Temporary freeze on forge accounts

Dear all,

More than 200 accounts created for massive spam purposes have been created on the Orekit forge in 48 hours. 30 of them have been created in the last two hours! These accounts publish a lot of spam on the forge (notably via hundreds of issues created on projects) and many of the links are phishing.

In order to limit spam, the creation of accounts directly on the forge has already been blocked for 4 years. Only OAuth authentication through the Github.com, Gitlab.com and Bitbucket.org platforms was allowed. But all accounts created in the last 48 hours have come from Github.com. So I’ve just temporarily suspended this identity provider, which is pretty much the same as blocking the creation of new accounts on the forge.

I’ll let the storm calm down and the spammers get bored, then I’ll reactivate account creation in a while.

This measure and the situation it leads to are unsatisfactory, but it’s the only way I’ve found to stem the tide and give myself time to clean up our accounts database.

Suggestion not aimed at spammers: If you need to create an account on the Orekit forge, please contact @sdinot, @MaximeJ or @luc. We’ll create the account for you.

1 Like

Thank you @sdinot for taking care of this

1 Like

Dear all,

I’ve just re-enabled the connection (and account creation) via GitHub on our forge to see if the storm has subsided. If it has, great, if not, I’ll have to find another sustainable strategy to block spammers.

Have a nice day!

Unfortunately, the robots haven’t had enough. 25 suspicious accounts were created on our forge in 3 hours.

To curb the problem, I’ve left authentication delegation on GitHub.com and Gitlab.com active, requiring administrator validation of accounts created this way.

Thanks for the vigilance Sébastien.