I had a codeburg account I never did anything with and was worried they got hacked or something. However, since I had never really used it, I just kinda shrugged (separate email, randomly-generated pass). They sent an email mentioning it was this sort of spam.
this post was submitted on 12 Feb 2025
154 points (98.7% liked)
Opensource
1936 readers
81 users here now
A community for discussion about open source software! Ask questions, share knowledge, share news, or post interesting stuff related to it!
⠀
founded 1 year ago
MODERATORS
I guess an easy fix for that particular issue is to severely rate limit mentions. E.g. if a user mentions more than 100 users in 1 hour then delay them and flag the account. Then you can whitelist it if it's a legit CI bot or whatever.
this could be gamed though - mention 99 users, switch accounts, rinse and repeat
I assume there's some barrier to creating accounts that makes it difficult? If not there's pretty much nothing they can do.
Quite childish behavior.
Other opinions exist, I must exert my free speech to ridicule other opinions and try to offend those holding them
"Signed, a free speech absolutist"
I'm glad I saw this post and codeberg's statement before the spam notifications.
Got two notifications this morning where I was tagged in an issue, but just a few minutes later when I tried to view the report it was already gone.
Really, props to the Codeberg moderation team for their hard work.
I was tagged, immediately clicked to see the link so I could report abuse, and got a 404. Very fast response. I appreciate that and the message Codeberg sent out that OP posted here. Came to p.d to see if anyone posted it yet.
I woke up to this, this is what it was if anyone was wondering:
edit: they've sent out apology emails to all who were affected. there was no leak of emails so it seems
Seems like codeberg got significant attention for spammers to come and do this.
I'm looking for a repo to host a couple of projects. I hadn't considered codeberg as a home until now.
I guess I'll donate when I sign up.
Exactly. I've already hosted a small script project there but this blog post reminded me I'd forgotten to add them to my December donations list.
I currently have an outage from my own forgejo insrance (which codeberg runs as well afaik) since yesterday. I wonder if that is connected.
Here someone abused some feature to automatically create comments mentioning hundreds or more users so that the server send the comment notification via email. The email I got had just the N word followed by "balls" and lots of mentioned accounts. Not sure if others got longer messages?
same email here.
That's exactly what I got too
So that's what it was...
More likely due to extreme AI scraping. That has been an issue with selfhosted Forgejo instances for months now and it is a complete PITA to deal with.
Time for the LLM crawler trap: https://zadzmo.org/code/nepenthes/
interesting project, thx for sharing! though:
There is not currently a way to differentiate between web crawlers that are indexing sites for search purposes, vs crawlers that are training AI models. ANY SITE THIS SOFTWARE IS APPLIED TO WILL LIKELY DISAPPEAR FROM ALL SEARCH RESULTS.