Over the past week or so we’re seeing bots from all over attempting to make authenticated connections e.g.
220.127.116.11 - LDAPUser [02/May/2020:13:45:49 -0400] “GET /7e5d5f27d6374bbdb8ccca4b63255122/eb613e0a79a54e2ca9b0d6f7be2a553b.git/info/refs?service=git-upload-pack HTTP/1.1” 401 26 “” “git/2.24.1”
This is causing major headaches as the failed logins lock users accounts.
We have a robots.txt in place that instructs bots not to index the site at all but these bots are poorly behaved and appear to be ignoring it. We’ve verified that robots.txt is correct by using Google’s site tools and confirmed that Google at least no longer attempting to index. We also
tried GitLab’s rate limiting features but this doesn’t seem to do it.
Has anyone seen similar activity lately? Outside of disabling LDAP account integration, what else might we do to mitigate the issue? We are running GitLab Omnibus CE 12.10.2-ce.0