Hello,
We're seeing attack attempts in the following form( actual username replaced with LDAPUserName) : 185.100.87.202 - LDAPUserName [17/Aug/2021:03:13:15 -0400] "GET /14d44de144cf4e2a8256d5bacd833604/b21f17a347124c9c9cef6f37adf8b5e6.git/info/refs?service=git-upload-: We've set visibility settings to require login as described here: https://gitlab.com/gitlab-org/gitlab-foss/-/blob/master/doc/user/admin_area/settings/visibility_and_access_controls.md#restrict-visibility-levels We are running ii gitlab-ce 14.1.2-ce.0 amd64 GitLab Community Edition Is there anything we can do to mitigate these attacks? they are causing LDAP account lockouts due to the failed login attempts. They are coming from a wide variety of known bad actors so we can't simply block by IP. Thank you John Legato -- You received this message because you are subscribed to the Google Groups "GitLab" group. To unsubscribe from this group and stop receiving emails from it, send an email to [email protected]. To view this discussion on the web visit https://groups.google.com/d/msgid/gitlabhq/b08530a6-d254-4cb9-85a3-41e3c189a334n%40googlegroups.com.
