Why were the Issue and Pull Request interfaces hacked #21802
Unanswered
Nanaloveyuki
asked this question in
General
Replies: 2 comments 1 reply
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
I'm sorry, this is my first time participating in the discussion of this project, even though it's not related to the code features of the project.
But I want to say:
It's crazy!
I'm not sure what exactly happened, but I learned from Tencent QQ channel that the warehouse had this issue (being hacked) In just a short period of time, we have accumulated hundreds or thousands of such advertising content.
They (intruders) publish such content in Issues and PRs and also use Chinese computer professional keywords to confuse possible automated reviews.
They have already infiltrated multiple repositories by introducing external Github repository links, inserting images, and other methods.
To avoid the current situation from happening again, I personally suggest temporarily closing the channels for publishing issues and PRs