Re: all this github spam ?

[Steve Lawrence]

Yeah, we might need more restrictive categories. How about we start with
the least restrictions that should hopefully work (disable PRs from new
users for a week), and if spammers are still getting through we can bump
up the time or just limit to existing contributors.

Also, I reported the cryptomining users through the GitHub report thing.
This is so common they have a specific option for cryptomining. And on
the third user report I got the message:

  We've received too many requests from your account recently. Please
wait a few minutes, then try again.

Seems GitHub has better spam controls for legitimate reports...

On 4/21/21 1:51 PM, Interrante, John A (GE Research, US) wrote:
> I've observed that typically only Daffodil committers who already have write 
> access to the daffodil-site repo create pull requests to make changes to the 
> website.  We did get a drive-by contribution once from a developer outside 
> the Daffodil community using a bot that offered to fix misspelled words on 
> the website for us (https://github.com/apache/daffodil-site/pull/5).  Just 
> saying that we probably could pick the more restrictive categories "Limit to 
> prior contributors" or "Limit to repository collaborators" if the "Limit to 
> existing users" isn't restrictive enough due to miners/bots waiting more than 
> 24 hours.
> 
> -Original Message-
> From: Steve Lawrence  
> Sent: Wednesday, April 21, 2021 11:25 AM
> To: dev@daffodil.apache.org
> Subject: EXT: Re: all this github spam ?
> 
> Cool, I didn't know about this. That seems like the right solution to deal 
> with this spam temporarily.
> 
> Seems most of these spam PR's are coming from new accounts, so maybe "Limit 
> to existing users" for "1 week" might be enough to discourage spammers from 
> using our repo? Anyone have thoughts on a different setting?
> 
> I think INFRA will have to make this change though. It's not something that's 
> configurable in .asf.yml. We can open a bug once there's a consensus on a 
> reasonable restriction.
> 
> On 4/21/21 11:16 AM, Adam Rosien wrote:
>> There's a way to limit the incoming activity for various categories of
>> participants:
>> https://docs.github.com/en/communities/moderating-comments-and-convers
>> ations/limiting-interactions-in-your-repository
>> :
>>
>>> Enabling an interaction limit for a repository restricts certain 
>>> users
>> from commenting, opening issues, creating pull requests, reacting with 
>> emojis, editing existing comments, and editing titles of issues and 
>> pull requests.
>>>
>>> When you enable an interaction limit, you can choose a duration for 
>>> the
>> limit: 24 hours, 3 days, 1 week, 1 month, or 6 months. After the 
>> duration of your limit passes, users can resume normal activity in your 
>> repository.
>>>
>>> There are three types of interaction limits.
>>>
>>> Limit to existing users: Limits activity for users with accounts that 
>>> are
>> less than 24 hours old who do not have prior contributions and are not 
>> collaborators.
>>> Limit to prior contributors: Limits activity for users who have not
>> previously contributed to the default branch of the repository and are 
>> not collaborators.
>>> Limit to repository collaborators: Limits activity for users who do 
>>> not
>> have write access to the repository.
>>
>> On Wed, Apr 21, 2021 at 7:14 AM Steve Lawrence  wrote:
>>
>>> Unfortunately, doesn't look like the .asf.yml will help. There isn't 
>>> really anything related to controling pull requests. It does allow 
>>> changing where PR emails go to, so we could send them to /dev/null, 
>>> but then we'd miss legit emails which is probably worse.
>>>
>>> On 4/21/21 9:47 AM, Dave Fisher wrote:
>>>> Infra has setup some controls which may be useful. There is support 
>>>> for
>>> an .asf.yaml file.
>>>>
>>>> See
>>> https://cwiki.apache.org/confluence/plugins/servlet/mobile?contentId=
>>> 127405038#content/view/127405038
>>>>
>>>> Regards,
>>>> Dave
>>>>
>>>> Sent from my iPhone
>>>>
>>>>> On Apr 21, 2021, at 5:59 AM, Beckerle, Mike <
>>> mbecke...@owlcyberdefense.com> wrote:
>>>>>
>>>>> 
>>>>> We seem to be fending off maybe 10 a day github spam attacks where
>>> people open/close pull requests.
>>>>>
>>>>> Is there something systematic we can do to avoid this?
>>>>

all this github spam ?

[Interrante, John A (GE Research, US)]

I've observed that typically only Daffodil committers who already have write 
access to the daffodil-site repo create pull requests to make changes to the 
website.  We did get a drive-by contribution once from a developer outside the 
Daffodil community using a bot that offered to fix misspelled words on the 
website for us (https://github.com/apache/daffodil-site/pull/5).  Just saying 
that we probably could pick the more restrictive categories "Limit to prior 
contributors" or "Limit to repository collaborators" if the "Limit to existing 
users" isn't restrictive enough due to miners/bots waiting more than 24 hours.

-Original Message-
From: Steve Lawrence  
Sent: Wednesday, April 21, 2021 11:25 AM
To: dev@daffodil.apache.org
Subject: EXT: Re: all this github spam ?

Cool, I didn't know about this. That seems like the right solution to deal with 
this spam temporarily.

Seems most of these spam PR's are coming from new accounts, so maybe "Limit to 
existing users" for "1 week" might be enough to discourage spammers from using 
our repo? Anyone have thoughts on a different setting?

I think INFRA will have to make this change though. It's not something that's 
configurable in .asf.yml. We can open a bug once there's a consensus on a 
reasonable restriction.

On 4/21/21 11:16 AM, Adam Rosien wrote:
> There's a way to limit the incoming activity for various categories of
> participants:
> https://docs.github.com/en/communities/moderating-comments-and-convers
> ations/limiting-interactions-in-your-repository
> :
> 
>> Enabling an interaction limit for a repository restricts certain 
>> users
> from commenting, opening issues, creating pull requests, reacting with 
> emojis, editing existing comments, and editing titles of issues and 
> pull requests.
>>
>> When you enable an interaction limit, you can choose a duration for 
>> the
> limit: 24 hours, 3 days, 1 week, 1 month, or 6 months. After the 
> duration of your limit passes, users can resume normal activity in your 
> repository.
>>
>> There are three types of interaction limits.
>>
>> Limit to existing users: Limits activity for users with accounts that 
>> are
> less than 24 hours old who do not have prior contributions and are not 
> collaborators.
>> Limit to prior contributors: Limits activity for users who have not
> previously contributed to the default branch of the repository and are 
> not collaborators.
>> Limit to repository collaborators: Limits activity for users who do 
>> not
> have write access to the repository.
> 
> On Wed, Apr 21, 2021 at 7:14 AM Steve Lawrence  wrote:
> 
>> Unfortunately, doesn't look like the .asf.yml will help. There isn't 
>> really anything related to controling pull requests. It does allow 
>> changing where PR emails go to, so we could send them to /dev/null, 
>> but then we'd miss legit emails which is probably worse.
>>
>> On 4/21/21 9:47 AM, Dave Fisher wrote:
>>> Infra has setup some controls which may be useful. There is support 
>>> for
>> an .asf.yaml file.
>>>
>>> See
>> https://cwiki.apache.org/confluence/plugins/servlet/mobile?contentId=
>> 127405038#content/view/127405038
>>>
>>> Regards,
>>> Dave
>>>
>>> Sent from my iPhone
>>>
>>>> On Apr 21, 2021, at 5:59 AM, Beckerle, Mike <
>> mbecke...@owlcyberdefense.com> wrote:
>>>>
>>>> 
>>>> We seem to be fending off maybe 10 a day github spam attacks where
>> people open/close pull requests.
>>>>
>>>> Is there something systematic we can do to avoid this?
>>>>
>>>> This pollutes our mailing lists. I know we can manually purge the 
>>>> PRs
>> from github, but these things will live forever in the mail archives, 
>> adding a bunch of random emails/account names to them, and generally 
>> making them less useful.
>>>>
>>>> Mike Beckerle | Principal Engineer
>>>>
>>>> mbecke...@owlcyberdefense.com
>>>> P +1-781-330-0412
>>>> Connect with us!
>>>>
>>>>
>>>>
>>>> The information contained in this transmission is for the personal 
>>>> and
>> confidential use of the individual or entity to which it is 
>> addressed. If the reader is not the intended recipient, you are 
>> hereby notified that any review, dissemination, or copying of this 
>> communication is strictly prohibited. If you have received this 
>> transmission in error, please notify the sender immediately
>>>
>>
>>
> 

Re: all this github spam ?

[Steve Lawrence]

Cool, I didn't know about this. That seems like the right solution to
deal with this spam temporarily.

Seems most of these spam PR's are coming from new accounts, so maybe
"Limit to existing users" for "1 week" might be enough to discourage
spammers from using our repo? Anyone have thoughts on a different setting?

I think INFRA will have to make this change though. It's not something
that's configurable in .asf.yml. We can open a bug once there's a
consensus on a reasonable restriction.

On 4/21/21 11:16 AM, Adam Rosien wrote:
> There's a way to limit the incoming activity for various categories of
> participants:
> https://docs.github.com/en/communities/moderating-comments-and-conversations/limiting-interactions-in-your-repository
> :
> 
>> Enabling an interaction limit for a repository restricts certain users
> from commenting, opening issues, creating pull requests, reacting with
> emojis, editing existing comments, and editing titles of issues and pull
> requests.
>>
>> When you enable an interaction limit, you can choose a duration for the
> limit: 24 hours, 3 days, 1 week, 1 month, or 6 months. After the duration
> of your limit passes, users can resume normal activity in your repository.
>>
>> There are three types of interaction limits.
>>
>> Limit to existing users: Limits activity for users with accounts that are
> less than 24 hours old who do not have prior contributions and are not
> collaborators.
>> Limit to prior contributors: Limits activity for users who have not
> previously contributed to the default branch of the repository and are not
> collaborators.
>> Limit to repository collaborators: Limits activity for users who do not
> have write access to the repository.
> 
> On Wed, Apr 21, 2021 at 7:14 AM Steve Lawrence  wrote:
> 
>> Unfortunately, doesn't look like the .asf.yml will help. There isn't
>> really anything related to controling pull requests. It does allow
>> changing where PR emails go to, so we could send them to /dev/null, but
>> then we'd miss legit emails which is probably worse.
>>
>> On 4/21/21 9:47 AM, Dave Fisher wrote:
>>> Infra has setup some controls which may be useful. There is support for
>> an .asf.yaml file.
>>>
>>> See
>> https://cwiki.apache.org/confluence/plugins/servlet/mobile?contentId=127405038#content/view/127405038
>>>
>>> Regards,
>>> Dave
>>>
>>> Sent from my iPhone
>>>
 On Apr 21, 2021, at 5:59 AM, Beckerle, Mike <
>> mbecke...@owlcyberdefense.com> wrote:

 
 We seem to be fending off maybe 10 a day github spam attacks where
>> people open/close pull requests.

 Is there something systematic we can do to avoid this?

 This pollutes our mailing lists. I know we can manually purge the PRs
>> from github, but these things will live forever in the mail archives,
>> adding a bunch of random emails/account names to them, and generally making
>> them less useful.

 Mike Beckerle | Principal Engineer

 mbecke...@owlcyberdefense.com
 P +1-781-330-0412
 Connect with us!



 The information contained in this transmission is for the personal and
>> confidential use of the individual or entity to which it is addressed. If
>> the reader is not the intended recipient, you are hereby notified that any
>> review, dissemination, or copying of this communication is strictly
>> prohibited. If you have received this transmission in error, please notify
>> the sender immediately
>>>
>>
>>
> 

Re: all this github spam ?

[Adam Rosien]

There's a way to limit the incoming activity for various categories of
participants:
https://docs.github.com/en/communities/moderating-comments-and-conversations/limiting-interactions-in-your-repository
:

> Enabling an interaction limit for a repository restricts certain users
from commenting, opening issues, creating pull requests, reacting with
emojis, editing existing comments, and editing titles of issues and pull
requests.
>
> When you enable an interaction limit, you can choose a duration for the
limit: 24 hours, 3 days, 1 week, 1 month, or 6 months. After the duration
of your limit passes, users can resume normal activity in your repository.
>
> There are three types of interaction limits.
>
> Limit to existing users: Limits activity for users with accounts that are
less than 24 hours old who do not have prior contributions and are not
collaborators.
> Limit to prior contributors: Limits activity for users who have not
previously contributed to the default branch of the repository and are not
collaborators.
> Limit to repository collaborators: Limits activity for users who do not
have write access to the repository.

On Wed, Apr 21, 2021 at 7:14 AM Steve Lawrence  wrote:

> Unfortunately, doesn't look like the .asf.yml will help. There isn't
> really anything related to controling pull requests. It does allow
> changing where PR emails go to, so we could send them to /dev/null, but
> then we'd miss legit emails which is probably worse.
>
> On 4/21/21 9:47 AM, Dave Fisher wrote:
> > Infra has setup some controls which may be useful. There is support for
> an .asf.yaml file.
> >
> > See
> https://cwiki.apache.org/confluence/plugins/servlet/mobile?contentId=127405038#content/view/127405038
> >
> > Regards,
> > Dave
> >
> > Sent from my iPhone
> >
> >> On Apr 21, 2021, at 5:59 AM, Beckerle, Mike <
> mbecke...@owlcyberdefense.com> wrote:
> >>
> >> 
> >> We seem to be fending off maybe 10 a day github spam attacks where
> people open/close pull requests.
> >>
> >> Is there something systematic we can do to avoid this?
> >>
> >> This pollutes our mailing lists. I know we can manually purge the PRs
> from github, but these things will live forever in the mail archives,
> adding a bunch of random emails/account names to them, and generally making
> them less useful.
> >>
> >> Mike Beckerle | Principal Engineer
> >>
> >> mbecke...@owlcyberdefense.com
> >> P +1-781-330-0412
> >> Connect with us!
> >>
> >>
> >>
> >> The information contained in this transmission is for the personal and
> confidential use of the individual or entity to which it is addressed. If
> the reader is not the intended recipient, you are hereby notified that any
> review, dissemination, or copying of this communication is strictly
> prohibited. If you have received this transmission in error, please notify
> the sender immediately
> >
>
>

Re: all this github spam ?

[Steve Lawrence]

Unfortunately, doesn't look like the .asf.yml will help. There isn't
really anything related to controling pull requests. It does allow
changing where PR emails go to, so we could send them to /dev/null, but
then we'd miss legit emails which is probably worse.

On 4/21/21 9:47 AM, Dave Fisher wrote:
> Infra has setup some controls which may be useful. There is support for an 
> .asf.yaml file.
> 
> See 
> https://cwiki.apache.org/confluence/plugins/servlet/mobile?contentId=127405038#content/view/127405038
> 
> Regards,
> Dave
> 
> Sent from my iPhone
> 
>> On Apr 21, 2021, at 5:59 AM, Beckerle, Mike  
>> wrote:
>>
>> 
>> We seem to be fending off maybe 10 a day github spam attacks where people 
>> open/close pull requests. 
>>
>> Is there something systematic we can do to avoid this?
>>
>> This pollutes our mailing lists. I know we can manually purge the PRs from 
>> github, but these things will live forever in the mail archives, adding a 
>> bunch of random emails/account names to them, and generally making them less 
>> useful. 
>>
>> Mike Beckerle | Principal Engineer
>>
>> mbecke...@owlcyberdefense.com
>> P +1-781-330-0412
>> Connect with us!
>>
>>
>>  
>> The information contained in this transmission is for the personal and 
>> confidential use of the individual or entity to which it is addressed. If 
>> the reader is not the intended recipient, you are hereby notified that any 
>> review, dissemination, or copying of this communication is strictly 
>> prohibited. If you have received this transmission in error, please notify 
>> the sender immediately
> 

Re: all this github spam ?

[Steve Lawrence]

I'm don't think github has a feature to require captcha's on PRs. But
these PR's come from brand new accounts, so if they're bots, they've
figured out how to get around the new account captcha.

But actually, I'm not sure they're bots. I see one account that create a
a spam PR also created 70 of the same pull requests to other
repositories. They also opened an issue in the crypto mining source code
repo that looks like a human wrote it, so I think these might actually
be real people.

On 4/21/21 9:38 AM, Attila Horvath wrote:
> does github support (re)captcha on email submit?
> 
> On Wed, Apr 21, 2021 at 9:22 AM Steve Lawrence  wrote:
> 
>> Unfortunately, I'm not sure there's anything we can do about it.
>>
>> GitHub doesn't give any controls over who can/can't open a PR. We can't
>> even temporarily close PR's completely.
>>
>> We could maybe make it so GitHub actions on PRs must be manually
>> triggered so the spammers cryptocurrency mining stuff would never run.
>> But that's a bit of a pain, and it relies on the spammers to realize
>> their stuff isn't being run anymore and take us off their list. My guess
>> is we're stuck on their list forever now.
>>
>> These crypto mining attacks are a known issue for GitHub, hopefully
>> they're working on a solution. Tough, GitHub is eventually detecting
>> these are spam and closing the accounts and deleting the PRS, but not
>> until after the PR is created.
>>
>> As to the archive issue, we could maybe ask infra to remove archives
>> that are clearly spam (all of them so far say "Demo titles Add
>> files...", so unique and consistent). But it doesn't solve the
>> underlying issue.
>>
>>
>> On 4/21/21 8:59 AM, Beckerle, Mike wrote:
>>> We seem to be fending off maybe 10 a day github spam attacks where
>> people
>>> open/close pull requests.
>>>
>>> Is there something systematic we can do to avoid this?
>>>
>>> This pollutes our mailing lists. I know we can manually purge the PRs
>> from
>>> github, but these things will live forever in the mail archives, adding
>> a bunch
>>> of random emails/account names to them, and generally making them less
>> useful.
>>>
>>> Mike Beckerle | Principal Engineer
>>>
>>> mbecke...@owlcyberdefense.com 
>>>
>>> P +1-781-330-0412
>>>
>>> Connect with us!
>>>
>>> <
>> https://twitter.com/owlcyberdefense>
>>>
>>> 
>>>
>>> **
>>>
>>> The information contained in this transmission is for the personal and
>>> confidential use of the individual or entity to which it is addressed.
>> If the
>>> reader is not the intended recipient, you are hereby notified that any
>> review,
>>> dissemination, or copying of this communication is strictly prohibited.
>> If you
>>> have received this transmission in error, please notify the sender
>> immediately
>>>
>>
>>
> 

Re: all this github spam ?

[Dave Fisher]

Infra has setup some controls which may be useful. There is support for an 
.asf.yaml file.

See 
https://cwiki.apache.org/confluence/plugins/servlet/mobile?contentId=127405038#content/view/127405038

Regards,
Dave

Sent from my iPhone

> On Apr 21, 2021, at 5:59 AM, Beckerle, Mike  
> wrote:
> 
> 
> We seem to be fending off maybe 10 a day github spam attacks where people 
> open/close pull requests. 
> 
> Is there something systematic we can do to avoid this?
> 
> This pollutes our mailing lists. I know we can manually purge the PRs from 
> github, but these things will live forever in the mail archives, adding a 
> bunch of random emails/account names to them, and generally making them less 
> useful. 
> 
> Mike Beckerle | Principal Engineer
> 
> mbecke...@owlcyberdefense.com
> P +1-781-330-0412
> Connect with us!
> 
> 
>  
> The information contained in this transmission is for the personal and 
> confidential use of the individual or entity to which it is addressed. If the 
> reader is not the intended recipient, you are hereby notified that any 
> review, dissemination, or copying of this communication is strictly 
> prohibited. If you have received this transmission in error, please notify 
> the sender immediately

Re: all this github spam ?

[John Wass]

The trick is being able to modify the CI workflow in the PR to inject new
behavior.  If there was a limit of some type on that it would decrease the
usefulness of this.

On Wed, Apr 21, 2021 at 9:33 AM Beckerle, Mike <
mbecke...@owlcyberdefense.com> wrote:

> This has to do with crypto mining?  Gaaak.
>
> So their PR contains crypto mining code, and they are doing this to get
> the CI to run it as part of the way CI checks any PR?
>
> Sounds like submitting a PR has to require a Capcha or 2-FA.
>
>
> 
> From: Steve Lawrence 
> Sent: Wednesday, April 21, 2021 9:22 AM
> To: dev@daffodil.apache.org 
> Subject: Re: all this github spam ?
>
> Unfortunately, I'm not sure there's anything we can do about it.
>
> GitHub doesn't give any controls over who can/can't open a PR. We can't
> even temporarily close PR's completely.
>
> We could maybe make it so GitHub actions on PRs must be manually
> triggered so the spammers cryptocurrency mining stuff would never run.
> But that's a bit of a pain, and it relies on the spammers to realize
> their stuff isn't being run anymore and take us off their list. My guess
> is we're stuck on their list forever now.
>
> These crypto mining attacks are a known issue for GitHub, hopefully
> they're working on a solution. Tough, GitHub is eventually detecting
> these are spam and closing the accounts and deleting the PRS, but not
> until after the PR is created.
>
> As to the archive issue, we could maybe ask infra to remove archives
> that are clearly spam (all of them so far say "Demo titles Add
> files...", so unique and consistent). But it doesn't solve the
> underlying issue.
>
>
> On 4/21/21 8:59 AM, Beckerle, Mike wrote:
> > We seem to be fending off maybe 10 a day github spam attacks where people
> > open/close pull requests.
> >
> > Is there something systematic we can do to avoid this?
> >
> > This pollutes our mailing lists. I know we can manually purge the PRs
> from
> > github, but these things will live forever in the mail archives, adding
> a bunch
> > of random emails/account names to them, and generally making them less
> useful.
> >
> > Mike Beckerle | Principal Engineer
> >
> > mbecke...@owlcyberdefense.com <mailto:bhum...@owlcyberdefense.com>
> >
> > P +1-781-330-0412
> >
> > Connect with us!
> >
> > <https://www.linkedin.com/company/owlcyberdefense/><
> https://twitter.com/owlcyberdefense>
> >
> > <https://owlcyberdefense.com/resources/events/>
> >
> > **
> >
> > The information contained in this transmission is for the personal and
> > confidential use of the individual or entity to which it is addressed.
> If the
> > reader is not the intended recipient, you are hereby notified that any
> review,
> > dissemination, or copying of this communication is strictly prohibited.
> If you
> > have received this transmission in error, please notify the sender
> immediately
> >
>
>

Re: all this github spam ?

[Attila Horvath]

does github support (re)captcha on email submit?

On Wed, Apr 21, 2021 at 9:22 AM Steve Lawrence  wrote:

> Unfortunately, I'm not sure there's anything we can do about it.
>
> GitHub doesn't give any controls over who can/can't open a PR. We can't
> even temporarily close PR's completely.
>
> We could maybe make it so GitHub actions on PRs must be manually
> triggered so the spammers cryptocurrency mining stuff would never run.
> But that's a bit of a pain, and it relies on the spammers to realize
> their stuff isn't being run anymore and take us off their list. My guess
> is we're stuck on their list forever now.
>
> These crypto mining attacks are a known issue for GitHub, hopefully
> they're working on a solution. Tough, GitHub is eventually detecting
> these are spam and closing the accounts and deleting the PRS, but not
> until after the PR is created.
>
> As to the archive issue, we could maybe ask infra to remove archives
> that are clearly spam (all of them so far say "Demo titles Add
> files...", so unique and consistent). But it doesn't solve the
> underlying issue.
>
>
> On 4/21/21 8:59 AM, Beckerle, Mike wrote:
> > We seem to be fending off maybe 10 a day github spam attacks where
> people
> > open/close pull requests.
> >
> > Is there something systematic we can do to avoid this?
> >
> > This pollutes our mailing lists. I know we can manually purge the PRs
> from
> > github, but these things will live forever in the mail archives, adding
> a bunch
> > of random emails/account names to them, and generally making them less
> useful.
> >
> > Mike Beckerle | Principal Engineer
> >
> > mbecke...@owlcyberdefense.com 
> >
> > P +1-781-330-0412
> >
> > Connect with us!
> >
> > <
> https://twitter.com/owlcyberdefense>
> >
> > 
> >
> > **
> >
> > The information contained in this transmission is for the personal and
> > confidential use of the individual or entity to which it is addressed.
> If the
> > reader is not the intended recipient, you are hereby notified that any
> review,
> > dissemination, or copying of this communication is strictly prohibited.
> If you
> > have received this transmission in error, please notify the sender
> immediately
> >
>
>

Re: all this github spam ?

[Beckerle, Mike]

This has to do with crypto mining?  Gaaak.

So their PR contains crypto mining code, and they are doing this to get the CI 
to run it as part of the way CI checks any PR?

Sounds like submitting a PR has to require a Capcha or 2-FA.



From: Steve Lawrence 
Sent: Wednesday, April 21, 2021 9:22 AM
To: dev@daffodil.apache.org 
Subject: Re: all this github spam ?

Unfortunately, I'm not sure there's anything we can do about it.

GitHub doesn't give any controls over who can/can't open a PR. We can't
even temporarily close PR's completely.

We could maybe make it so GitHub actions on PRs must be manually
triggered so the spammers cryptocurrency mining stuff would never run.
But that's a bit of a pain, and it relies on the spammers to realize
their stuff isn't being run anymore and take us off their list. My guess
is we're stuck on their list forever now.

These crypto mining attacks are a known issue for GitHub, hopefully
they're working on a solution. Tough, GitHub is eventually detecting
these are spam and closing the accounts and deleting the PRS, but not
until after the PR is created.

As to the archive issue, we could maybe ask infra to remove archives
that are clearly spam (all of them so far say "Demo titles Add
files...", so unique and consistent). But it doesn't solve the
underlying issue.


On 4/21/21 8:59 AM, Beckerle, Mike wrote:
> We seem to be fending off maybe 10 a day github spam attacks where people
> open/close pull requests.
>
> Is there something systematic we can do to avoid this?
>
> This pollutes our mailing lists. I know we can manually purge the PRs from
> github, but these things will live forever in the mail archives, adding a 
> bunch
> of random emails/account names to them, and generally making them less useful.
>
> Mike Beckerle | Principal Engineer
>
> mbecke...@owlcyberdefense.com <mailto:bhum...@owlcyberdefense.com>
>
> P +1-781-330-0412
>
> Connect with us!
>
> <https://www.linkedin.com/company/owlcyberdefense/><https://twitter.com/owlcyberdefense>
>
> <https://owlcyberdefense.com/resources/events/>
>
> **
>
> The information contained in this transmission is for the personal and
> confidential use of the individual or entity to which it is addressed. If the
> reader is not the intended recipient, you are hereby notified that any review,
> dissemination, or copying of this communication is strictly prohibited. If you
> have received this transmission in error, please notify the sender immediately
>

Re: all this github spam ?

[Steve Lawrence]

Unfortunately, I'm not sure there's anything we can do about it.

GitHub doesn't give any controls over who can/can't open a PR. We can't
even temporarily close PR's completely.

We could maybe make it so GitHub actions on PRs must be manually
triggered so the spammers cryptocurrency mining stuff would never run.
But that's a bit of a pain, and it relies on the spammers to realize
their stuff isn't being run anymore and take us off their list. My guess
is we're stuck on their list forever now.

These crypto mining attacks are a known issue for GitHub, hopefully
they're working on a solution. Tough, GitHub is eventually detecting
these are spam and closing the accounts and deleting the PRS, but not
until after the PR is created.

As to the archive issue, we could maybe ask infra to remove archives
that are clearly spam (all of them so far say "Demo titles Add
files...", so unique and consistent). But it doesn't solve the
underlying issue.


On 4/21/21 8:59 AM, Beckerle, Mike wrote:
> We seem to be fending off maybe 10 a day github spam attacks where people 
> open/close pull requests.
> 
> Is there something systematic we can do to avoid this?
> 
> This pollutes our mailing lists. I know we can manually purge the PRs from 
> github, but these things will live forever in the mail archives, adding a 
> bunch 
> of random emails/account names to them, and generally making them less useful.
> 
> Mike Beckerle | Principal Engineer
> 
> mbecke...@owlcyberdefense.com 
> 
> P +1-781-330-0412
> 
> Connect with us!
> 
> 
> 
> 
> 
> **
> 
> The information contained in this transmission is for the personal and 
> confidential use of the individual or entity to which it is addressed. If the 
> reader is not the intended recipient, you are hereby notified that any 
> review, 
> dissemination, or copying of this communication is strictly prohibited. If 
> you 
> have received this transmission in error, please notify the sender immediately
> 

all this github spam ?

[Beckerle, Mike]

We seem to be fending off maybe 10 a day github spam attacks where people 
open/close pull requests.

Is there something systematic we can do to avoid this?

This pollutes our mailing lists. I know we can manually purge the PRs from 
github, but these things will live forever in the mail archives, adding a bunch 
of random emails/account names to them, and generally making them less useful.

Mike Beckerle | Principal Engineer

[cid:dad50db4-6031-4eb8-bba5-24881987583e]

mbecke...@owlcyberdefense.com

P +1-781-330-0412

Connect with us!

[cid:c5dd57f6-59b7-42a8-8f72-3b5aec87ae58][cid:ce6f9108-6d36-4815-b1f6-8201448e03b5]

[cid:034fa20d-6e10-4ed7-8818-91fb58a12136]



The information contained in this transmission is for the personal and 
confidential use of the individual or entity to which it is addressed. If the 
reader is not the intended recipient, you are hereby notified that any review, 
dissemination, or copying of this communication is strictly prohibited. If you 
have received this transmission in error, please notify the sender immediately