Programming with ShahanSpam on GitHub now seems to be doping up🐜constantly.
But WHY?
I know spam isn’t new. Fraud, malware, or 'next-to-spot' content is the challenge of any user-generated platform. But I can't believe it's rising dramatically on GitHub. Also going on in the DEV Community comment section.🤦♂️
🕵️♂️ Crypto Scam in the Tangle
I recently noticed a change in crypto related spam on GitHub. This scam floods GitHub, tagging a thousands of users before quickly getting deleting.
It’s also a clever way to prevent unsolicited mail filters and make reporting more difficult. And then it’s not just a minor problem. These spammy comments can persist for months, damaging the popularity of the platform.
These accounts that seem suspicious have a few things in common:
- 🚫 No Picture: They don't have any pictures on their profiles.
- 💤 Not Much Activity: Even though they've been around for a while, they haven't done much on the site.
- 🧹 Few or No Projects: If they have any projects, they usually only have one, and it's not very active.
It's crazy that GitHub doesn't have a report button! Do you know how to report something? You have to copy the link, go to the user's profile, click Block & Report, then click Report Abuse. After that, you have to click a bunch more buttons, like saying it's harmful or suspicious content😏. Finally, you paste the link and explain why it's bad. It's way too complicated! I've never reported anything because it's too much work. If GitHub wants users to help, they need to make it easier!
🦟 GitHub's Weak point
GitHub setups seems to offer the worst when it comes to managing spam.
It immediately sends out email notifications upon posting, even for spam posts, and then quickly deletes postings, making it harder to report.
It’s a gap that spammers cleverly exploit, annoying users.
It’s a relentless attack that current systems on GitHub struggle to incorporate. With spammers changing their tactics, it is becoming increasingly difficult to effectively address the problem.
GitHub’s current reporting system is a complex problem, with multiple steps on different pages. It is time-consuming and inefficient, and discourages users from spamming.
Security tools tend to take a backseat💤 to premium features, so it’s no wonder the platform struggles to keep up with spam attacks.
🪂 Solutions
So, what's the solution here? What options does GitHub have? Well, I've got a couple of "simple" ideas.
- 🔄 Check if users are copying and pasting the same comments everywhere in a short period of time.
- 🧆 Compare comments across the site to catch patterns.
- 🚩 Watch out for users tagging lots of people repeatedly.
First off, if a user is dropping lots of comments in a short time, maybe GitHub could check if those comments are mostly identical.
Sure, this might catch some real users who use templates, but there's gotta be a way to weigh that against other factors like their activity history. If someone's got no repos, no commits, no profile pic, bio, SSH keys, and they're just commenting, that's a bunch of red flags.
Moreover, if lots of comments have the same title, content, image, and links, and they're tagging the same people, that's a big red flag.
🛬 Conclusion: Time to change
Spam on GitHub isn’t just a minor problem; It is a serious threat to the integrity of the platform and the user experience.
It’s time for GitHub to prioritize security measures and invest in robust anti-spam tools. By doing so, they can provide a safe and happy environment for all users.
I'm sure smart folks are working on it, but they need a solid plan. Maybe train some AI to filter or rank comments automatically. If there are too many red flags, hold those comments for human review. Spam isn't new, and it's only getting worse.
Hopefully GitHub will hear this call for change and take reasonable steps to address this persistent issue. Ultimately, a more secure GitHub benefits everyone.👍
Thank you for taking the time to read this article.
If you’ve encountered similar issues on GitHub or have an idea you’d like to share, please leave a comment below. Your contribution can be valuable in helping developer community address this challenges effectively.
🚧If you ever wondered about the future of frontend development, you can read this article.
