my own stuff on it in theoretically upload some bullshit.
Jason2357@lemmy.ca 3 days ago
Any time you have a server willing to process random data uploaded from randos, just expect it to be compromised eventually and prepare for the eventuality by isolating it, backing it up religiously, and setting up good monitoring of some sort. Doesnt matter if its a forge, a wiki, or like nextcloud or whatever. It will happen.
Jason2357@lemmy.ca 3 days ago
To anyone afraid of the above conclusion, a dedicated $5 VPS with automatic snapshots get you a long way.
WhyJiffie@sh.itjust.works 2 days ago
if the server is compromised, all the data it stores is at risk of getting drleted or modified. so I don’t think a VPS really solves the problem.