You must log in or register to comment.
Woo, a federation update!
Dutch government shows interest in Forgejo
The Dutch government has expressed interest in using Forgejo for its national code platform. Currently, they rely on GitHub, but they are looking for alternatives for storing, collaborating and building government code. This is part of the Open Source Program Office (OSPo)‘s efforts to regain digital sovereignty. Throughout the month, a call also took place between a representative from the office and some Forgejo contributors.
Moreover, it is pleasing to hear that the office expressed interest in exploring ways to contribute back to the project.
Now this, this I like. If the dutch government also invests in federation, that would be amazing. First they have to tie the knot of course…
Six months ago, distributed crawling hit code.forgejo.org, and the mitigation measures put in place then held until a few weeks ago. The mitigation measures relied on JavaScript-based proof-of-work, but the crawling software learned to resolve the measures, allowing the attack to return.
Since November 24, a new blocking strategy has been implemented and successfully blocked around one million unique IPs daily. Only 5,000 unique IP addresses reach code.forgejo.org daily, and no reports of legitimate traffic being blocked have been received.
Crazy. A 1M to 5k ratio.
The linked to ‘new strategy’ information is interesting too. They’re blocking a specific user agent.
TL;DR: 26 November ~900,000 unique IPs sent requests to code.forgejo.org and blocking one user agent effectively blocks over 90% of them. At the moment ~50,000 unique IP hit code.forgejo.org per hour, ~5,000 of them are not using the suspicious user agent and are sent to Anubis, ~1,000 of them pass the challenge and reach code.forgejo.org.
&& Header(`user-agent`, `Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/125.0.0.0 Safari/537.36`)
