It seems github spambots are at it again... I'm surprised all these automations are not caught by github.. it is quite obvious something is up just looking at the time these issue comments are made in clickhouse playground database...
clickhouse has pretty good github_events dataset on playground that folks can use to do some research - some info on the dataset https://ghe.clickhouse.tech/
Yeah. It would be interesting to see who adopted to the compromised versions and how quickly, compared to how quickly they normally adopt new versions (not bots pulling upgrades, but how quickly maintainers approve and merge them)
If there were a bunch of people who adopted it abnormally fast compared to usual, might point to there being more "bad actors" in this operation (said at the risk of sounding paranoid if this turns out to be a state run thing)
Sad to see so many people getting scam these days, One of the idea I have and wish someone could take the time to implement is a self-registering platform where you can declare your information was previously stolen and used in a scam - The system will hash this information in multiple way, without storing them, such that, banks, financial institutions, or even mobilephone providers (think sim swap attack) can submit some users information and said system would come back with a result based on some matching of hashes(eg first name, dob, address or last name, dob, social security number). Ideally, it would result in the banks doing more vigorous check on user's identity like actually seeing them in person if this check fails rather than taking everything submitted over some web-form as is.
I have had family member who had their identity stolen for many years and it kept on going, it's super frustrating.
```
select repo_name,event_type,body from github_events where event_type in ('IssueCommentEvent','IssuesEvent','PullRequestEvent','PullRequestReviewCommentEvent') and match (body,'.10\.\d{4,9}\/[-\._;()\/:A-Z0-9]+.') limit 10
```
Check out documentation for git-import:
./clickhouse git-import --help
Then the tool can be run directly inside the git repository.
It will collect data like commits, file changes and changes of every
line in every file for further analysis.
It works well even on largest repositories like Linux or Chromium.
Example of a trivial query:
SELECT author AS k, count() AS c FROM line_changes WHERE
file_extension IN ('h', 'cpp') GROUP BY k ORDER BY c DESC LIMIT 20
Example of some non-trivial query - a matrix of authors, how much code
of one author is removed by another:
SELECT k, written_code.c, removed_code.c,
round(removed_code.c * 100 / written_code.c) AS remove_ratio
FROM (
SELECT author AS k, count() AS c
FROM line_changes
WHERE sign = 1 AND file_extension IN ('h', 'cpp')
AND line_type NOT IN ('Punct', 'Empty')
GROUP BY k
) AS written_code
INNER JOIN (
SELECT prev_author AS k, count() AS c
FROM line_changes
WHERE sign = -1 AND file_extension IN ('h', 'cpp')
AND line_type NOT IN ('Punct', 'Empty')
AND author != prev_author
GROUP BY k
) AS removed_code USING (k)
WHERE written_code.c > 1000
ORDER BY c DESC LIMIT 500
Changing the content from an html page to a shell script based on user-agent is a pretty bad abuse of HTTP. Why not at least require `-H 'Accept: text/x-shellscript'`? Or be more basic and give the script its own URL
These are totally legit concerns, while the behaviour of the site has been around for quite sometimes and many ClickHouse installation script may have them so we will keep it for backward compatibility, we will add the usual install.sh url later and start sharing them more often.
(Pull request is in ... it should be deployed on Monday and you can use https://clickhouse.com/install.sh ). Love the feedbacks, please keep them coming!
After looking through some of these malicious packages using your tool, I noticed a trend.. The malicious package usually targets high download count packages and create something similar so the moment they are uploaded, they start getting high number of download... perhaps it can be used as indicator.
Another theory is they have an efficient way and or bypass facebook ratelimit to bruteforce reset victim's password token ... regardless, i would make sure 2fa is enabled for extra precaution... or maybe just take a break from facebook :)
100% this is what I experienced .. I was fine for months after taking the supplement then I went away for holiday, forgot my supplement and the leg cramps at night came back after sometime. When i came home, i started taking it again and the cramps were gone. Just from that experience, it confirmed to me that magnesium deficiency was the root cause.
There were 18 accounts involved - 14 of them are now deleted/deactivated and 4 of them are still active(may have been compromised account)
It seems github did take action and these comments are disappearing :)