Welcome to /r/Linux! This is a community for sharing news about Linux, interesting developments and press. If you're looking for tech support, /r/Linux4Noobs is a friendly community that can help you. Please also check out: https://lemmy.ml/c/linux and Kbin.social/m/Linux Please refrain from posting help requests here, cheers.
Gitea
A place to share, discuss, discover, assist with, gain assistance for, and critique self-hosted alternatives to our favorite web apps, web services, and online tools.
Background: A few hours ago, while doing a routine Google search for my domain to check if I had inadvertently exposed any details online, I stumbled upon an unexpected mention of my git domain. Intrigued and alarmed, I dug deeper and discovered that an unknown user had created an account on my Gitea server.
Update: maybe not hacked, take with a pinch of salt; registrations were open with e-mail verification, but my password didn't work.
The Hack (simple account creation):
-
User Creation: The user, named 'O', somehow managed to activate their account in late April
as if I had approved it myself. (They just verified their e-mail address.) -
Repository Upload: This user uploaded a massive 4.3 GB repository with a lot update history. It was allegedly forked from (this was last updated 2 hours ago)
-
Password Tampering: I also found that my admin password had been changed, forcing me to reset it to log in and delete the user/repo. (Idk if it was changed, it didn't work)
On further inspection, I traced back a network of repositories all linked to this mysterious user 'O', hosted across different domains like and . Each repository is similarly structured under /O/O, and I can't for the life of me figure out why or how this user appeared in my system (seems it's just a matter of registering with the open access I didn't close). Storage network? Botnet? Full server & gitea user takeover?
Security Measures:
-
After resetting my password, I deleted the unauthorized user and the large repository.
-
I did a reverse lookup on the email address used by 'O', which suggested this wasn't their first rodeo—there seems to be a pattern of hopping onto many domains with similar setups.
Moving Forward:
-
I've contacted a few other site owners who might be affected based on my findings.
-
I'm considering purging my Forgejo instance. I don't use it much, and it seems to have been compromised.
Has anyone here experienced something similar? Any advice on further preventive measures would be greatly appreciated. I'm especially curious about any insights into stopping such sophisticated intrusions at the server level.
Thanks for any help or insights you can offer!
edit: My repository was in a list such as this one where they post all the repositories they have forked onto open access gitea instances:
Conclusion: don't allow ppl to register if you don't want strange people to register. Also enable e-mail notifications and stuff for events if possible.
A place to share, discuss, discover, assist with, gain assistance for, and critique self-hosted alternatives to our favorite web apps, web services, and online tools.
Few weeks ago i started writing my masters thesis and i was looking for a selfhosted VCS to keep all my LaTeX files and images etc. After doing some research i found a couple of people on this sub recommending + as an lightweight alternative to Gitlab.
Tried it out and it works perfectly fine. When i tag a commit, Drone will compile my thesis into a PDF and automatically create a release in Gitea. Supper happy with this solution. Can just recommend the Gitea + Drone combination to anyone looking for a smaller alternative to Gitlab.
Thats it, thanks for the recommendation and have a nice day :)
A place to share, discuss, discover, assist with, gain assistance for, and critique self-hosted alternatives to our favorite web apps, web services, and online tools.
IT's a great alternative to github for anyone sick of microsoft's bs.
A place to share, discuss, discover, assist with, gain assistance for, and critique self-hosted alternatives to our favorite web apps, web services, and online tools.
Trying to decide on a Github-like service for my own Ubuntu Cloud Server. From what I understand is that Gogs and Gieta are similar in feature set and I was wondering if anyone has any experience in them to say which one would be best to go with
Welcome to /r/Linux! This is a community for sharing news about Linux, interesting developments and press. If you're looking for tech support, /r/Linux4Noobs is a friendly community that can help you. Please also check out: https://lemmy.ml/c/linux and Kbin.social/m/Linux Please refrain from posting help requests here, cheers.
A place to share, discuss, discover, assist with, gain assistance for, and critique self-hosted alternatives to our favorite web apps, web services, and online tools.
A place to share, discuss, discover, assist with, gain assistance for, and critique self-hosted alternatives to our favorite web apps, web services, and online tools.
A place to share, discuss, discover, assist with, gain assistance for, and critique self-hosted alternatives to our favorite web apps, web services, and online tools.
A place to share, discuss, discover, assist with, gain assistance for, and critique self-hosted alternatives to our favorite web apps, web services, and online tools.
I've just read the news that I wasn't even aware that Gitea was being turned into a for-profit organization!
Welcome to /r/Linux! This is a community for sharing news about Linux, interesting developments and press. If you're looking for tech support, /r/Linux4Noobs is a friendly community that can help you. Please also check out: https://lemmy.ml/c/linux and Kbin.social/m/Linux Please refrain from posting help requests here, cheers.
Welcome to /r/Linux! This is a community for sharing news about Linux, interesting developments and press. If you're looking for tech support, /r/Linux4Noobs is a friendly community that can help you. Please also check out: https://lemmy.ml/c/linux and Kbin.social/m/Linux Please refrain from posting help requests here, cheers.
A place to share, discuss, discover, assist with, gain assistance for, and critique self-hosted alternatives to our favorite web apps, web services, and online tools.
It's just a recommendation for building a personal small Git server. Maybe the title is a little exaggerated. If it offends you, I'm sorry.
I've been looking for a Git server that's simple enough for individuals to self-host and easy enough to use. It wasn't until I came across cgit (which is actually used on the official Linux kernel website) that I knew it was the one for me:
I recently finished building it on my Debian 11 server, and since the last release of cgit was 3 years ago, I started the build from source (it still has active commits). Also, I fine-tuned the CSS styles a little bit, and now he looks more comfortable.
I use cgit, Nginx, fcgiwrap for hosting (accompanied by Cloudflare global distribution network support), and HTTP basic authentication for git push.
If you are interested, I describe the corresponding details in on my blog.
Hava a nice day!
A place to share, discuss, discover, assist with, gain assistance for, and critique self-hosted alternatives to our favorite web apps, web services, and online tools.
A place to share, discuss, discover, assist with, gain assistance for, and critique self-hosted alternatives to our favorite web apps, web services, and online tools.
Hello folks, since gitea now supports actions how many of you already migrated their own gitlab to the lightweight selfhosting competitor gitea just to save cpu, ram and power bills? 😂
+1 here
This Is A Subreddit Dedicated To The Lookism Webtoon, Written By PTJ Company
A place for all things related to the Rust programming language—an open-source systems language that emphasizes performance, reliability, and productivity.
Welcome to /r/Linux! This is a community for sharing news about Linux, interesting developments and press. If you're looking for tech support, /r/Linux4Noobs is a friendly community that can help you. Please also check out: https://lemmy.ml/c/linux and Kbin.social/m/Linux Please refrain from posting help requests here, cheers.
A place to share, discuss, discover, assist with, gain assistance for, and critique self-hosted alternatives to our favorite web apps, web services, and online tools.
Hi All
I have a selfhosted Gitea server, and I use it for a lot more than coding. I even do management of document history for my business. I love it.
What I would like to do, is use it backup specific folders on other servers in my homelab.
Say for example my webdev test server: I would like to daily back up /etc/ /var/www/one.example.com/ /var/www/two.example.com/ etc etc
Now my knowledge on Gitea, and Git as a whole, is relatively limited to clone, add, commit, push and pull.
If I setup a user for the server, then insert the ssh pub key. I would like to know, how from the terminal (via SSH to the server), I can create a new repo for folder /var/www/one.example.com/ and then do an initial commit, so that the .git folder is created locally in /var/www/one.example.com/.git/
Then I can set a cronjob to do my daily backups, but still have the magic of full file history.
Also, can you configure a Repo to only keep changes back for say 90 days? (Space saving in the long run).
I know there are a lot of ways to do this, but I have a very good reason for using Git, mainly, it streamlines restoring files at any point in history, and also if I need to fork a website I am developing, I can do it in Git with ease.
Plus it allows me to add other users to a repo for example, and allows us to do branches etc.
Currently I am backing everything up using a script I wrote, and I have a dedicated bare metal that is handling that. I get a .tar.gz for the last 7 days, the last 5 sundays and the last 3 months (1st). But this is starting to take up a lot of harddrive space.
Any advice would kindly be appreciated.
A place to share, discuss, discover, assist with, gain assistance for, and critique self-hosted alternatives to our favorite web apps, web services, and online tools.
A place to share, discuss, discover, assist with, gain assistance for, and critique self-hosted alternatives to our favorite web apps, web services, and online tools.
Hello,
After taking a look at GitLab (CE), I decided to install Gitea as my daily and production instance for, mainly: docker repos, docker private registry and automated builds of images. Maybe later, I could use it for other purposes.
After checking the Gitea official , it seems that CI/CD capabilities are built-in actually. Does it mean, that no external service will be needed: Drone CI, for example?
Sorry to ask, but this is the first time installing a service like Gitea.
Nextcloud is an open source, self-hosted file sync & communication app platform. Access & sync your files, contacts, calendars and communicate & collaborate across your devices. You decide what happens with your data, where it is and who can access it! If you have questions for use in a company or government at scale (>1000 users), do yourself a favor and contact Nextcloud itself - this community is mostly home-user focused!
A place to share, discuss, discover, assist with, gain assistance for, and critique self-hosted alternatives to our favorite web apps, web services, and online tools.
A place to share, discuss, discover, assist with, gain assistance for, and critique self-hosted alternatives to our favorite web apps, web services, and online tools.
-
A place to share, discuss, discover, assist with, gain assistance for, and critique self-hosted alternatives to our favorite web apps, web services, and online tools.
members -
Ask questions and post articles about the Go programming language and related tools, events etc.
members -
members -
Codeberg is a community-driven, non-profit software development platform operated by Codeberg e.V. and centered around Codeberg.org, a Gitea-based software forge.
members -
Welcome to /r/Linux! This is a community for sharing news about Linux, interesting developments and press. If you're looking for tech support, /r/Linux4Noobs is a friendly community that can help you. Please also check out: https://lemmy.ml/c/linux and Kbin.social/m/Linux Please refrain from posting help requests here, cheers.
members -
A subreddit for everything open source related (for this context, we go off the definition of open source here http://en.wikipedia.org/wiki/Open_source)
members -
The Best Parts of the Anonymous Internet | Tor Onion Routing Hidden Services | .onions
members -
OpenDev.org Community Subreddit aims to help new users find answers around OpenDev (former OpenStack Infrastructure) and how it makes use of Gerrit, Zuul, Gitea. Anyone is encourage to use official channels like #opendev on IRC and http://lists.opendev.org/cgi-bin/mailman/listinfo/service-discuss mailing list.
members -
Traefik is a leading modern reverse proxy and load balancer that makes deploying microservices easy. Traefik integrates with your existing infrastructure components and configures itself automatically and dynamically.
members -
A place for all things related to the Rust programming language—an open-source systems language that emphasizes performance, reliability, and productivity.
members -
Welcome to your friendly /r/homelab, where techies and sysadmin from everywhere are welcome to share their labs, projects, builds, etc.
members