Malicious Party Triggers GitHub E-Mail Notifications Spam in EpicGames Unreal Engine Developer Group
Epic adds developers that receive access to the Unreal Engine source code to a developer group.
The group has 394k people.
One person created a shitpost pull request, and tagged the entire group.
Tagging them subscribes them to the discussion, notifying them about new comments.
I assume by default, GitHub sends notification emails.
A lot of people continue to post comments on that PR that 394k people are now subscribed to, triggering more and more notification emails.
A real shitshow.
I’m glad I disabled email notifications a long time ago.
I regularly visit the GitHub Inbox instead, and can read and manage my notifications there, deliberately and dedicatedly.
I only had one notification in the GitHub notifications, and can unsubscribe with a single click. :)
Reporting Spam on GitHub is Infeasible
I tried reporting spam. There was a second PR like this too, where the creator tagged the entire group.
Spam reports require you to navigate a three layer issue/support request categorization, and then provide a comment with minimum text.
And after two such reports, they put you on a multiple minute cooldown.
Atrocious for a platform that needs moderation and reports.
I would understand such rate limiting for questionable, new accounts. But mine should be obviously trustworthy. Setting up form barriers and rate limiting spam reporting like that is astonishing, irritating, frustrating, and makes you lose confidence in their moderating of spam.
Because they are considered support requests, or at least go onto the same cooldown logic, you can not even send in other types of support requests during the cooldown period.