i had somewhat similar situation this week on my forgejo instance and the only idea I had was to

1. Make one of my public repos private (it did help, but just a little)
2. Block whole Facebook and Google ASNs

But this solution is suboptimal in your case, as you care about indexing

I do not know the exact architecture that you have setup in Codeberg and you may have set it up already, but what about reverse proxies that introduce rate limiting based on a window (e.g. haproxy.com/blog/four-examples… ). You will need to check which software makes most sense to you here. That could address the scenario you have that a specific repository is affected.

Of course, all this does not address all possibly sources of Ddos attacks.

maybe related? mapstodon.space/@beacondb/1135…

BeaconDB

2024-11-30 12:11:51

someone's firefox is making bursts of up to 50 requests every 5 seconds. logs show 185k requests in a 12 hour period. that's like half of all requests the server has received over the past week - in 12 hours!! from a single client!! cannot make this up

if you happen to be in poland and use linux with beacondb configured, could you double check if you're running firefox v132? any chance the digits in your ipv4 address add up to 235? if so, something is very wrong lmao please reach out 🙏

@edsu Unlikely. It was massive and distributed, and hammering so much that our systems went down as quickly as within one second of re-allowing the access. It calmed down now, though.

It seemed to be mostly related to some web operations, so we still think it was crawling and only hammering this massive repo by coincidence.