Selfhosted

56957 readers

782 users here now

A place to share alternatives to popular online services that can be self-hosted without giving up privacy or locking you into a service you don't control.

Rules:

Be civil: we're here to support and learn from one another. Insults won't be tolerated. Flame wars are frowned upon.
No spam posting.
Posts have to be centered around self-hosting. There are other communities for discussing hardware or home computing. If it's not obvious why your post topic revolves around selfhosting, please include details to make it clear.
Don't duplicate the full text of your blog or github here. Just post the link for folks to click.
Submission headline should match the article title (don’t cherry-pick information from the title to fit your agenda).
No trolling.
No low-effort posts. This is subjective and will largely be determined by the community member reports.

Resources:

selfh.st Newsletter and index of selfhosted software and apps
awesome-selfhosted software
awesome-sysadmin resources
Self-Hosted Podcast from Jupiter Broadcasting

Any issues on the community? Report it using the report flag.

Questions? DM the mods!

founded 2 years ago

MODERATORS

HybridSarcasm@lemmy.world

HybridSarcasm@lemmy.hybridsarcasm.xyz

Kitchenowl creator has been flagged without warning making all of their repositories return 404, while in their settings all of the repositories still look normal with public visibility. (lemmy.ml)

submitted 3 days ago by iByteABit@lemmy.ml to c/selfhosted@lemmy.world

14 comments fedilink hide all child comments

cross-posted from: https://lemmy.ml/post/45529149

Here is the message where he found out what happened:

I didn't receive any information about it but when creating a support ticket I was told my account has been flagged and I had to do some extra verification. I've created a support ticket now and will keep you posted. I'll believe it's nothing major though, I use 2FA everywhere, the last commit on all repos is what I expect, and all sessions and usages look fine

Absolutely fuck Github and Microslop, they can just vanish your projects without notice whenever they want with barely any justification for it, and then take their sweet time to fix it too.

you are viewing a single comment's thread
view the rest of the comments

[–] dust_accelerator@discuss.tchncs.de 9 points 3 days ago* (last edited 3 days ago) (2 children)

~~VLLM~~ litellm supply chain attack.

Creator possibly was compromised and likely a security measure.

Affected versions were not pushed IMO, but the owners machine may have been compromised.

[–] t0mxd@feddit.org 4 points 2 days ago (1 children)

No, my whole account has been set to private. KitchenOwl never contained the malicious versions of litellm. The last pinned versions in the lock file on the dev branch were 1.82 and with the latest release 1.83. Sadly, GitHub just decided to flag my account and set it to private without notifying me... I'm waiting for a support response.

[–] dust_accelerator@discuss.tchncs.de 3 points 2 days ago

Glad to hear! Thanks for giving some info.

Still could be some half baked github response. Not saying it's actually the case, but a possibility.

Hoping you can get a timely response and your account back!

[–] frongt@lemmy.zip 2 points 2 days ago (1 children)

How do you know that?

[–] dust_accelerator@discuss.tchncs.de 4 points 2 days ago* (last edited 2 days ago)

I do not know for sure, but the repo did contain the dependency litellm with version specifier >=1.65.0 (if I recall correctly) and an early march build did use the version 1.81.0 per the uv.lock (version before the compromised litellm==1.82.7 and litellm==1.82.8 )

https://docs.litellm.ai/blog/security-update-march-2026

Not saying that the Dev was compromised, but it is possible, and it could be some Github precaution to disable repos with that dependency where a pip install at the wrong time could have compromised all the Devs credentials.