GitHub и репы с DDoS-инструментами

В продолжение темы про GitHub: в прошлой заметке описывается случай блокировки аккаунта за оставленный комментарий, содержащий слово «пидор». Причина — нарушение правил сообщества («гомофобные оскорбления»). Реакция модераторов была незамедлительной и безжалостной. Ну, т.е. они могут работать быстро, когда захотят.

А вот другая история: не секрет, что после начала событий 2022 года на GitHub стали выкладываться многочисленные репозитории с инструментами (и детальными инструкциями) для проведения DDoS-атак на инфраструктуру российских предприятий (интернет-провайдеры, банки, гос. органы и пр.). Курированием всего этого занималась т.н. «ИТ-армия Украины». На удивление, такие репозитории здравствуют до сих пор, хотя напрямую и нарушают правила GitHub.

Мы, как добропорядочные граждане GitHub, пишем репорт через их форму подачи жалобы:

Oct 29, 2024, 1:48 PM UTC

Report Content:
https://github.com/danieldanielecki; https://github.com/danieldanielecki/IT-ARMY-of-Ukraine-Resources-in-English; https://github.com/danieldanielecki/IT-ARMY-of-Ukraine-Resources-in-English; https://github.com/MatrixTM/MHDDoS; https://github.com/epsylon/ufonet; https://github.com/erkexzcx/stoppropaganda; https://github.com/palahsu/DDoS-Ripper; https://github.com/D3pR4V3d/norussian; https://github.com/Arriven/db1000n; https://github.com/breakerspace/weaponizing-censors; https://github.com/Luzhnuy/attacker; https://github.com/alexmon1989/russia_ddos; https://github.com/AlexTrushkovsky/NoWarDDoS; https://github.com/SlavaUkraini2022/ddos_for_glory_of_ukraine; https://github.com/UA-IT-Army/aggressor-sites; https://github.com/muterussia/MuteRussia; https://github.com/smrt-fascismu/RuskiBot-Reddit; https://github.com/RusskijKorablIdiNaxuj/RusskijKorablIdiNaxuj; https://github.com/metastck/putler-doser; https://github.com/ajax-lives/NoRussian; https://github.com/opengs/uashield; https://github.com/opengs/itarmykit; https://github.com/vnestoruk/ban-dera

Reason
Actively running malicious software or the active exploitation of vulnerabilities for the purpose of compromising security or causing harm.

Comments
Dear GitHub Support Team,

I am writing to report a repository that appears to be in violation of GitHub’s Acceptable Use Policies. This repository contains tools and documentation for conducting DDoS attacks, which fall under prohibited content per GitHub’s terms, specifically under the sections:

“Exploits and malware” - which prohibits repositories containing malware, exploits, or any tools designed to compromise or harm third-party systems.
“Violations of the law” - as DDoS attacks are illegal under cybersecurity laws in many jurisdictions.
By hosting this content, the repository not only breaches GitHub’s policies but also risks promoting illegal activities, which could harm GitHub’s community and reputation.

Please consider this report as a request for review, and if applicable, I would appreciate appropriate action being taken to prevent further abuse of the platform.

Thank you for your attention and prompt action.

Получаем первичную отписку:

GitHub Trust & Safety (GitHub Support)

Oct 31, 2024, 5:23 PM UTC

Hi,

Thanks for taking the time to let us know. Our team is currently investigating the account in question to determine if their content or conduct violates GitHub's Terms of Service.

Please let us know if we can help in any other way.

Regards,
GitHub Trust & Safety

Проходит почти месяц, дальнейшей реакции нет, все репозитории на месте. Напоминаем:

On 22 Nov 2024, at 18:05
Hello,

I am writing to express my concern regarding the length of time it is taking for GitHub to investigate a particular repositories. It has been several weeks since I reported the issue, and there has been no progress in resolving it.

I am worried that the problematic repositories is still publicly available on your platform. This is a serious problem that needs to be addressed promptly. I would appreciate it if you could provide me with an update on the status of the investigation and let me know when the content will be removed.

Thank you for your attention to this matter. I look forward to hearing from you soon.

Проходит еще месяц и вновь напоминаем:

Jan 8, 2025, 8:49 AM UTC

Dear GitHub Support Team,

I am following up on my previous report regarding a repositories that appears to violate GitHub's Acceptable Use Policies. Specifically, the repository contains tools and instructions for conducting DDoS attacks, which falls under your prohibition of active malware or exploits as outlined in your policy:

“You may not use GitHub to directly support unlawful attacks that cause technical harm”
“Examples of technical harm include overconsumption of resources (e.g., cryptomining, denial of service)”
It has now been over two months since my initial report, and the repository remains publicly accessible. This delay poses serious risks, as it potentially facilitates illegal activity and compromises the security of GitHub’s user community.

I kindly request an update on the status of your investigation and a timeline for resolving this issue. Given the severity of the situation, I urge you to prioritize reviewing and removing the offending content as soon as possible.

Thank you for your attention to this matter. I look forward to your prompt response.

Спустя две недели получаем отписку:

GitHub Trust & Safety (GitHub Support)

Jan 22, 2025, 7:07 PM UTC

Hi,
 
Our team is currently investigating the accounts in question to determine if their content or conduct violates GitHub's Terms of Service.
 
Regards,  
GitHub Trust & Safety

Т.е. прошло без малого три месяца, а они все еще изучают, являются ли репозитории со скриптами для DDoS-атак нарушением их правил или нет.

В общем, за «пидор» — сразу бан, за репы с Exploits and malware и Violations of the law — многомесячное жевание соплей.