Disabled discussions

Question

Disabled discussions

Uzlopak opened this issue 3 months ago · comments

Aras Abbasi commented 3 months ago

Please avoid duplicates

I checked all open bugs and none of them matched my problem.

Reproducible test case

Nock Version

Node Version

TypeScript Version

What happened?

@gr2m

A malicious user cufret02 was spamming the repo discussions. I tried to delete some via mobile phone but it was too much. The attack started 6:45 and i stopped it at 7:36 am german time. Maybe this is an attack hidden behind a spam attack, as it resulted in being spammed via email.

Would you be interested in contributing a fix?

yes

Michael Solomon · Answer 1 · Thu Mar 14 2024 15:15:58 GMT+0800 (China Standard Time)

Thanks!

Maybe we can just ban them? In the same way they can open a lot of issues.

Aras Abbasi · Answer 2 · Thu Mar 14 2024 16:32:19 GMT+0800 (China Standard Time)

@mikicho

I dont see the option to do it. Maybe @gr2m or so has more permissions than I, and can ban this user.

Michael Solomon · Answer 3 · Thu Mar 14 2024 16:37:57 GMT+0800 (China Standard Time)

Me too, but it is possible,
https://docs.github.com/en/communities/maintaining-your-safety-on-github/blocking-a-user-from-your-organization

Gregor Martynus · Answer 4 · Fri Mar 15 2024 06:01:15 GMT+0800 (China Standard Time)

Thank you @Uzlopak for taking care of it. You should now have both access to the org moderation tools such as https://github.com/organizations/nock/settings/blocked_users

What should be able to do is to report the user for spamming, if enough people do so in a short amount of time, their account gets blocked.

Gregor Martynus · Answer 5 · Fri Mar 15 2024 06:04:14 GMT+0800 (China Standard Time)

best moderation tool in case of attacks like this is to limit interaction to existing users:
https://github.com/organizations/nock/settings/interaction_limits

I'll delete all the non-sense discussions

Gregor Martynus · Answer 6 · Fri Mar 15 2024 06:10:48 GMT+0800 (China Standard Time)

For the record, here is the script I used

const { Octokit } = require("octokit");

const USER_LOGIN = "cufret02"

const octokit = new Octokit({
  auth: process.env.GITHUB_TOKEN,
});

main();

async function main() {
  // get all discussions
  const result = await octokit.graphql(
    `
    query paginate($cursor: String) {
      repository(owner: "nock", name: "nock") {
        discussions(first: 100, after: $cursor) {
          nodes {
            id
            title
            url
            author {
              login
            }
          }
          pageInfo {
            hasNextPage
            endCursor
          }
        }
      }
    }`
  );

  const discussions = result.repository.discussions.nodes;
  for (const discussion of discussions) {
    if (discussion.author.login !== USER_LOGIN) continue;

    // delete discussion
    await octokit.graphql(
      `
      mutation deleteDiscussion($id: ID!) {
        deleteDiscussion(input: { id: $id }) {
          clientMutationId
        }
      }`,
      {
        id: discussion.id,
      }
    );
    console.log("discussion %s deleted", discussion.title);
  }
}