Provider
RubyGemsIncident detail
Temporarily disabling new user registrations
Temporarily disabling new user registrations
Timeline window
to
Timeline
Incident updates
Updates are normalized from the official source chronology so timeline changes remain easy to scan.
Identified
Due to an ongoing DDoS attack against rubygems.org, we have temporarily disabled registrations. We'll share an update once we've made changes to protect legitimate users and prevent further abuse.
Identified
The malicious spam activity against rubygems.org has stopped. The bot accounts responsible have been blocked and removed, and the 500+ malicious packages pushed during the attack have been yanked from the registry. Registrations will remain closed while we coordinate with Fastly to enable WAF protection and tighten rate limiting on account creation. We expect this to take two to three days. We'll post another update when we're closer being ready to re-enable user registrations. Gem installs and pushes for existing users are unaffected.
Resolved
This incident has been resolved and we've re-enabled account registrations