Interesting, the files that are being uploaded are... Screenshots of someone uploading these same files to OBS. For now it appears to be someone testing package branching and  file uploads via the API. 

But I'd watch this closely as it could be someone trying to find a way to host ransomware payloads. Lately there has been all sorts of creative ways to do that, including unusual places like DockerHub (as fake images) and on archive.org (with gibberish descriptions).


Premium Services Engineer
SUSE

On Dec 18, 2021 13:02, Carsten Ziepke <kieltux@gmail.com> wrote:
Hello,

the RSS feed for build.opensuse.org showed some suspicious behaviour:

https://build.opensuse.org/project/subprojects/home:Tsdgg32t2363t36

The subprojects, filenames, comments in this repository are all flooded
with long text files.

Look at this package for example:
https://build.opensuse.org/package/show/home:Tsdgg32t2363t36:branches:home:duwe:matrix/coeurl

Maybe OBS User Tsdgg32t2363t36 is looking for some security leaks in
obs?

Bye,
Carsten
--
When you say "I wrote a program that crashed Windows", people just
stare at you blankly and say "Hey, I got those with the system, *for
free*". -- Linus Torvalds