-
Select Topic AreaQuestion BodyI opened an issue on a repo and immediately got two identical comments asking me to download something and to install it: napari/napari#7213. Why can't I flag comments or accounts for review such as can be done on other platforms? |
Beta Was this translation helpful? Give feedback.
Replies: 15 comments 19 replies
-
I got the same problem but i noticed more and more are getting flagged as spam and getting removed |
Beta Was this translation helpful? Give feedback.
-
There is a huge number of these spam comments, they all seem to be pointing to the same link: https://github.com/search?q=%22https%3A%2F%2Fwww.mediafire.com%2Ffile%2Fo50xaz6wgtazqnx%2Ffix.zip%2Ffile%22&type=issues |
Beta Was this translation helpful? Give feedback.
-
Hi @macromeer, 👋🏻. The best route to get this to the proper GitHub team is to use our abuse reporting tools. Here's all the info: You can report behavior and content that violates community guidelines and terms. We are going to close this post, but for this and any future incidents, please refer to the links above. Thank you! |
Beta Was this translation helpful? Give feedback.
-
It would be great if GitHub had some internal monitoring for such patterns. Many accounts suddenly posting the same link - especially one never seen before - is suspicious and warrants a human to have a look. |
Beta Was this translation helpful? Give feedback.
-
still commenting malware links |
Beta Was this translation helpful? Give feedback.
-
Just got 4 different users at pnp/powershell#4193 in 5 minutes leaving malware comments. Reported as many as I could before GitHub report system told me I reported too many :P |
Beta Was this translation helpful? Give feedback.
-
Virustotal run of the passwordless rar file: https://www.virustotal.com/gui/file/f0e6b26c9bbc64d0724108b2c3b23753ee2232d4975a39489a129e419299250e |
Beta Was this translation helpful? Give feedback.
-
a simple search of all issues for "password: changme" shows over 4k posts with the same malware in the last 32hrs; some have been deleted but there are alot that have yet to be addressed; especially in large/popular gits such as home assistant. https://github.com/search?q=%22password%3A+changeme%22&type=issues |
Beta Was this translation helpful? Give feedback.
-
After further investigation I have determined that it is automatically replying to new comments; i have had over 30 instances of it immediately replying with another malware link the moment i post a warning. |
Beta Was this translation helpful? Give feedback.
-
they have now changed from mediafire to a bit.ly link, but the gcc and password part is still included. |
Beta Was this translation helpful? Give feedback.
-
Thanks all for sending updates! The Platform Health team is aware of this issue and are continuing to monitor it. |
Beta Was this translation helpful? Give feedback.
-
They now switched to spamming issues. |
Beta Was this translation helpful? Give feedback.
-
This issue still persists. I've also spammed by someone just few hours ago and I've reported that. Looking forward to official updates. |
Beta Was this translation helpful? Give feedback.
-
They are back (astral-sh/uv#7018 (comment)): |
Beta Was this translation helpful? Give feedback.
Thanks all for sending updates! The Platform Health team is aware of this issue and are continuing to monitor it.