Earlier today, a number of people I know have been spammed via GitHub issues and discussions, using @-mentions. Push notifications and emails sent. Very annoying because the report process for spamming on GitHub is not that quick.
Yes! I was disappointed at how many steps reporting the malicious user took. I think it was like 10 clicks to finally submit the report, almost like they wanted to make it difficult.
Well there's a dozen types of categories. First report took me 5 minutes, then I was down to 1 minute. Instead of writing a comment/justification I copy&paste a screenshot. Got a reply within 30 minutes and all spam got handled. I think that's faster and more straight forward than other platforms.
I was surprised at that as well. And there ended up not being a category that even fit the use case of a spam or phishing comment. I just chose the one that seemed to apply to spam or phishing code.
Yes, on a random discussion about editing the README I never interacted with, on a repo I like (BurntSushi's ripgrep) but do not remember interacting with, no star, no follow, no fork or anything else from me (I should star it and interact though, it's awesome).
A lady mentionning something getting wet, many mentions including me and the same type of link others mentionned.
Yeah I was deleting many such comments from the ripgrep tracker. At some point though, GitHub seems to have gotten wise to it and is deleting them before I can even get to them. (They still show up in email though.)
I agree with others that GitHub's reporting process for this kind of behavior is not great. It's good to make reporting take a few steps for cases involving real humans, but for obvious spamming or trolling, there should be a quicker way IMO.
EDIT: I also just got a phishing email saying "Your github account was successfully signed in to but we did not recognize the location of the sign in. You can review this sign in attempt by visiting the link below."
Yes, just happened this morning... First, I received a GitHub notification without tag (I even didn't know how is it possible) then I was tagged in a comment to a README "I’m completely nak*d Wanna see the photo" plus a link (obviously)...
Edit: It's in the "Discussions" GitHub tab.
Edit: Got a GH response:
"Our review of the account(s) and/or content named in your report has concluded. We have determined that one or more violations of GitHub’s Terms of Service have occurred and have taken appropriate action in response."
Yes, I contributed a small documentation fix to a service. I'm now assumed to be a maintainer and users tag me in issues whenever the service goes down.
These issues have hundreds of replies, and GitHub has UX problems on large issues: comments you're tagged in aren't immediately visible, which discourages reporting (it may take ~2/3 minutes to expand a conversation to find and report it).
It discourages future contributions to repos I don't maintain.
Yes. Yesterday. It was right after I commented on an issue. This is the first time I get that. The interesting thing is that the spam had users that didn't comment on the actual issue.
Happened to me a few days ago. Added to a korean github, a lot of repositories that are called "pre-onboarding" or something. Anyone know what is going on?
I got two of them today, one after the other. One was for a discussion or issue I had previously commented on, but one was another repository I had never interacted with in anyway. GitHub removed one before I could report it, and I reported the other one. Both comments @ing me and the users have been removed now. I'm wondering if they got hit by something or if some part of their spam detection system wasn't working. It wasn't clear what the rubric was for having my name @ed by the spammers.
