GitHub actions disabled due to malicious PR

I very recently received a malicious PR that looks like a cryptocurrency miner abuse. At first, I only closed the issue not knowing that the actions in the malicious PR would run. After realising that the malicious action was running despite the PR being closed, I’ve cancelled it and change the action policy to “Allow local action only” but now actions are disabled for my account.

How can I enable actions again for my account?

I’d contact GitHub support at https://support.github.com/contact and talk to them about this.

2 Likes

Those who’re here because of the miner’s attacks, here’s my approach:

  1. Lock the conversation. (otherwise, the miner will reopen the PR)
  2. Block the user. (so that no more PRs could be opened)
  3. Cancel workflows (so that your Actions aren’t mining for someone’s wallet)
  4. Report about the user (to let GH ban it sooner)
    I recommend this exact ordering.
1 Like

Thanks for your answers. I’ve contacted GitHub support.

In my case, I’ve also limited the PR for new accounts since I’ve had another similar PR, a few hours later, from another throwaway account.

1 Like