Codeberg: Spam and DoS attacks on non-commercial development platform

The non-profit software development platform Codeberg has been at the center of various attacks for days. The voluntary initiators of the project suspect a political motivation behind hate messages, spam and dDoS.

A few days ago, around February 10, the attacks against Codeberg e.V. began with spam campaigns against individual projects on the platform. Their bug trackers, for example, were flooded with nonsensical error messages. In addition, the email accounts of association members were filled with abusive newsletter registrations.

Racist messages in the mailbox

On the morning of February 12, the next step followed: the unknown attackers created thousands of issues (i.e., error messages) with a vulgar racist term in the title, linked user accounts there and thus generated mass email notifications. The troublemakers changed their approach several times to escape the countermeasures taken by Codeberg in the meantime.

Since midday on February 13, a volumetric denial-of-service attack has been clogging up the club's internet connection and causing repeated connection problems.

No user data stolen

In their blog entry (archive link), the Codeberg makers explain that no personal data of users or repository administrators was tapped. Although masses of spam emails with offensive content were sent to members of the platform via a notification function, the attackers did not have access to the servers or users' email addresses. A Codeberg spokesperson emphasized this once again to heise security.

Codeberg was launched as a European alternative to the major software development platforms such as GitHub or GItlab and is based on Forgejo, a fork of Gitea. The association is financed by donations.

(cku)