Project settings all messed up.

Today me and another developer were randomly asked by TortoiseSVN for our credentials, which had been cached for as long as we’ve had our project on Assembla. After entering them, they didn’t work anymore. We proceeded to cange our passwords, and still they do not work for SVN. They work for logging into Assembla’s web site, and for Trac, but not for SVN. Also, we both lost our Trac Admin permissions, even though we are owners for the project..

Our project name is “WCell”

Thanks in advance.

Your space was restricted because your trac caused a lot of load to our server. It is caused by web bots that crawl your trac changesets. I removed changeset_view permission for anonymous users, but somebody restored it back.

It affects other projects, so we had to take above decision.

But why weren’t we informed? And how serious is it? If a bot crawls the change-set every 20 minutes, i dont think its gonna effect anyone?

Also: Why was our admin priviledge and svn-access removed? Was it accidental or intended?

I do understand that you offer your remarkable service to us for free. But just because we are not commercial customers, does not mean that we feel comfortable with being treated like this?

There are stupid web bots in internet, that crawl sites like crazy. Server load average went to 45.00. I blocked some IP addresses, but I can not guard the server anytime.

Your free trac will block access for other 30k free public/private projects. we have ~ 100 commercial projects only. So we decided to restrict the space.

I find it odd that I’ve only heard of our project being accessed/restricted in this way, and have never seen anyone else post anything like it. Also, I’m curious what bots you’re referring to. Does the reverse DNS tell you anything useful? Is it simply a wild range of IP addresses accessing the same or random changesets in a flood, or is it timed, like an interval? There seems to be a lack of information on exactly what was or still is happening.

Something is strange with changeset 456, when it is viewed trac holds apache running for at least 10 minutes, but this 217.150.49.241 opened ~ 50 connections, I blocked IP, but other bots tried to open the same URL.

The condition to restore your project settings is to deny anonymous view of changesets.

I know what is it, I’ve actually commited 5MB big file there. Is there any possibility of not displaying that particular revision? I think that would solve the problem. Or somehow cut the lines from that 5MB file? Or disable showing that one particular file? I’m sorry, I didn’t think of that when I commited it, and it actually didn’t come on my mind, that trac will be showing 5MBs of text in changeset.

Well I suppose we have no choice but to keep changeset viewing limited to members. But I’d emplore you to not simply remove permissions or change permissions with NO reason or notice given AT ALL. Whether or not the problem was serious and deserved immediate attention, we deserved to know about it.

If you could restore admin permissions on Trac to the Owner members of the project, that’d be fantastic.

This is highly unprofessional. We have users waiting to download and developers waiting to commit. The latest revision is not stable and we were just about to fix that and setup a build-server to avoid that kind of issue again.

We are not able to commit, we are not able to change settings and we are not even able to view our own change sets and all that without being given a warning or at least a really clear explanation.

If we are not given back access to our repository within 12 hours, we see ourselves forced to move our project.

Not that I would much care anymore after being treated like this. But the solution to this would be to enable caching. If you cached the trac-output, you don’t have to re-create it all the time and not care about some weird “bots” (from Mars or whereever they come from) that you are talking about.

You better enable caching anytime soon, or people are able to exploit the trac-pages and might attack you in a way that it would make it hard for you to recover.

I’m waiting for manager decision related your project.

PS: I tried to explain at my best, if you are not satisfied, wait for someone else that will give a better support. In the footer on every Assembla page there are phone and email where you can get answers to more delicate questions.

You tried your best? All you said was that someone attacks our space on your website with “stupid web bots in internet” and thats why you had to remove our access and privileges to your space without saying a single word.

If that is your best, then I feel sorry for you.