GitLab account hacked and repo wipedGithub account hacked and repo wipedCan a ransomware “destroy” git remote repositories?GitHub pages and same originPassword manager and account recoveryHow should security patches be managed in public versioning systems (like Github, etc.)?What are the security implications of allowing guest checkout using an email bound to known account?How does Github authentication work (command line, api)?Confused about GitHub's GPG key association and authenticityShould I be worried by an email which said my account was under attack?SendGrid Github Account Credentials ScanningGithub account hacked and repo wiped

How should I tell my manager I'm not paying for an optional after work event I'm not going to?

What do "Sech" and "Vich" mean in this sentence?

Adding command shortcuts to /bin

Should I mention being denied entry to UK due to a confusion in my Visa and Ticket bookings?

When an imagined world resembles or has similarities with a famous world

Nested loops to process groups of pictures

Why aren't nationalizations in Russia described as socialist?

Is there a word for food that's gone 'bad', but is still edible?

History of the kernel of a homomorphism?

How can Internet speed be 10 times slower without a router than when using the same connection with a router?

What was the first story to feature the plot "the monsters were human all along"?

Is Benjen dead?

GitLab account hacked and repo wiped

Why symmetry transformations have to commute with Hamiltonian?

How to pass hash as password to ssh server

Copy previous line to current line from text file

Would a small hole in a Faraday cage drastically reduce its effectiveness at blocking interference?

What is a common way to tell if an academic is "above average," or outstanding in their field? Is their h-index (Hirsh index) one of them?

Would you use "llamarse" for an animal's name?

Any examples of liquids volatile at room temp but non-flammable?

Dangerous workplace travelling

How to deal with employer who keeps me at work after working hours

Has the United States ever had a non-Christian President?

Should I simplify my writing in a foreign country?



GitLab account hacked and repo wiped


Github account hacked and repo wipedCan a ransomware “destroy” git remote repositories?GitHub pages and same originPassword manager and account recoveryHow should security patches be managed in public versioning systems (like Github, etc.)?What are the security implications of allowing guest checkout using an email bound to known account?How does Github authentication work (command line, api)?Confused about GitHub's GPG key association and authenticityShould I be worried by an email which said my account was under attack?SendGrid Github Account Credentials ScanningGithub account hacked and repo wiped






.everyoneloves__top-leaderboard:empty,.everyoneloves__mid-leaderboard:empty,.everyoneloves__bot-mid-leaderboard:empty margin-bottom:0;








16















I was working on a project, a private repo, and suddenly all the commits disappeared and were replaced with a single text file saying




To recover your lost code and avoid leaking it: Send us 0.1 Bitcoin
(BTC) to our Bitcoin address 1ES14c7qLb5CYhLMUekctxLgc1FV2Ti9DA and
contact us by Email at admin@gitsbackup.com with your Git login and a
Proof of Payment. If you are unsure if we have your data, contact us
and we will send you a proof. Your code is downloaded and backed up on
our servers. If we dont receive your payment in the next 10 Days, we
will make your code public or use them otherwise.




At the time of this happening, Google search didn't show up anything, but in an hour or so this started coming up.



I am using SourceTree (always up-to-date) but somehow I doubt that SourceTree is the issue, or that my system (Windows 10) was compromised. I'm not saying it's not that, it's just that I doubt it.



This happened only to one of my repositories (all of them private) and all the others were left untouched. I changed my password, enabled 2 factor authentication, removed one access token that I wasn't using for years and wrote an email to GitLab in the hopes that they could tell me something about where/who the attacker got in.



My password was a weak one that could've been relatively easily cracked via brute-force (it's not a common one but starts with "a" and has only a-z characters in it) and it could be that they just automatically checked if they can access the account and then ran some git commands. It is also possible that my email address and that particular password are on a list of leaked accounts. One might argue that if this is how they got in, they would've simply changed the account credentials but searching the Internet revealed that in these cases GitLab/GitHub will simply restore the credentials for you, and so I assume this is why they didn't do it this way.



Could've also been that old access token, I can't remember what and where I used it for in the past - most likely generated for use on a computer I previously owned, so I doubt that that was the issue.



There are also 4 developers working on it, all having full access to the repository, so their accounts being compromised is also a possibility.



I've scanned my computer with BitDefender and couldn't find anything but I am not doing shady things on the internet so I don't think that me being infected with a malware/trojan is what caused this.



I am waiting for an answer from GitLab and maybe they can shed some light on this. I have the code base on my local Git, so that is not an issue, but I am not pushing the code back to the repository just yet. Also, just in case the code gets published somewhere, I will change any passwords that are to be found in the source (databases, IMAP accounts)



UPDATE



I found out that the code isn't gone. I tried accessing a commit's hash and it worked. So the code is there but there's something wrong with the HEAD. My knowledge on this is very limited but



git reflog



shows all my commits.



What this means to me is that the attackers most likely didn't clone the repositories (would be a logistical nightmare to do this for all the victims, anyway) and that the chances for them going over the source code looking for sensitive data, or of making the code public are low. It also means to me that is not a targeted attack but a random, bulk attack, carried out by a script. I really hope this is the case for our own sake!



UPDATE 2



So, if you do



git checkout origin/master


you will see the attacker's commit



git checkout master


you will see all your files



git checkout origin/master
git reflog # take the SHA of the last commit of yours
git reset [SHA]


will fix your origin/master...but



git status


now will say



HEAD detached from origin/master


still searching for a fix on this



UPDATE 3



If you have the files locally, running



git push origin HEAD:master --force


will fix everything. See Peter's comment



So, the question is what commands will get my repository back to the previously working state assuming you don't have the repo locally, as for how the attacked got in, I am hoping that the answer from GitLab (if any) will help us more.



There is a discussion going on here



The attack targets GitHub, BitBucket and GitLab accounts. Here's the magnitude on GitHub's public repos










share|improve this question









New contributor




Stefan Gabos is a new contributor to this site. Take care in asking for clarification, commenting, and answering.
Check out our Code of Conduct.




















  • git checkout -b new_master <commit_id>

    – domen
    12 hours ago






  • 3





    What this means to me is that the attacker doesn't have the code and there's no threat of them going over the source code for sensitive data or of making the code public - You assume all this. If attacker cloned your repository, they absolutely would have access to all that. Also, why would the source include sensitive data?

    – domen
    12 hours ago











  • Im with the same trouble. Did u grant access to docker hub by OAuth2.0 using git?

    – Diego Andrade
    12 hours ago






  • 1





    You get your local repository to look like you want it to be, then simply git push origin HEAD:master --force. You may have to unprotect the master branch to allow the forced push. It does not matter which branch you have checked out locally, or if you are detached. It will just forcefully make origin/master whatever your current HEAD is.

    – Peter
    11 hours ago







  • 1





    @peter, I am in a fortunate position where I have everything locally and where your answer is a quick and easy fix, but I was looking for a solution for people that don't have the files locally. Since the code is already there, on Git, I was looking for a sequence of commands that would fix things

    – Stefan Gabos
    10 hours ago


















16















I was working on a project, a private repo, and suddenly all the commits disappeared and were replaced with a single text file saying




To recover your lost code and avoid leaking it: Send us 0.1 Bitcoin
(BTC) to our Bitcoin address 1ES14c7qLb5CYhLMUekctxLgc1FV2Ti9DA and
contact us by Email at admin@gitsbackup.com with your Git login and a
Proof of Payment. If you are unsure if we have your data, contact us
and we will send you a proof. Your code is downloaded and backed up on
our servers. If we dont receive your payment in the next 10 Days, we
will make your code public or use them otherwise.




At the time of this happening, Google search didn't show up anything, but in an hour or so this started coming up.



I am using SourceTree (always up-to-date) but somehow I doubt that SourceTree is the issue, or that my system (Windows 10) was compromised. I'm not saying it's not that, it's just that I doubt it.



This happened only to one of my repositories (all of them private) and all the others were left untouched. I changed my password, enabled 2 factor authentication, removed one access token that I wasn't using for years and wrote an email to GitLab in the hopes that they could tell me something about where/who the attacker got in.



My password was a weak one that could've been relatively easily cracked via brute-force (it's not a common one but starts with "a" and has only a-z characters in it) and it could be that they just automatically checked if they can access the account and then ran some git commands. It is also possible that my email address and that particular password are on a list of leaked accounts. One might argue that if this is how they got in, they would've simply changed the account credentials but searching the Internet revealed that in these cases GitLab/GitHub will simply restore the credentials for you, and so I assume this is why they didn't do it this way.



Could've also been that old access token, I can't remember what and where I used it for in the past - most likely generated for use on a computer I previously owned, so I doubt that that was the issue.



There are also 4 developers working on it, all having full access to the repository, so their accounts being compromised is also a possibility.



I've scanned my computer with BitDefender and couldn't find anything but I am not doing shady things on the internet so I don't think that me being infected with a malware/trojan is what caused this.



I am waiting for an answer from GitLab and maybe they can shed some light on this. I have the code base on my local Git, so that is not an issue, but I am not pushing the code back to the repository just yet. Also, just in case the code gets published somewhere, I will change any passwords that are to be found in the source (databases, IMAP accounts)



UPDATE



I found out that the code isn't gone. I tried accessing a commit's hash and it worked. So the code is there but there's something wrong with the HEAD. My knowledge on this is very limited but



git reflog



shows all my commits.



What this means to me is that the attackers most likely didn't clone the repositories (would be a logistical nightmare to do this for all the victims, anyway) and that the chances for them going over the source code looking for sensitive data, or of making the code public are low. It also means to me that is not a targeted attack but a random, bulk attack, carried out by a script. I really hope this is the case for our own sake!



UPDATE 2



So, if you do



git checkout origin/master


you will see the attacker's commit



git checkout master


you will see all your files



git checkout origin/master
git reflog # take the SHA of the last commit of yours
git reset [SHA]


will fix your origin/master...but



git status


now will say



HEAD detached from origin/master


still searching for a fix on this



UPDATE 3



If you have the files locally, running



git push origin HEAD:master --force


will fix everything. See Peter's comment



So, the question is what commands will get my repository back to the previously working state assuming you don't have the repo locally, as for how the attacked got in, I am hoping that the answer from GitLab (if any) will help us more.



There is a discussion going on here



The attack targets GitHub, BitBucket and GitLab accounts. Here's the magnitude on GitHub's public repos










share|improve this question









New contributor




Stefan Gabos is a new contributor to this site. Take care in asking for clarification, commenting, and answering.
Check out our Code of Conduct.




















  • git checkout -b new_master <commit_id>

    – domen
    12 hours ago






  • 3





    What this means to me is that the attacker doesn't have the code and there's no threat of them going over the source code for sensitive data or of making the code public - You assume all this. If attacker cloned your repository, they absolutely would have access to all that. Also, why would the source include sensitive data?

    – domen
    12 hours ago











  • Im with the same trouble. Did u grant access to docker hub by OAuth2.0 using git?

    – Diego Andrade
    12 hours ago






  • 1





    You get your local repository to look like you want it to be, then simply git push origin HEAD:master --force. You may have to unprotect the master branch to allow the forced push. It does not matter which branch you have checked out locally, or if you are detached. It will just forcefully make origin/master whatever your current HEAD is.

    – Peter
    11 hours ago







  • 1





    @peter, I am in a fortunate position where I have everything locally and where your answer is a quick and easy fix, but I was looking for a solution for people that don't have the files locally. Since the code is already there, on Git, I was looking for a sequence of commands that would fix things

    – Stefan Gabos
    10 hours ago














16












16








16


5






I was working on a project, a private repo, and suddenly all the commits disappeared and were replaced with a single text file saying




To recover your lost code and avoid leaking it: Send us 0.1 Bitcoin
(BTC) to our Bitcoin address 1ES14c7qLb5CYhLMUekctxLgc1FV2Ti9DA and
contact us by Email at admin@gitsbackup.com with your Git login and a
Proof of Payment. If you are unsure if we have your data, contact us
and we will send you a proof. Your code is downloaded and backed up on
our servers. If we dont receive your payment in the next 10 Days, we
will make your code public or use them otherwise.




At the time of this happening, Google search didn't show up anything, but in an hour or so this started coming up.



I am using SourceTree (always up-to-date) but somehow I doubt that SourceTree is the issue, or that my system (Windows 10) was compromised. I'm not saying it's not that, it's just that I doubt it.



This happened only to one of my repositories (all of them private) and all the others were left untouched. I changed my password, enabled 2 factor authentication, removed one access token that I wasn't using for years and wrote an email to GitLab in the hopes that they could tell me something about where/who the attacker got in.



My password was a weak one that could've been relatively easily cracked via brute-force (it's not a common one but starts with "a" and has only a-z characters in it) and it could be that they just automatically checked if they can access the account and then ran some git commands. It is also possible that my email address and that particular password are on a list of leaked accounts. One might argue that if this is how they got in, they would've simply changed the account credentials but searching the Internet revealed that in these cases GitLab/GitHub will simply restore the credentials for you, and so I assume this is why they didn't do it this way.



Could've also been that old access token, I can't remember what and where I used it for in the past - most likely generated for use on a computer I previously owned, so I doubt that that was the issue.



There are also 4 developers working on it, all having full access to the repository, so their accounts being compromised is also a possibility.



I've scanned my computer with BitDefender and couldn't find anything but I am not doing shady things on the internet so I don't think that me being infected with a malware/trojan is what caused this.



I am waiting for an answer from GitLab and maybe they can shed some light on this. I have the code base on my local Git, so that is not an issue, but I am not pushing the code back to the repository just yet. Also, just in case the code gets published somewhere, I will change any passwords that are to be found in the source (databases, IMAP accounts)



UPDATE



I found out that the code isn't gone. I tried accessing a commit's hash and it worked. So the code is there but there's something wrong with the HEAD. My knowledge on this is very limited but



git reflog



shows all my commits.



What this means to me is that the attackers most likely didn't clone the repositories (would be a logistical nightmare to do this for all the victims, anyway) and that the chances for them going over the source code looking for sensitive data, or of making the code public are low. It also means to me that is not a targeted attack but a random, bulk attack, carried out by a script. I really hope this is the case for our own sake!



UPDATE 2



So, if you do



git checkout origin/master


you will see the attacker's commit



git checkout master


you will see all your files



git checkout origin/master
git reflog # take the SHA of the last commit of yours
git reset [SHA]


will fix your origin/master...but



git status


now will say



HEAD detached from origin/master


still searching for a fix on this



UPDATE 3



If you have the files locally, running



git push origin HEAD:master --force


will fix everything. See Peter's comment



So, the question is what commands will get my repository back to the previously working state assuming you don't have the repo locally, as for how the attacked got in, I am hoping that the answer from GitLab (if any) will help us more.



There is a discussion going on here



The attack targets GitHub, BitBucket and GitLab accounts. Here's the magnitude on GitHub's public repos










share|improve this question









New contributor




Stefan Gabos is a new contributor to this site. Take care in asking for clarification, commenting, and answering.
Check out our Code of Conduct.












I was working on a project, a private repo, and suddenly all the commits disappeared and were replaced with a single text file saying




To recover your lost code and avoid leaking it: Send us 0.1 Bitcoin
(BTC) to our Bitcoin address 1ES14c7qLb5CYhLMUekctxLgc1FV2Ti9DA and
contact us by Email at admin@gitsbackup.com with your Git login and a
Proof of Payment. If you are unsure if we have your data, contact us
and we will send you a proof. Your code is downloaded and backed up on
our servers. If we dont receive your payment in the next 10 Days, we
will make your code public or use them otherwise.




At the time of this happening, Google search didn't show up anything, but in an hour or so this started coming up.



I am using SourceTree (always up-to-date) but somehow I doubt that SourceTree is the issue, or that my system (Windows 10) was compromised. I'm not saying it's not that, it's just that I doubt it.



This happened only to one of my repositories (all of them private) and all the others were left untouched. I changed my password, enabled 2 factor authentication, removed one access token that I wasn't using for years and wrote an email to GitLab in the hopes that they could tell me something about where/who the attacker got in.



My password was a weak one that could've been relatively easily cracked via brute-force (it's not a common one but starts with "a" and has only a-z characters in it) and it could be that they just automatically checked if they can access the account and then ran some git commands. It is also possible that my email address and that particular password are on a list of leaked accounts. One might argue that if this is how they got in, they would've simply changed the account credentials but searching the Internet revealed that in these cases GitLab/GitHub will simply restore the credentials for you, and so I assume this is why they didn't do it this way.



Could've also been that old access token, I can't remember what and where I used it for in the past - most likely generated for use on a computer I previously owned, so I doubt that that was the issue.



There are also 4 developers working on it, all having full access to the repository, so their accounts being compromised is also a possibility.



I've scanned my computer with BitDefender and couldn't find anything but I am not doing shady things on the internet so I don't think that me being infected with a malware/trojan is what caused this.



I am waiting for an answer from GitLab and maybe they can shed some light on this. I have the code base on my local Git, so that is not an issue, but I am not pushing the code back to the repository just yet. Also, just in case the code gets published somewhere, I will change any passwords that are to be found in the source (databases, IMAP accounts)



UPDATE



I found out that the code isn't gone. I tried accessing a commit's hash and it worked. So the code is there but there's something wrong with the HEAD. My knowledge on this is very limited but



git reflog



shows all my commits.



What this means to me is that the attackers most likely didn't clone the repositories (would be a logistical nightmare to do this for all the victims, anyway) and that the chances for them going over the source code looking for sensitive data, or of making the code public are low. It also means to me that is not a targeted attack but a random, bulk attack, carried out by a script. I really hope this is the case for our own sake!



UPDATE 2



So, if you do



git checkout origin/master


you will see the attacker's commit



git checkout master


you will see all your files



git checkout origin/master
git reflog # take the SHA of the last commit of yours
git reset [SHA]


will fix your origin/master...but



git status


now will say



HEAD detached from origin/master


still searching for a fix on this



UPDATE 3



If you have the files locally, running



git push origin HEAD:master --force


will fix everything. See Peter's comment



So, the question is what commands will get my repository back to the previously working state assuming you don't have the repo locally, as for how the attacked got in, I am hoping that the answer from GitLab (if any) will help us more.



There is a discussion going on here



The attack targets GitHub, BitBucket and GitLab accounts. Here's the magnitude on GitHub's public repos







account-security ransomware intrusion github






share|improve this question









New contributor




Stefan Gabos is a new contributor to this site. Take care in asking for clarification, commenting, and answering.
Check out our Code of Conduct.











share|improve this question









New contributor




Stefan Gabos is a new contributor to this site. Take care in asking for clarification, commenting, and answering.
Check out our Code of Conduct.









share|improve this question




share|improve this question








edited 5 hours ago







Stefan Gabos













New contributor




Stefan Gabos is a new contributor to this site. Take care in asking for clarification, commenting, and answering.
Check out our Code of Conduct.









asked 13 hours ago









Stefan GabosStefan Gabos

1817




1817




New contributor




Stefan Gabos is a new contributor to this site. Take care in asking for clarification, commenting, and answering.
Check out our Code of Conduct.





New contributor





Stefan Gabos is a new contributor to this site. Take care in asking for clarification, commenting, and answering.
Check out our Code of Conduct.






Stefan Gabos is a new contributor to this site. Take care in asking for clarification, commenting, and answering.
Check out our Code of Conduct.












  • git checkout -b new_master <commit_id>

    – domen
    12 hours ago






  • 3





    What this means to me is that the attacker doesn't have the code and there's no threat of them going over the source code for sensitive data or of making the code public - You assume all this. If attacker cloned your repository, they absolutely would have access to all that. Also, why would the source include sensitive data?

    – domen
    12 hours ago











  • Im with the same trouble. Did u grant access to docker hub by OAuth2.0 using git?

    – Diego Andrade
    12 hours ago






  • 1





    You get your local repository to look like you want it to be, then simply git push origin HEAD:master --force. You may have to unprotect the master branch to allow the forced push. It does not matter which branch you have checked out locally, or if you are detached. It will just forcefully make origin/master whatever your current HEAD is.

    – Peter
    11 hours ago







  • 1





    @peter, I am in a fortunate position where I have everything locally and where your answer is a quick and easy fix, but I was looking for a solution for people that don't have the files locally. Since the code is already there, on Git, I was looking for a sequence of commands that would fix things

    – Stefan Gabos
    10 hours ago


















  • git checkout -b new_master <commit_id>

    – domen
    12 hours ago






  • 3





    What this means to me is that the attacker doesn't have the code and there's no threat of them going over the source code for sensitive data or of making the code public - You assume all this. If attacker cloned your repository, they absolutely would have access to all that. Also, why would the source include sensitive data?

    – domen
    12 hours ago











  • Im with the same trouble. Did u grant access to docker hub by OAuth2.0 using git?

    – Diego Andrade
    12 hours ago






  • 1





    You get your local repository to look like you want it to be, then simply git push origin HEAD:master --force. You may have to unprotect the master branch to allow the forced push. It does not matter which branch you have checked out locally, or if you are detached. It will just forcefully make origin/master whatever your current HEAD is.

    – Peter
    11 hours ago







  • 1





    @peter, I am in a fortunate position where I have everything locally and where your answer is a quick and easy fix, but I was looking for a solution for people that don't have the files locally. Since the code is already there, on Git, I was looking for a sequence of commands that would fix things

    – Stefan Gabos
    10 hours ago

















git checkout -b new_master <commit_id>

– domen
12 hours ago





git checkout -b new_master <commit_id>

– domen
12 hours ago




3




3





What this means to me is that the attacker doesn't have the code and there's no threat of them going over the source code for sensitive data or of making the code public - You assume all this. If attacker cloned your repository, they absolutely would have access to all that. Also, why would the source include sensitive data?

– domen
12 hours ago





What this means to me is that the attacker doesn't have the code and there's no threat of them going over the source code for sensitive data or of making the code public - You assume all this. If attacker cloned your repository, they absolutely would have access to all that. Also, why would the source include sensitive data?

– domen
12 hours ago













Im with the same trouble. Did u grant access to docker hub by OAuth2.0 using git?

– Diego Andrade
12 hours ago





Im with the same trouble. Did u grant access to docker hub by OAuth2.0 using git?

– Diego Andrade
12 hours ago




1




1





You get your local repository to look like you want it to be, then simply git push origin HEAD:master --force. You may have to unprotect the master branch to allow the forced push. It does not matter which branch you have checked out locally, or if you are detached. It will just forcefully make origin/master whatever your current HEAD is.

– Peter
11 hours ago






You get your local repository to look like you want it to be, then simply git push origin HEAD:master --force. You may have to unprotect the master branch to allow the forced push. It does not matter which branch you have checked out locally, or if you are detached. It will just forcefully make origin/master whatever your current HEAD is.

– Peter
11 hours ago





1




1





@peter, I am in a fortunate position where I have everything locally and where your answer is a quick and easy fix, but I was looking for a solution for people that don't have the files locally. Since the code is already there, on Git, I was looking for a sequence of commands that would fix things

– Stefan Gabos
10 hours ago






@peter, I am in a fortunate position where I have everything locally and where your answer is a quick and easy fix, but I was looking for a solution for people that don't have the files locally. Since the code is already there, on Git, I was looking for a sequence of commands that would fix things

– Stefan Gabos
10 hours ago











3 Answers
3






active

oldest

votes


















1














Use git push -u origin master -f && git push --tags -f from your local clone to push all references for master, tags and so on to the remote and then enable 2FA in your account.



If more branches are affected use git push -u --all -f






share|improve this answer
































    1














    If more branches are affected, you may need to checkout all branches first with the following command before performing git push -u --all -f



    for branch in `git branch -a | grep remotes | grep -v HEAD | grep -v master `; do
    git branch --track $branch#remotes/origin/ $branch
    done


    https://gist.github.com/octasimo/66f3cc230725d1cf1421






    share|improve this answer








    New contributor




    Ron is a new contributor to this site. Take care in asking for clarification, commenting, and answering.
    Check out our Code of Conduct.



























      1














      I doubt that the hackers pushed a "delete all" commit, or else you could simply revert the last commit. Rather, they force-pushed a different commit with the note to the HEAD of the master branch, making it look like your entire commit history is gone.



      As others have pointed out, you can easily use a local repo to re-push your code to the server. Due to the distributed nature of Git, this always works whether or not the server was wiped since every local repo has a complete clone of the server, including both commits and code. Of course, you should make sure the server has been secured first before attempting recovery efforts. :-)



      If you don't have a local repo that includes the most recent commit, the commit history (and all associated files) will still exist on the server for a while. However, the server will eventually run git gc, which will clean up those unreachable commits. As of 2013, GitHub said they will run git gc at most once per day but it can also be triggered manually, while BitBucket will run it as needed, or perhaps after each push. GitLab runs it after 200 pushes by default, or it can be triggered manually.



      However, even if all of the commits and files are still on the server, you would need to find the hash of the commit so you can restore it. Without a local repo with a reflog, it's hard to find the correct commit to restore. Some ideas that you could try:



      • Pull requests are typically kept forever, so you should be able to look at the most recent pull request merged into the master branch. Just make sure to pick the hash of the merge commit, not the hash of the branch. (GitHub has a green check mark next to the merge commit hash, GitLab shows "merged into master with", not sure about BitBucket).

      • If you have a build server, see what the most recent build of the master branch was (perhaps in the build log?)




      share








      New contributor




      Matt is a new contributor to this site. Take care in asking for clarification, commenting, and answering.
      Check out our Code of Conduct.




















        Your Answer








        StackExchange.ready(function()
        var channelOptions =
        tags: "".split(" "),
        id: "162"
        ;
        initTagRenderer("".split(" "), "".split(" "), channelOptions);

        StackExchange.using("externalEditor", function()
        // Have to fire editor after snippets, if snippets enabled
        if (StackExchange.settings.snippets.snippetsEnabled)
        StackExchange.using("snippets", function()
        createEditor();
        );

        else
        createEditor();

        );

        function createEditor()
        StackExchange.prepareEditor(
        heartbeatType: 'answer',
        autoActivateHeartbeat: false,
        convertImagesToLinks: false,
        noModals: true,
        showLowRepImageUploadWarning: true,
        reputationToPostImages: null,
        bindNavPrevention: true,
        postfix: "",
        imageUploader:
        brandingHtml: "Powered by u003ca class="icon-imgur-white" href="https://imgur.com/"u003eu003c/au003e",
        contentPolicyHtml: "User contributions licensed under u003ca href="https://creativecommons.org/licenses/by-sa/3.0/"u003ecc by-sa 3.0 with attribution requiredu003c/au003e u003ca href="https://stackoverflow.com/legal/content-policy"u003e(content policy)u003c/au003e",
        allowUrls: true
        ,
        noCode: true, onDemand: true,
        discardSelector: ".discard-answer"
        ,immediatelyShowMarkdownHelp:true
        );



        );






        Stefan Gabos is a new contributor. Be nice, and check out our Code of Conduct.









        draft saved

        draft discarded


















        StackExchange.ready(
        function ()
        StackExchange.openid.initPostLogin('.new-post-login', 'https%3a%2f%2fsecurity.stackexchange.com%2fquestions%2f209448%2fgitlab-account-hacked-and-repo-wiped%23new-answer', 'question_page');

        );

        Post as a guest















        Required, but never shown

























        3 Answers
        3






        active

        oldest

        votes








        3 Answers
        3






        active

        oldest

        votes









        active

        oldest

        votes






        active

        oldest

        votes









        1














        Use git push -u origin master -f && git push --tags -f from your local clone to push all references for master, tags and so on to the remote and then enable 2FA in your account.



        If more branches are affected use git push -u --all -f






        share|improve this answer





























          1














          Use git push -u origin master -f && git push --tags -f from your local clone to push all references for master, tags and so on to the remote and then enable 2FA in your account.



          If more branches are affected use git push -u --all -f






          share|improve this answer



























            1












            1








            1







            Use git push -u origin master -f && git push --tags -f from your local clone to push all references for master, tags and so on to the remote and then enable 2FA in your account.



            If more branches are affected use git push -u --all -f






            share|improve this answer















            Use git push -u origin master -f && git push --tags -f from your local clone to push all references for master, tags and so on to the remote and then enable 2FA in your account.



            If more branches are affected use git push -u --all -f







            share|improve this answer














            share|improve this answer



            share|improve this answer








            edited 5 hours ago

























            answered 5 hours ago









            Daniel RufDaniel Ruf

            837613




            837613























                1














                If more branches are affected, you may need to checkout all branches first with the following command before performing git push -u --all -f



                for branch in `git branch -a | grep remotes | grep -v HEAD | grep -v master `; do
                git branch --track $branch#remotes/origin/ $branch
                done


                https://gist.github.com/octasimo/66f3cc230725d1cf1421






                share|improve this answer








                New contributor




                Ron is a new contributor to this site. Take care in asking for clarification, commenting, and answering.
                Check out our Code of Conduct.
























                  1














                  If more branches are affected, you may need to checkout all branches first with the following command before performing git push -u --all -f



                  for branch in `git branch -a | grep remotes | grep -v HEAD | grep -v master `; do
                  git branch --track $branch#remotes/origin/ $branch
                  done


                  https://gist.github.com/octasimo/66f3cc230725d1cf1421






                  share|improve this answer








                  New contributor




                  Ron is a new contributor to this site. Take care in asking for clarification, commenting, and answering.
                  Check out our Code of Conduct.






















                    1












                    1








                    1







                    If more branches are affected, you may need to checkout all branches first with the following command before performing git push -u --all -f



                    for branch in `git branch -a | grep remotes | grep -v HEAD | grep -v master `; do
                    git branch --track $branch#remotes/origin/ $branch
                    done


                    https://gist.github.com/octasimo/66f3cc230725d1cf1421






                    share|improve this answer








                    New contributor




                    Ron is a new contributor to this site. Take care in asking for clarification, commenting, and answering.
                    Check out our Code of Conduct.










                    If more branches are affected, you may need to checkout all branches first with the following command before performing git push -u --all -f



                    for branch in `git branch -a | grep remotes | grep -v HEAD | grep -v master `; do
                    git branch --track $branch#remotes/origin/ $branch
                    done


                    https://gist.github.com/octasimo/66f3cc230725d1cf1421







                    share|improve this answer








                    New contributor




                    Ron is a new contributor to this site. Take care in asking for clarification, commenting, and answering.
                    Check out our Code of Conduct.









                    share|improve this answer



                    share|improve this answer






                    New contributor




                    Ron is a new contributor to this site. Take care in asking for clarification, commenting, and answering.
                    Check out our Code of Conduct.









                    answered 3 hours ago









                    RonRon

                    111




                    111




                    New contributor




                    Ron is a new contributor to this site. Take care in asking for clarification, commenting, and answering.
                    Check out our Code of Conduct.





                    New contributor





                    Ron is a new contributor to this site. Take care in asking for clarification, commenting, and answering.
                    Check out our Code of Conduct.






                    Ron is a new contributor to this site. Take care in asking for clarification, commenting, and answering.
                    Check out our Code of Conduct.





















                        1














                        I doubt that the hackers pushed a "delete all" commit, or else you could simply revert the last commit. Rather, they force-pushed a different commit with the note to the HEAD of the master branch, making it look like your entire commit history is gone.



                        As others have pointed out, you can easily use a local repo to re-push your code to the server. Due to the distributed nature of Git, this always works whether or not the server was wiped since every local repo has a complete clone of the server, including both commits and code. Of course, you should make sure the server has been secured first before attempting recovery efforts. :-)



                        If you don't have a local repo that includes the most recent commit, the commit history (and all associated files) will still exist on the server for a while. However, the server will eventually run git gc, which will clean up those unreachable commits. As of 2013, GitHub said they will run git gc at most once per day but it can also be triggered manually, while BitBucket will run it as needed, or perhaps after each push. GitLab runs it after 200 pushes by default, or it can be triggered manually.



                        However, even if all of the commits and files are still on the server, you would need to find the hash of the commit so you can restore it. Without a local repo with a reflog, it's hard to find the correct commit to restore. Some ideas that you could try:



                        • Pull requests are typically kept forever, so you should be able to look at the most recent pull request merged into the master branch. Just make sure to pick the hash of the merge commit, not the hash of the branch. (GitHub has a green check mark next to the merge commit hash, GitLab shows "merged into master with", not sure about BitBucket).

                        • If you have a build server, see what the most recent build of the master branch was (perhaps in the build log?)




                        share








                        New contributor




                        Matt is a new contributor to this site. Take care in asking for clarification, commenting, and answering.
                        Check out our Code of Conduct.
























                          1














                          I doubt that the hackers pushed a "delete all" commit, or else you could simply revert the last commit. Rather, they force-pushed a different commit with the note to the HEAD of the master branch, making it look like your entire commit history is gone.



                          As others have pointed out, you can easily use a local repo to re-push your code to the server. Due to the distributed nature of Git, this always works whether or not the server was wiped since every local repo has a complete clone of the server, including both commits and code. Of course, you should make sure the server has been secured first before attempting recovery efforts. :-)



                          If you don't have a local repo that includes the most recent commit, the commit history (and all associated files) will still exist on the server for a while. However, the server will eventually run git gc, which will clean up those unreachable commits. As of 2013, GitHub said they will run git gc at most once per day but it can also be triggered manually, while BitBucket will run it as needed, or perhaps after each push. GitLab runs it after 200 pushes by default, or it can be triggered manually.



                          However, even if all of the commits and files are still on the server, you would need to find the hash of the commit so you can restore it. Without a local repo with a reflog, it's hard to find the correct commit to restore. Some ideas that you could try:



                          • Pull requests are typically kept forever, so you should be able to look at the most recent pull request merged into the master branch. Just make sure to pick the hash of the merge commit, not the hash of the branch. (GitHub has a green check mark next to the merge commit hash, GitLab shows "merged into master with", not sure about BitBucket).

                          • If you have a build server, see what the most recent build of the master branch was (perhaps in the build log?)




                          share








                          New contributor




                          Matt is a new contributor to this site. Take care in asking for clarification, commenting, and answering.
                          Check out our Code of Conduct.






















                            1












                            1








                            1







                            I doubt that the hackers pushed a "delete all" commit, or else you could simply revert the last commit. Rather, they force-pushed a different commit with the note to the HEAD of the master branch, making it look like your entire commit history is gone.



                            As others have pointed out, you can easily use a local repo to re-push your code to the server. Due to the distributed nature of Git, this always works whether or not the server was wiped since every local repo has a complete clone of the server, including both commits and code. Of course, you should make sure the server has been secured first before attempting recovery efforts. :-)



                            If you don't have a local repo that includes the most recent commit, the commit history (and all associated files) will still exist on the server for a while. However, the server will eventually run git gc, which will clean up those unreachable commits. As of 2013, GitHub said they will run git gc at most once per day but it can also be triggered manually, while BitBucket will run it as needed, or perhaps after each push. GitLab runs it after 200 pushes by default, or it can be triggered manually.



                            However, even if all of the commits and files are still on the server, you would need to find the hash of the commit so you can restore it. Without a local repo with a reflog, it's hard to find the correct commit to restore. Some ideas that you could try:



                            • Pull requests are typically kept forever, so you should be able to look at the most recent pull request merged into the master branch. Just make sure to pick the hash of the merge commit, not the hash of the branch. (GitHub has a green check mark next to the merge commit hash, GitLab shows "merged into master with", not sure about BitBucket).

                            • If you have a build server, see what the most recent build of the master branch was (perhaps in the build log?)




                            share








                            New contributor




                            Matt is a new contributor to this site. Take care in asking for clarification, commenting, and answering.
                            Check out our Code of Conduct.










                            I doubt that the hackers pushed a "delete all" commit, or else you could simply revert the last commit. Rather, they force-pushed a different commit with the note to the HEAD of the master branch, making it look like your entire commit history is gone.



                            As others have pointed out, you can easily use a local repo to re-push your code to the server. Due to the distributed nature of Git, this always works whether or not the server was wiped since every local repo has a complete clone of the server, including both commits and code. Of course, you should make sure the server has been secured first before attempting recovery efforts. :-)



                            If you don't have a local repo that includes the most recent commit, the commit history (and all associated files) will still exist on the server for a while. However, the server will eventually run git gc, which will clean up those unreachable commits. As of 2013, GitHub said they will run git gc at most once per day but it can also be triggered manually, while BitBucket will run it as needed, or perhaps after each push. GitLab runs it after 200 pushes by default, or it can be triggered manually.



                            However, even if all of the commits and files are still on the server, you would need to find the hash of the commit so you can restore it. Without a local repo with a reflog, it's hard to find the correct commit to restore. Some ideas that you could try:



                            • Pull requests are typically kept forever, so you should be able to look at the most recent pull request merged into the master branch. Just make sure to pick the hash of the merge commit, not the hash of the branch. (GitHub has a green check mark next to the merge commit hash, GitLab shows "merged into master with", not sure about BitBucket).

                            • If you have a build server, see what the most recent build of the master branch was (perhaps in the build log?)





                            share








                            New contributor




                            Matt is a new contributor to this site. Take care in asking for clarification, commenting, and answering.
                            Check out our Code of Conduct.








                            share


                            share






                            New contributor




                            Matt is a new contributor to this site. Take care in asking for clarification, commenting, and answering.
                            Check out our Code of Conduct.









                            answered 9 mins ago









                            MattMatt

                            111




                            111




                            New contributor




                            Matt is a new contributor to this site. Take care in asking for clarification, commenting, and answering.
                            Check out our Code of Conduct.





                            New contributor





                            Matt is a new contributor to this site. Take care in asking for clarification, commenting, and answering.
                            Check out our Code of Conduct.






                            Matt is a new contributor to this site. Take care in asking for clarification, commenting, and answering.
                            Check out our Code of Conduct.




















                                Stefan Gabos is a new contributor. Be nice, and check out our Code of Conduct.









                                draft saved

                                draft discarded


















                                Stefan Gabos is a new contributor. Be nice, and check out our Code of Conduct.












                                Stefan Gabos is a new contributor. Be nice, and check out our Code of Conduct.











                                Stefan Gabos is a new contributor. Be nice, and check out our Code of Conduct.














                                Thanks for contributing an answer to Information Security Stack Exchange!


                                • Please be sure to answer the question. Provide details and share your research!

                                But avoid


                                • Asking for help, clarification, or responding to other answers.

                                • Making statements based on opinion; back them up with references or personal experience.

                                To learn more, see our tips on writing great answers.




                                draft saved


                                draft discarded














                                StackExchange.ready(
                                function ()
                                StackExchange.openid.initPostLogin('.new-post-login', 'https%3a%2f%2fsecurity.stackexchange.com%2fquestions%2f209448%2fgitlab-account-hacked-and-repo-wiped%23new-answer', 'question_page');

                                );

                                Post as a guest















                                Required, but never shown





















































                                Required, but never shown














                                Required, but never shown












                                Required, but never shown







                                Required, but never shown

































                                Required, but never shown














                                Required, but never shown












                                Required, but never shown







                                Required, but never shown







                                Popular posts from this blog

                                Canceling a color specificationRandomly assigning color to Graphics3D objects?Default color for Filling in Mathematica 9Coloring specific elements of sets with a prime modified order in an array plotHow to pick a color differing significantly from the colors already in a given color list?Detection of the text colorColor numbers based on their valueCan color schemes for use with ColorData include opacity specification?My dynamic color schemes

                                Invision Community Contents History See also References External links Navigation menuProprietaryinvisioncommunity.comIPS Community ForumsIPS Community Forumsthis blog entry"License Changes, IP.Board 3.4, and the Future""Interview -- Matt Mecham of Ibforums""CEO Invision Power Board, Matt Mecham Is a Liar, Thief!"IPB License Explanation 1.3, 1.3.1, 2.0, and 2.1ArchivedSecurity Fixes, Updates And Enhancements For IPB 1.3.1Archived"New Demo Accounts - Invision Power Services"the original"New Default Skin"the original"Invision Power Board 3.0.0 and Applications Released"the original"Archived copy"the original"Perpetual licenses being done away with""Release Notes - Invision Power Services""Introducing: IPS Community Suite 4!"Invision Community Release Notes

                                199年 目錄 大件事 到箇年出世嗰人 到箇年死嗰人 節慶、風俗習慣 導覽選單