A phishing campaign has been ongoing in the last 4 hours, opening more than 11.5k issues containing the wording "We have detected a login attempt on your GitHub account that appears to be from a new location or device." and links to a render.com hosted site.<p>Do not click any of the links!<p>Every once in a while this seems to reoccur, and I realize how slow GitHub is at deleting the spam issues or comments. Why doesn't GitHub fix this?
I recognize that anti-abuse is a neverending cat and mouse game, and hindsight is 20/20, but it seems like malicious activity like this should be easily detected - how often does a legitimate account suddenly post 300 issues across many different repos?<p>Part of the challenge may be the moderation effort with false positives if you make detection more sensitive, but it seems like some investment in a pending/flagged activity section with approval delegated to repo owners could work well?<p>In a past life, one of the more effective anti-abuse mechanisms was intentionally introducing latency between attempt and confirmation, on the order of a week. If every time you try to see if you've evaded detection takes a week to confirm, you can't iterate on abuse nearly as quickly and are more likely to give up and move onto other targets. Obviously the amount of acceptable latency you can introduce will depend on the system/product...
Link to search results: <a href="https://github.com/search?q=%22We+have+detected+a+login+attempt+on+your+GitHub+account+that+appears+to+be+from+a+new+location+or+device.%22&type=issues&s=created&o=desc" rel="nofollow">https://github.com/search?q=%22We+have+detected+a+login+atte...</a>