Earlier today, a number of people I know have been spammed via GitHub issues and discussions, using @-mentions. Push notifications and emails sent. Very annoying because the report process for spamming on GitHub is not that quick.
Yes! I was disappointed at how many steps reporting the malicious user took. I think it was like 10 clicks to finally submit the report, almost like they wanted to make it difficult.
Yep.<p>The content of the email was:<p>"
Message me when you are free <a href="https://to.sv/SomeUUID" rel="nofollow">https://to.sv/SomeUUID</a><p><list of about 40 users w/ @ sign preceding their github handle><p>Hey All my photos and videos here <a href="https://to.sv/SameUUIDAsAbove" rel="nofollow">https://to.sv/SameUUIDAsAbove</a>
"<p>Very suspicious. I searched the URL on a malicious link lookup site and found "7 security vendors flagged this URL as malicious"
Yes, on a random discussion about editing the README I never interacted with, on a repo I like (BurntSushi's ripgrep) but do not remember interacting with, no star, no follow, no fork or anything else from me (I should star it and interact though, it's awesome).<p>A lady mentionning something getting wet, many mentions including me and the same type of link others mentionned.
Yes, just happened this morning... First, I received a GitHub notification without tag (I even didn't know how is it possible) then I was tagged in a comment to a README "I’m completely nak*d Wanna see the photo" plus a link (obviously)...<p>Edit: It's in the "Discussions" GitHub tab.<p>Edit: Got a GH response:<p>"Our review of the account(s) and/or content named in your report has concluded. We have determined that one or more violations of GitHub’s Terms of Service have occurred and have taken appropriate action in response."
Yes, I contributed a small documentation fix to a service. I'm now assumed to be a maintainer and users tag me in issues whenever the service goes down.<p>These issues have hundreds of replies, and GitHub has UX problems on large issues: comments you're tagged in aren't immediately visible, which discourages reporting (it may take ~2/3 minutes to expand a conversation to find and report it).<p>It discourages future contributions to repos I don't maintain.
Got one, the links and repo look legit (on first glance at least). But I have absolutely no idea why I am cc'ed on it.<p>I'm replacing the specifics with words in "<>", but here's the title of my mail from notifications@github.com:<p>Re: [<user>/<repo>] <what looks like an issue title> (Discussion <#number>)
Yes. Yesterday. It was right after I commented on an issue. This is the first time I get that. The interesting thing is that the spam had users that didn't comment on the actual issue.
Happened to me a few days ago. Added to a korean github, a lot of repositories that are called "pre-onboarding" or something. Anyone know what is going on?