From f145560e55a1bc9a70f54d160d0a3743640bdf5f Mon Sep 17 00:00:00 2001 From: rvba Date: Wed, 1 Jan 2025 18:35:05 +0100 Subject: [PATCH] Actualiser Zurich hackathon --- Zurich-hackathon.md | 10 ---------- 1 file changed, 10 deletions(-) diff --git a/Zurich-hackathon.md b/Zurich-hackathon.md index 16ce4d0..3aee839 100644 --- a/Zurich-hackathon.md +++ b/Zurich-hackathon.md @@ -70,13 +70,3 @@ This is made possible thanks to [IfcMerge](https://github.com/brunopostle/ifcmer * 📨 contact@gitaec.com - -## DDoS Mitigation - -🚨 **June 28th** : [gitaec.org](https://gitaec.org) is currently offline due to a [DDoS](https://en.wikipedia.org/wiki/Denial-of-service_attack) attack on its git services. We will be back online as soon as possible. In the meantime, you can browse examples on **[gitaec.com](https://gitaec.com/rvba/hackathon-zurich)**. - -July, 1st : **The incident is now closed** - -✏️ **[Postmortem report](https://en.wikipedia.org/wiki/Postmortem_documentation)** : Starting at the end of June 2024, we began noticing that our forges were slow to respond. We then checked our servers and discover that they were at full CPU capacity, permanently. This was caused by some computationally intensive requests involving git commands such as ``git blame``. We had to shut down our services for a couple of days to find a solution. Our web server logs showed up to 350,000 requests a day targeting git repositories from hundreds of different IPs. But despite this apparent diversity, a single user agent was involved : ``facebookexternalhit``. After some quick research, we found out that we were victims of a DDoS attack [involving a malicious use of the Facebook API](https://developers.facebook.com/community/threads/992798532416685/). By adding a simple user agent test in front of our server proxy (Nginx), we were able to reject these malicious requests. This seems to have "solved" the issue for now. - -