Skip to content

[ANNOUNCEMENT] WSL Issue spam - We're on it! #40028

@benhillis

Description

@benhillis
Member

I'm working through closing the huge influx of spam issues we received in the last day. GitHub does not have the best tools to do this, so my script is taking a while to close each issue.

Thank you for your patience.

Activity

pinned this issue on Mar 30, 2026
github-actions

github-actions commented on Mar 30, 2026

@github-actions
Contributor

Logs are required for review from WSL team

If this a feature request, please reply with '/feature'. If this is a question, reply with '/question'.
Otherwise, please attach logs by following the instructions below, your issue will not be reviewed unless they are added. These logs will help us understand what is going on in your machine.

How to collect WSL logs

Download and execute collect-wsl-logs.ps1 in an administrative powershell prompt:

Invoke-WebRequest -UseBasicParsing "https://raw.githubusercontent.com/microsoft/WSL/master/diagnostics/collect-wsl-logs.ps1" -OutFile collect-wsl-logs.ps1
Set-ExecutionPolicy Bypass -Scope Process -Force
.\collect-wsl-logs.ps1

The script will output the path of the log file once done.

If this is a networking issue, please use .\collect-wsl-logs.ps1 -LogProfile networking instead, following the instructions in Collect WSL logs for networking issues

Once completed please upload the output files to this GitHub issue.

See Collect WSL logs (recommended method).

If you choose to email these logs instead of attaching them to the bug, please send them to wsl-gh-logs@microsoft.com with the GitHub issue number in the subject, and include a link to your GitHub issue comment in the message body, and reply with '/emailed-logs'.

changed the title [-]WSL Issue spam - We're on it![/-] [+][ANNOUNCEMENT] WSL Issue spam - We're on it![/+] on Mar 30, 2026
github-actions

github-actions commented on Mar 30, 2026

@github-actions
Contributor

Logs are required for review from WSL team

If this a feature request, please reply with '/feature'. If this is a question, reply with '/question'.
Otherwise, please attach logs by following the instructions below, your issue will not be reviewed unless they are added. These logs will help us understand what is going on in your machine.

How to collect WSL logs

Download and execute collect-wsl-logs.ps1 in an administrative powershell prompt:

Invoke-WebRequest -UseBasicParsing "https://raw.githubusercontent.com/microsoft/WSL/master/diagnostics/collect-wsl-logs.ps1" -OutFile collect-wsl-logs.ps1
Set-ExecutionPolicy Bypass -Scope Process -Force
.\collect-wsl-logs.ps1

The script will output the path of the log file once done.

If this is a networking issue, please use .\collect-wsl-logs.ps1 -LogProfile networking instead, following the instructions in Collect WSL logs for networking issues

Once completed please upload the output files to this GitHub issue.

See Collect WSL logs (recommended method).

If you choose to email these logs instead of attaching them to the bug, please send them to wsl-gh-logs@microsoft.com with the GitHub issue number in the subject, and include a link to your GitHub issue comment in the message body, and reply with '/emailed-logs'.

kldhsh123

kldhsh123 commented on Mar 30, 2026

@kldhsh123

Crazy

benhillis

benhillis commented on Mar 30, 2026

@benhillis
MemberAuthor

eh, it is what it is. not the worst thing in the world to have to write a little python with my coffee on Sunday morning :)

MoYuan-CN

MoYuan-CN commented on Mar 30, 2026

@MoYuan-CN

If deletion is acceptable, could the script delete the issues entirely instead of just closing them? Closed issues still clutter the list and create unnecessary noise.

Fgaoxing

Fgaoxing commented on Mar 30, 2026

@Fgaoxing

@benhillis Please hold on a moment. I'm working on the corresponding script, though I can't guarantee it will work. As a Chinese developer, I just want to do my part, even if it might not be that useful.

VanillaNahida

VanillaNahida commented on Mar 30, 2026

@VanillaNahida

I'm working through closing the huge influx of spam issues we received in the last day. GitHub does not have the best tools to do this, so my script is taking a while to close each issue.

Thank you for your patience.

Good job. 👍

benhillis

benhillis commented on Mar 30, 2026

@benhillis
MemberAuthor

If deletion is acceptable, could the script delete the issues entirely instead of just closing them? Closed issues still clutter the list and create unnecessary noise.

yep I will be deleting the issues in a second pass, just closing them for now to make sure the script does the right thing.

VanillaNahida

VanillaNahida commented on Mar 30, 2026

@VanillaNahida

eh, it is what it is. not the worst thing in the world to have to write a little python with my coffee on Sunday morning :)

If deletion is acceptable, could the script delete the issues entirely instead of just closing them? Closed issues still clutter the list and create unnecessary noise.

GitHub allows the deletion of Issues. Please refer to the https://docs.github.com/zh/issues/tracking-your-work-with-issues/administering-issues/deleting-an-issue for details.

70 remaining items

Fgaoxing

Fgaoxing commented on Mar 30, 2026

@Fgaoxing

@xlionjuan 这是攻击者提供的

xlionjuan

xlionjuan commented on Mar 30, 2026

@xlionjuan

@xlionjuan 这是攻击者提供的

懂意思了

bddjr

bddjr commented on Mar 30, 2026

@bddjr

I also received phishing emails, but their links have expired and they will delete the repository after publishing to avoid censorship

我也收到了钓鱼邮件,但是他们的链接已经失效了,并且他们会在发布后删除仓库来避免审查

据我观察,钓鱼 discussions 可能不是主动删除的,是被收件人举报之后,被 Github 删除的。

攻击者构建钓鱼网站,然后使用 share.google 伪装成正规链接,以此试图诱导收件人上当受骗。

Based on my observation, the phishing discussions may not have been actively deleted by the user but were instead removed by GitHub after being reported by the recipient.

The attacker constructed a phishing website and disguised it as a legitimate link using share.google, attempting to trick the recipient into falling for the scam.

LyCecilion

LyCecilion commented on Mar 30, 2026

@LyCecilion
Image

赞同。我也收到了许多钓鱼邮件,包括但不限于伪装成 CVE 公告的。看起来是攻击者在自己的 repo 内建立 Discussion 并随机提及数十个人,使得其诈骗 Discussion 被推到受害者邮箱中,或 GitHub 公告中。后者尚且可以分辨,前者确实会在 Inbox 中吓人一跳。

Agreed. I’ve gotten a bunch of phishing emails too, including ones pretending to be CVE announcements. Looks like attackers are setting up Discussions in their own repos and randomly mentioning dozens of people, which pushes those scam Discussions straight into victims’ inboxes or GitHub notifications. The latter you can kinda spot, but the former can definitely give you a scare in your inbox.

SoGameStudio

SoGameStudio commented on Mar 31, 2026

@SoGameStudio

I suggest temporarily restricting GitHub issue submissions to disallow Chinese. Their goal is simply to pollute AI and SEO; if Chinese is prohibited, they will have no incentive. Even though Chinese is my native language, this seems like the most effective way to stop these bad actors from continuing their mischief

WingChunWong

WingChunWong commented on Mar 31, 2026

@WingChunWong

I suggest temporarily restricting GitHub issue submissions to disallow Chinese. Their goal is simply to pollute AI and SEO; if Chinese is prohibited, they will have no incentive. Even though Chinese is my native language, this seems like the most effective way to stop these bad actors from continuing their mischief

Github 是一个多元化的社区, 为什么我们需要禁止中文,仅仅因为上面的原因吗,那么会有一大群人在 Github Issue 提交使用翻译器翻译出来逻辑混乱的英文内容,从而阻挠开发者了解真正的问题,这会大大降低社区的协作效率

GitHub is a diverse community. So why ban Chinese? If it's just because of that, then a lot of people will post issues using machine-translated English that sounds confusing. That makes it harder for developers to figure out the real problem, and it really slows down collaboration.

banming-519

banming-519 commented on Mar 31, 2026

@banming-519

我认为我们不应该因为少数恶意行为就惩罚整个语言。刷 issue 的是恶意bot,不是所有中文开发者。更好的办法是加强风控等,比如人机验证、新账号限制、内容检测。禁止中文确实减少了 spam,但误伤了真正的中国开发者。

I don't think we should penalize an entire language because of a few malicious actors. The issue spam comes from bots, not from Chinese developers. A better approach would be to strengthen spam controls—such as captcha/PoW verification, new account restrictions, and content filtering. Blocking Chinese might reduce spam, but it would also unfairly harm legitimate Chinese contributors.

bddjr

bddjr commented on Mar 31, 2026

@bddjr

在Github,机器人可以随意在别人的仓库发布大量垃圾issue,然而用户每次举报这些垃圾issue都需要通过人机验证。

On GitHub, bots can freely post a large number of spam issues in other people's repositories, yet users have to go through CAPTCHA verification every time they report these spam issues.

WingChunWong

WingChunWong commented on Mar 31, 2026

@WingChunWong

I suggest temporarily restricting GitHub issue submissions to disallow Chinese. Their goal is simply to pollute AI and SEO; if Chinese is prohibited, they will have no incentive. Even though Chinese is my native language, this seems like the most effective way to stop these bad actors from continuing their mischief

Spam issue 可以用任何语言编写,且可以轻易的传播,就像这次的 spam issue 浪潮,我们所做的不应该是封锁中文在社区的使用,而是应该督促 Github 加强这方面的监管和审查,就像 @banming-519 所提到的那样

Spam issues can be written in any language and spread easily. As seen in this wave of spam issues, instead of banning the use of Chinese in the community, we should urge GitHub to strengthen supervision and review, just as @banming-519 suggested.

SoGameStudio

SoGameStudio commented on Mar 31, 2026

@SoGameStudio

我认为我们不应该因为少数恶意行为就惩罚整个语言。刷 issue 的是恶意bot,不是所有中文开发者。更好的办法是加强风控等,比如人机验证、新账号限制、内容检测。禁止中文确实减少了 spam,但误伤了真正的中国开发者。

I don't think we should penalize an entire language because of a few malicious actors. The issue spam comes from bots, not from Chinese developers. A better approach would be to strengthen spam controls—such as captcha/PoW verification, new account restrictions, and content filtering. Blocking Chinese might reduce spam, but it would also unfairly harm legitimate Chinese contributors.

I suggest temporarily restricting GitHub issue submissions to disallow Chinese. Their goal is simply to pollute AI and SEO; if Chinese is prohibited, they will have no incentive. Even though Chinese is my native language, this seems like the most effective way to stop these bad actors from continuing their mischief

Github 是一个多元化的社区, 为什么我们需要禁止中文,仅仅因为上面的原因吗,那么会有一大群人在 Github Issue 提交使用翻译器翻译出来逻辑混乱的英文内容,从而阻挠开发者了解真正的问题,这会大大降低社区的协作效率

GitHub is a diverse community. So why ban Chinese? If it's just because of that, then a lot of people will post issues using machine-translated English that sounds confusing. That makes it harder for developers to figure out the real problem, and it really slows down collaboration.

My suggestion isn't about targeting any language, but rather finding a short-term workaround to disincentivize these specific attackers. It's a tough trade-off between communication ease and stopping the spam. Hopefully, a better solution from GitHub will allow us to get back to normal soon."
​我的建议并不是针对某种语言,而是寻找一种短期权宜之计,让这些特定的攻击者失去动力。这是在沟通便利和阻止垃圾信息之间的一个艰难权衡。希望 GitHub 的更好解决方案能让我们尽快恢复正常

xlionjuan

xlionjuan commented on Mar 31, 2026

@xlionjuan

GitHub 已經擺爛非常多年了,證據在此,我不信至少 2023 年就出現的東西到現在還解決不了

https://github.com/orgs/community/discussions/191078#discussioncomment-16382970

WingChunWong

WingChunWong commented on Mar 31, 2026

@WingChunWong
xlionjuan

xlionjuan commented on Mar 31, 2026

@xlionjuan

去 X 上面搜就會找到幾年前有人在抱怨 GitHub 散播病毒的問題

其中一個還是 Caddy 創始人

Image Image

然後不久前 OpenClaw 也有人用方法開 Discussion 發虛擬貨幣詐騙,這證明了 GitHub 針對 spam 控制的無能

Image

Image from my email

SoGameStudio

SoGameStudio commented on Mar 31, 2026

@SoGameStudio
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Metadata

Metadata

Assignees

No one assigned

    Labels

    No labels
    No labels

    Type

    No type

    Projects

    No projects

    Milestone

    No milestone

    Relationships

    None yet

      Development

      No branches or pull requests

        Participants

        @DoctorWho8@benhillis@xlionjuan@LaoshuBaby@SoGameStudio

        Issue actions