↧
GitHub actions disabled due to malicious PR
I very recently received a malicious PR that looks like a cryptocurrency miner abuse. At first, I only closed the issue not knowing that the actions in the malicious PR would run. After realising that...
View ArticleGitHub actions disabled due to malicious PR
I’d contact GitHub support at https://support.github.com/contact and talk to them about this. Read full topic
View ArticleGitHub actions disabled due to malicious PR
Those who’re here because of the miner’s attacks, here’s my approach: Lock the conversation. (otherwise, the miner will reopen the PR) Block the user. (so that no more PRs could be opened) Cancel...
View ArticleGitHub actions disabled due to malicious PR
Thanks for your answers. I’ve contacted GitHub support. In my case, I’ve also limited the PR for new accounts since I’ve had another similar PR, a few hours later, from another throwaway account. Read...
View Article