Spam on GitHub now seems to be doping up🐜constantly.
But WHY?
I know spam isn’t new. Fraud, malware, or 'next-to-spot' content is the challenge of any user-generated platform. But I can't believe it's rising dramatically on GitHub. Also going on in the DEV Community comment section.🤦♂️
🕵️♂️ Crypto Scam in the Tangle
I recently noticed a change in crypto related spam on GitHub. This scam floods GitHub, tagging a thousands of users before quickly getting deleting.
It’s also a clever way to prevent unsolicited mail filters and make reporting more difficult. And then it’s not just a minor problem. These spammy comments can persist for months, damaging the popularity of the platform.
These accounts that seem suspicious have a few things in common:
- 🚫 No Picture: They don't have any pictures on their profiles.
- 💤 Not Much Activity: Even though they've been around for a while, they haven't done much on the site.
- 🧹 Few or No Projects: If they have any projects, they usually only have one, and it's not very active.
It's crazy that GitHub doesn't have a report button! Do you know how to report something? You have to copy the link, go to the user's profile, click Block & Report, then click Report Abuse. After that, you have to click a bunch more buttons, like saying it's harmful or suspicious content😏. Finally, you paste the link and explain why it's bad. It's way too complicated! I've never reported anything because it's too much work. If GitHub wants users to help, they need to make it easier!
🦟 GitHub's Weak point
GitHub setups seems to offer the worst when it comes to managing spam.
It immediately sends out email notifications upon posting, even for spam posts, and then quickly deletes postings, making it harder to report.
It’s a gap that spammers cleverly exploit, annoying users.
It’s a relentless attack that current systems on GitHub struggle to incorporate. With spammers changing their tactics, it is becoming increasingly difficult to effectively address the problem.
GitHub’s current reporting system is a complex problem, with multiple steps on different pages. It is time-consuming and inefficient, and discourages users from spamming.
Security tools tend to take a backseat💤 to premium features, so it’s no wonder the platform struggles to keep up with spam attacks.
🪂 Solutions
So, what's the solution here? What options does GitHub have? Well, I've got a couple of "simple" ideas.
- 🔄 Check if users are copying and pasting the same comments everywhere in a short period of time.
- 🧆 Compare comments across the site to catch patterns.
- 🚩 Watch out for users tagging lots of people repeatedly.
First off, if a user is dropping lots of comments in a short time, maybe GitHub could check if those comments are mostly identical.
Sure, this might catch some real users who use templates, but there's gotta be a way to weigh that against other factors like their activity history. If someone's got no repos, no commits, no profile pic, bio, SSH keys, and they're just commenting, that's a bunch of red flags.
Moreover, if lots of comments have the same title, content, image, and links, and they're tagging the same people, that's a big red flag.
🛬 Conclusion: Time to change
Spam on GitHub isn’t just a minor problem; It is a serious threat to the integrity of the platform and the user experience.
It’s time for GitHub to prioritize security measures and invest in robust anti-spam tools. By doing so, they can provide a safe and happy environment for all users.
I'm sure smart folks are working on it, but they need a solid plan. Maybe train some AI to filter or rank comments automatically. If there are too many red flags, hold those comments for human review. Spam isn't new, and it's only getting worse.
Hopefully GitHub will hear this call for change and take reasonable steps to address this persistent issue. Ultimately, a more secure GitHub benefits everyone.👍
Thank you for taking the time to read this article.
If you’ve encountered similar issues on GitHub or have an idea you’d like to share, please leave a comment below. Your contribution can be valuable in helping developer community address this challenges effectively.
🚧If you ever wondered about the future of frontend development, you can read this article.
Top comments (17)
I havnt seen this and I do check GH a few times a day and my email. You can problu make a userscript to make it easer to report this.
Thanks.. I will try.
Will try it, thanks for sharing
Where is Microsoft's AI? Can't AI identify robots from normal users?
It is a shame for github to use 2FA and still can't prevent spams.
And 2FA caused a lot normal users fail to login!
Yeah.. that's true. Microsoft's AI is not intelligent enough to handle that. I found two popular SPAM issues that developers facing on GitHub:
"WHY IS MY ACCOUNT FLAGGED AS SPAM?!"
Here is another one: "You are marked as spam, and therefore cannot authorize a third party application."
These GitHub discussions offer solutions to FIX them.
They are/will be getting better by ai-generating a variety of repos and commits, and the only thing that can be characteristic is account recency, which can also be overcome by advance planning.
There are also at least hundreds if not thousands of bot accounts here on dev.to, some of which link to spam accounts on github.
I agree. bot accounts are messing up everywhere.
Yup. Got tagged twice about that crypto scam on GitHub
Report them all 🤦♂️
Same here. GitHub is the last site I would expect they would use for this purpose.
Exactly, me too!
The problem is there are way too many "normal" people registered on GitHub. Spam doesn't work on devs, we're too smart, so when there was only devs on GitHub everybody left us alone. Today there's 100 million users on the platform.
Realizing there's only 27 million devs in the world implies 73 million of its users are not devs, resulting in psychopath marketers having embraced it for spam purposes ...
Return it back to devs and no more problem ...
YOU NAILED IT. It's unlikely that developers would intentionally spam people or fall for spamming tactics. I don't believe it. Of course, "we are too smart" than that. The real issue arises when these interruptions disrupt our workflow.
If you’ve been scammed I suggest you should first gather all the evidence and contact a recovery specialist. In my case, the process took 24 hours . I was able to get back a substantial amount of the money lost, may I suggest Ben Recover . They helped me recover my funds with good counselling and financial support system that can help you at this difficult time. If you have been a victim to internet related frauds do not hesitate to reach out to hackerrone90 ⓐ gmail COM —they’re reliable
I was scammed a huge amount on an online trading platform. I lost all hope until I come across a recover professional on reddit that helped me retrieve all my lost funds as well as supposed profits. I’d be glad to share my experience and how I retrieve my funds kindly email ( hackerrone90 @ GMAIL COM )
?? How do you get spam on GitHub? I don't get it. I've certainly never had any
Cool.. You never experienced it. However some people get spam through Pull requests, repositories, or user profiles promoting irrelevant or harmful content. sometimes it gets worse.