I launched an open source side project last month and bots have been taking over β well, hopefully not?
A little background: I maintain a repo at Github for over a month now, and new issues from different people are popping up. This is great - more people wanted to collaborate!
I made it beginner-friendly so that people can have an introduction to open source. This wasn't the initial goal, but I'm happy with the direction it's taking. Sometimes though, there would be a surge of new issues with odd titles, and the description would be a default template. π€·ββοΈ
Here's the running list of all the ones we've caught so far. Attaching some sample issues below:
984971
#182
Is your feature request related to a problem? Please describe. A clear and concise description of what the problem is. Ex. I'm always frustrated when [...]
Describe the solution you'd like A clear and concise description of what you want to happen.
Describe alternatives you've considered A clear and concise description of any alternative solutions or features you've considered.
Additional context Add any other context or screenshots about the feature request here.
Hi sir how ryou
#133
Is your feature request related to a problem? Please describe. A clear and concise description of what the problem is. Ex. I'm always frustrated when [...]
Describe the solution you'd like A clear and concise description of what you want to happen.
Describe alternatives you've considered A clear and concise description of any alternative solutions or features you've considered.
Additional context Add any other context or screenshots about the feature request here. Hi sir how r you how to use mikmon
Shoutout to @vaibhavkhulbe for always checking on the issues page, a great guy to collaborate with!
I gave them the benefit of the doubt at first. Maybe they're just first time contributors, right? It started to get really fishy though. There was even a PR that featured Python code, when the repository was built with Vue.js and Node.js. What is "kay"? π
To be quite frank, I was just really confused at how this small project was found. So what steps did I take? Note this for your future π€ encounters!
1. π΅οΈββοΈ Check the accounts
First thing you can do is to visit the account's Github profile page to determine if the account is legit or not. The people (or are they even people?) opening up these issues had some things in common:
- Blank GitHub Profile
- Little to no activity
- Newly created accounts
Compare these two and tell me which is more suspicious:
Quick tip: Set up your GitHub Profile. Add a display picture and a short summary about yourself!
2. π Categorize the created issues
I didnβt want these issues to clutter up the Issues page since this is one of the first pages that people go to when they want to contribute. So we got to clean this up by:
- Removing any attached labels and adding an invalid label
- Closing the issue
3. π¨ Report the accounts
Last thing to do is to report the user who created the issue. You can do this in two ways. Do note that you can only report a few accounts at a time!
Report from the issue itself
Report from the user's page
This will then show up GitHubβs report page, and you can add in details about your complaint there. I have yet to receive any confirmation on the reports I made from Github though. :(
These definitely lessened the spam issues coming in, but itβs not completely gone yet. Have you experienced this with your repository? What preventive measures did you take? I would love to know!
Top comments (6)
What do the spammers have to gain from this? Are they just trying to legitimize the fake profiles? I guess legitimate-looking profiles could be used to infiltrate open source libraries. Creepy.
Thanks for the tips!
Right? I feel like this would be a bigger threat as well to larger repos!
Thanks for the mention and making this wonderful project open-source Jaye. π€
Haha, just visited this article (after a few weeks...) and yes I've never seen any active repo having so many bot issues!! That's both hilarious (looking at what they write in issues) and a serious concern for GitHub I think. Don't know how may other repos might've been affected by this truckload of fake issues :(
Yeah I do agree - itβs a serious concern they should probably look into more!
How bizarre!
I'm interested in having a look at your project, heading over now to have a nosey π
Haha what a side effect π thanks!