does github support (re)captcha on email submit? On Wed, Apr 21, 2021 at 9:22 AM Steve Lawrence <slawre...@apache.org> wrote:
> Unfortunately, I'm not sure there's anything we can do about it. > > GitHub doesn't give any controls over who can/can't open a PR. We can't > even temporarily close PR's completely. > > We could maybe make it so GitHub actions on PRs must be manually > triggered so the spammers cryptocurrency mining stuff would never run. > But that's a bit of a pain, and it relies on the spammers to realize > their stuff isn't being run anymore and take us off their list. My guess > is we're stuck on their list forever now. > > These crypto mining attacks are a known issue for GitHub, hopefully > they're working on a solution. Tough, GitHub is eventually detecting > these are spam and closing the accounts and deleting the PRS, but not > until after the PR is created. > > As to the archive issue, we could maybe ask infra to remove archives > that are clearly spam (all of them so far say "Demo titles Add > files...", so unique and consistent). But it doesn't solve the > underlying issue. > > > On 4/21/21 8:59 AM, Beckerle, Mike wrote: > > We seem to be fending off maybe 10 a day github spam attacks where > people > > open/close pull requests. > > > > Is there something systematic we can do to avoid this? > > > > This pollutes our mailing lists. I know we can manually purge the PRs > from > > github, but these things will live forever in the mail archives, adding > a bunch > > of random emails/account names to them, and generally making them less > useful. > > > > Mike Beckerle | Principal Engineer > > > > mbecke...@owlcyberdefense.com <mailto:bhum...@owlcyberdefense.com> > > > > P +1-781-330-0412 > > > > Connect with us! > > > > <https://www.linkedin.com/company/owlcyberdefense/>< > https://twitter.com/owlcyberdefense> > > > > <https://owlcyberdefense.com/resources/events/> > > > > ** > > > > The information contained in this transmission is for the personal and > > confidential use of the individual or entity to which it is addressed. > If the > > reader is not the intended recipient, you are hereby notified that any > review, > > dissemination, or copying of this communication is strictly prohibited. > If you > > have received this transmission in error, please notify the sender > immediately > > > >
