“This is the first day of my participation in the First Challenge 2022. For details: First Challenge 2022”

preface

I was ready to open source my project and found it was attacked after I uploaded it to Github. The configuration file was uploaded to Github by mistake. People will find your account through the profile.
For files that have already been uploaded, even if we change the git commit history, there will still be information about us. So how do you do that?

BFG

Let me download
- The introduction on the official website isrepo-cleanerWarehouse cleaner. Her function is to know the submission history of our documents. Make it untraceable for those who exploit it.

Directions for use

The use of BFG is very simple, we just need to pull down the warehouse to be removed first

git clone --mirror git-repo

Mirror is a complete copy of the repository, but not a 100% representation of the source file.

Remove large files

java -jar bfg.jar --strip-blobs-bigger-than 100M xxxx.git
Copy the code

Remove a specified file

java -jar bfg.jar --delete-files application.yml xxx.git
Copy the code

Subsequent processing

We can tell there’s a warehouse file.

cd three-party.git
Copy the code

Then do the following

git reflog expire --expire=now --all && git gc --prune=now --aggressive
Copy the code

In the endgit push

case

Delete all ID_RSA and ID_dSA

$bfg --delete-files id_{dsa,rsa} my-repo.git
Copy the code

Remove all files larger than 50M

$bfg --strip-blobs-bigger-than 50M my-repo.git
Copy the code

Remove all locations in the warehouse where passwords appear

$ bfg --replace-text passwords.txt  my-repo.git
Copy the code

Problems with migration from other version control, remove git keywords

$bfg --delete-folders .git --delete-files .git --no-blob-protection my-repo.git
Copy the code

conclusion

Be sure to delete key private information when submitting the code, use a tool to replace it if you accidentally upload it, and overwrite the submission record. Because I accidentally uploaded before, the database was easily logged in and deleted all my data.

mo4tech.com (Moment For Technology) is a global community with thousands techies from across the global hang out!Passionate technologists, be it gadget freaks, tech enthusiasts, coders, technopreneurs, or CIOs, you would find them all here.

Github Uploads private data

preface

BFG

Directions for use

Remove large files

Remove a specified file

Subsequent processing

case

Delete all ID_RSA and ID_dSA

Remove all files larger than 50M

Remove all locations in the warehouse where passwords appear

Problems with migration from other version control, remove git keywords

conclusion

Github Uploads private data

preface

BFG

Directions for use

Remove large files

Remove a specified file

Subsequent processing

case

Delete all ID_RSA and ID_dSA

Remove all files larger than 50M

Remove all locations in the warehouse where passwords appear

Problems with migration from other version control, remove git keywords

conclusion

Related Posts

Vue – The use of CLI scaffolding

Insect diary | MySQL 5.7.20 try_acquire_lock_impl defect in MySQL crash

Break crumble crumble teach you to design thread pool! Not here yet?