CodeFloeIn the last hour, we got hammered by an Asian bot farm which used a very recent Chrome UA and thousands of unique IPs issueing around ~500 req/min for arbitrary repo (and request) paths.
This first caused a very high CPU pressure on the server running Forgejo and subsequently also a spike in memory, ultimately making the instance unresponsive.
If you ever wondered how this looks like on the metrics side, we've attached some screenshots here.
We've added a subnet-based rate-limit to catch these (at /16 level), so this attack vector isn't possible anymore (at least at this intensity level).
