Suspicious activity in my GitActions #26598
-
I have this run I noticed this morning in my actions that appears like a system update, but I’m afraid it may be doing things with crypto. github.comRichardTMiles/CarbonPHPA PHP 7.4+ tool kit designed for SEO optimization The run above has nothing to do with my repository and when I click any link to the user or commit it 404’s. I know how containers work and as an open source project I don’t very much care about access if any, as I would assume not, in case of bad actors. I figure it maybe a bug, but best reported somewhere. Best, |
Beta Was this translation helpful? Give feedback.
Replies: 5 comments
-
There are some cryptomining attacks going on at the moment, so it might be one of those: The Record by Recorded Future – 2 Apr 21GitHub investigating crypto-mining campaign abusing its server infrastructure...Code-hosting service GitHub is actively investigating a series of attacks against its cloud infrastructure that allowed cybercriminals to implant and abuse the company's servers for illicit crypto-mining operations, a spokesperson told The Record... Est. reading time: 3 minutes On the plus side I guess the 404 on user and pull request indicate that account has been blocked already. |
Beta Was this translation helpful? Give feedback.
-
There’s no permanent setting to limit contributions to only collaborators but the temporary interaction limits could be helpful in preventing this in the future. docs.github.comLimiting interactions in your repository - GitHub DocsSo you can enable them for up to 6 months but would have to enable again after that time period. We have received feedback from other GitHub users that having a permanent interaction limit would be useful and we can definitely advocate for this feature to the Actions product team. |
Beta Was this translation helpful? Give feedback.
-
I wouldn’t care if it was related at all. It looks like spam. I can’t access the users account or the commit in question. I wouldn’t want bots using actions servers to mine crypto. |
Beta Was this translation helpful? Give feedback.
-
Glad everyone is aware :slight_smile: |
Beta Was this translation helpful? Give feedback.
-
Thanks for the update - hope all goes well!! |
Beta Was this translation helpful? Give feedback.
There’s no permanent setting to limit contributions to only collaborators but the temporary interaction limits could be helpful in preventing this in the future.
docs.github.com
Limiting interactions in your repository - GitHub Docs
//docs.github.com/en/communities/moderating-comments-and-conversations/limiting-interactions-in-your-repository
So you can enable them for up to 6 months but would have to enable again after that time period.
We have received feedback from other GitHub users that having a permanent interaction limit would be useful and we can definitely advocate for this feature to the Actions product team.