loading...
Cover image for Sudden Influx of Issues in my Github Repo? πŸ€–

Sudden Influx of Issues in my Github Repo? πŸ€–

jayehernandez profile image Jaye Hernandez ・3 min read

I launched an open source side project last month and bots have been taking over β€” well, hopefully not?

A little background: I maintain a repo at Github for over a month now, and new issues from different people are popping up. This is great - more people wanted to collaborate!

I made it beginner-friendly so that people can have an introduction to open source. This wasn't the initial goal, but I'm happy with the direction it's taking. Sometimes though, there would be a surge of new issues with odd titles, and the description would be a default template. πŸ€·β€β™€οΈ

Here's the running list of all the ones we've caught so far. Attaching some sample issues below:

984971 #182

Is your feature request related to a problem? Please describe. A clear and concise description of what the problem is. Ex. I'm always frustrated when [...]

Describe the solution you'd like A clear and concise description of what you want to happen.

Describe alternatives you've considered A clear and concise description of any alternative solutions or features you've considered.

Additional context Add any other context or screenshots about the feature request here.


Hi sir how ryou #133

Is your feature request related to a problem? Please describe. A clear and concise description of what the problem is. Ex. I'm always frustrated when [...]

Describe the solution you'd like A clear and concise description of what you want to happen.

Describe alternatives you've considered A clear and concise description of any alternative solutions or features you've considered.

Additional context Add any other context or screenshots about the feature request here. Hi sir how r you how to use mikmon

Shoutout to @vaibhavkhulbe for always checking on the issues page, a great guy to collaborate with!

I gave them the benefit of the doubt at first. Maybe they're just first time contributors, right? It started to get really fishy though. There was even a PR that featured Python code, when the repository was built with Vue.js and Node.js. What is "kay"? πŸ˜‚

To be quite frank, I was just really confused at how this small project was found. So what steps did I take? Note this for your future πŸ€– encounters!

1. πŸ•΅οΈβ€β™€οΈ Check the accounts

First thing you can do is to visit the account's Github profile page to determine if the account is legit or not. The people (or are they even people?) opening up these issues had some things in common:

  • Blank Github Profile
  • Little to no activity
  • Newly created accounts

Compare these two and tell me which is more suspicious:

Bot account
My account

Quick tip: Set up your Github Profile. Add a display picture and a short summary about yourself!

2. πŸ—„ Categorize the created issues

I didn’t want these issues to clutter up the Issues page since this is one of the first pages that people go to when they want to contribute. So we got to clean this up by:

  • Removing any attached labels and adding an invalid label
  • Closing the issue

Comment and close issue

3. 🚨 Report the accounts

Last thing to do is to report the user who created the issue. You can do this in two ways. Do note that you can only report a few accounts at a time!

  • Report from the issue itself
    Alt Text

  • Report from the user's page
    Alt Text

This will then show up Github’s report page, and you can add in details about your complaint there. I have yet to receive any confirmation on the reports I made from Github though. :(

These definitely lessened the spam issues coming in, but it’s not completely gone yet. Have you experienced this with your repository? What preventive measures did you take? I would love to know!

Posted on Jun 24 by:

jayehernandez profile

Jaye Hernandez

@jayehernandez

Full stack dev over at BeautyMnl.com! Always in the look out for new things to learn ✨

Discussion

markdown guide
 

What do the spammers have to gain from this? Are they just trying to legitimize the fake profiles? I guess legitimate-looking profiles could be used to infiltrate open source libraries. Creepy.

Thanks for the tips!

 

Right? I feel like this would be a bigger threat as well to larger repos!

 

How bizarre!

I'm interested in having a look at your project, heading over now to have a nosey πŸ˜ƒ

 

Haha what a side effect 😁 thanks!