I caught someone using a pull request against one of...

I caught someone using a pull request against one of my GitHub repositories to trigger crypto-currency mining via a GitHub action. I took a snapshot of it with archive-web-page here after reporting it to GitHub:

https://inkdroid.org/web-archives/github-bitcoin-mining/

It seems like this is a thing now: https://www.bleepingcomputer.com/news/security/github-actions-being-actively-abused-to-mine-cryptocurrency-on-github-servers/ The only way to turn it off is to only run actions that are defined by the repository?

Like 17 Apr 2021 at 16:27 | Open on social.coop

4 comments

Ed Summers

FWIW I'm glad I took a snapshot of the pull request pages with https://archiveweb.page because GitHub have deleted the PR, so it's like it never existed.

17 Apr 2021 at 20:47 | Open on social.coop

Ed Summers

Another "user" started doing this too, so I guess my whitelisting of allowed actions wasn't enough to block the shell commands in the action. I'll just have to disable actions altogether for the moment.

GitHub have since added a form option for cryptocurrency mining when reporting abuse:

18 Apr 2021 at 14:57 | Open on social.coop

Ed Summers

This seems like a sensible solution: https://github.blog/changelog/2021-04-22-github-actions-maintainers-must-approve-first-time-contributer-workflow-runs/

23 Apr 2021 at 1:43 | Open on social.coop

Darius Kazemi

@edsu ha. Yes.

23 Apr 2021 at 1:50 | Open on friend.camp