OBS User Tsdgg32t2363t36: suspicious behaviour
Hello, the RSS feed for build.opensuse.org showed some suspicious behaviour: https://build.opensuse.org/project/subprojects/home:Tsdgg32t2363t36 The subprojects, filenames, comments in this repository are all flooded with long text files. Look at this package for example: https://build.opensuse.org/package/show/home:Tsdgg32t2363t36:branches:home:d... Maybe OBS User Tsdgg32t2363t36 is looking for some security leaks in obs? Bye, Carsten -- When you say "I wrote a program that crashed Windows", people just stare at you blankly and say "Hey, I got those with the system, *for free*". -- Linus Torvalds
Interesting, the files that are being uploaded are... Screenshots of someone uploading these same files to OBS. For now it appears to be someone testing package branching and file uploads via the API. But I'd watch this closely as it could be someone trying to find a way to host ransomware payloads. Lately there has been all sorts of creative ways to do that, including unusual places like DockerHub (as fake images) and on archive.org (with gibberish descriptions). Premium Services Engineer SUSE On Dec 18, 2021 13:02, Carsten Ziepke <kieltux@gmail.com> wrote: Hello, the RSS feed for build.opensuse.org showed some suspicious behaviour: https://build.opensuse.org/project/subprojects/home:Tsdgg32t2363t36 The subprojects, filenames, comments in this repository are all flooded with long text files. Look at this package for example: https://build.opensuse.org/package/show/home:Tsdgg32t2363t36:branches:home:d... Maybe OBS User Tsdgg32t2363t36 is looking for some security leaks in obs? Bye, Carsten -- When you say "I wrote a program that crashed Windows", people just stare at you blankly and say "Hey, I got those with the system, *for free*". -- Linus Torvalds
Does his Email work, or gives it a bounce? Schöne Grüße Axel -- Written from cell phone - excuses for typos Am 19. Dezember 2021 01:05:08 MEZ schrieb Erico Mendonca <Erico.Mendonca@suse.com>:
Interesting, the files that are being uploaded are... Screenshots of someone uploading these same files to OBS. For now it appears to be someone testing package branching and file uploads via the API.
But I'd watch this closely as it could be someone trying to find a way to host ransomware payloads. Lately there has been all sorts of creative ways to do that, including unusual places like DockerHub (as fake images) and on archive.org (with gibberish descriptions).
Premium Services Engineer SUSE
On Dec 18, 2021 13:02, Carsten Ziepke <kieltux@gmail.com> wrote: Hello,
the RSS feed for build.opensuse.org showed some suspicious behaviour:
https://build.opensuse.org/project/subprojects/home:Tsdgg32t2363t36
The subprojects, filenames, comments in this repository are all flooded with long text files.
Look at this package for example: https://build.opensuse.org/package/show/home:Tsdgg32t2363t36:branches:home:d...
Maybe OBS User Tsdgg32t2363t36 is looking for some security leaks in obs?
Bye, Carsten -- When you say "I wrote a program that crashed Windows", people just stare at you blankly and say "Hey, I got those with the system, *for free*". -- Linus Torvalds
On Sonntag, 19. Dezember 2021, 16:00:40 CET Axel Braun wrote:
Interesting, the files that are being uploaded are... Screenshots of someone uploading these same files to OBS. For now it appears to be someone testing package branching and file uploads via the API.
But I'd watch this closely as it could be someone trying to find a way to host ransomware payloads. Lately there has been all sorts of creative ways to do that, including unusual places like DockerHub (as fake images) and on archive.org (with gibberish descriptions).
thanks, he did not register with a valid e-mail address, so I suspended the account. bye adrian
Premium Services Engineer SUSE
On Dec 18, 2021 13:02, Carsten Ziepke <kieltux@gmail.com> wrote: Hello,
the RSS feed for build.opensuse.org showed some suspicious behaviour:
https://build.opensuse.org/project/subprojects/home:Tsdgg32t2363t36
The subprojects, filenames, comments in this repository are all flooded with long text files.
Look at this package for example: https://build.opensuse.org/package/show/home:Tsdgg32t2363t36:branches:home:d...
Maybe OBS User Tsdgg32t2363t36 is looking for some security leaks in obs?
Bye, Carsten -- When you say "I wrote a program that crashed Windows", people just stare at you blankly and say "Hey, I got those with the system, *for free*". -- Linus Torvalds
-- Adrian Schroeter <adrian@suse.de> Build Infrastructure Project Manager SUSE Software Solutions Germany GmbH, Maxfeldstr. 5, 90409 Nürnberg, Germany (HRB 36809, AG Nürnberg) Geschäftsführer: Ivo Totev
Am 2021-12-20 08:13, schrieb Adrian Schröter:
thanks, he did not register with a valid e-mail address, so I suspended the account.
I can see a very obvious feature request for the OBS software here... automated email validation links. Cheers MH -- Mathias Homann Mathias.Homann@openSUSE.org xmpp: lemmy@tuxonline.tech matrix: @mathias:eregion.de irc: [Lemmy] on liberachat and ircnet obs/pmbs: lemmy04 gpg key fingerprint: 8029 2240 F4DD 7776 E7D2 C042 6B8E 029E 13F2 C102
On Montag, 20. Dezember 2021, 08:40:18 CET Mathias Homann wrote:
Am 2021-12-20 08:13, schrieb Adrian Schröter:
thanks, he did not register with a valid e-mail address, so I suspended the account.
I can see a very obvious feature request for the OBS software here... automated email validation links.
true, but this is not in the hand of OBS here ... (but yes, it is on my wish list since quite some time) -- Adrian Schroeter <adrian@suse.de> Build Infrastructure Project Manager SUSE Software Solutions Germany GmbH, Maxfeldstr. 5, 90409 Nürnberg, Germany (HRB 36809, AG Nürnberg) Geschäftsführer: Ivo Totev
Am 20.12.21 um 08:43 schrieb Adrian Schröter:
Am 2021-12-20 08:13, schrieb Adrian Schröter:
thanks, he did not register with a valid e-mail address, so I suspended the account.
I can see a very obvious feature request for the OBS software here... automated email validation links.
On Montag, 20. Dezember 2021, 08:40:18 CET Mathias Homann wrote: true, but this is not in the hand of OBS here ...
That's a little easy to say - you can very well require the email to work before you allow creating the home project. Greetings, Stephan
On Montag, 20. Dezember 2021, 09:34:20 CET Stephan Kulow wrote:
Am 20.12.21 um 08:43 schrieb Adrian Schröter:
Am 2021-12-20 08:13, schrieb Adrian Schröter:
thanks, he did not register with a valid e-mail address, so I suspended the account.
I can see a very obvious feature request for the OBS software here... automated email validation links.
On Montag, 20. Dezember 2021, 08:40:18 CET Mathias Homann wrote: true, but this is not in the hand of OBS here ...
That's a little easy to say - you can very well require the email to work before you allow creating the home project.
we can develop everything ourself, but not when it is on the requirement list of the authentification system. -- Adrian Schroeter <adrian@suse.de> Build Infrastructure Project Manager SUSE Software Solutions Germany GmbH, Maxfeldstr. 5, 90409 Nürnberg, Germany (HRB 36809, AG Nürnberg) Geschäftsführer: Ivo Totev
participants (6)
-
Adrian Schröter -
Axel Braun -
Carsten Ziepke -
Erico Mendonca -
Mathias Homann -
Stephan Kulow