this post was submitted on 08 Apr 2026
10 points (100.0% liked)
Forgejo
310 readers
21 users here now
This is a community dedicated to Forgejo.
Useful links:
Rules:
- Posts must be relevant to Forgejo
- No NSFW content
- No hate speech, bigotry, etc
- Try to keep discussions on topic
- No spam of tools/companies/advertisements
- It’s ok to post your own stuff part of the time, but the primary use of the community should not be self-promotion.
founded 2 years ago
MODERATORS
you are viewing a single comment's thread
view the rest of the comments
view the rest of the comments
Having a private instance isn't exactly indicative to open source software, so I don't think that's the way I want to take it. I'd probably move to Codeberg or even GitHub before hosting the entire thing on a private net.
I also don't think monitoring and blocking are going to help here. This traffic came from so many different IPs that it would be almost impossible to detect and block them all without blocking legitimate traffic. I also really don't want to hook up a Cloudflare-like centralized challenge system to deal with this if I can avoid it.
It sounds to me like you are at the mercy of the bots then unfortunately. I have had literal empty websites up just to see what the bots do and within a few hours the sites are hammered with crazy bot traffic trying everything from MySQL connections, ssh, Wordpress sniffing, xss attacks, you name it. They don’t even seem to care that the site is 403 forbidden or just a blank page.
It’s the World Wide Web we live in nowadays according to my experience.
oh yeah, I see that on everything. I'm not so worried about those vuln scanners than this overwhelming nonsense traffic that I'm seeing now. This is different, and seemingly pointless.