Need a little help from my friends

AJ ONeal (Home) coolaj86 at gmail.com
Fri Mar 22 16:38:45 MDT 2019


>
> The current owner of that username on github is *not* a spammer.  There is
> no content on the profile, repos, etc. that shows spamming like behavior.
> Therefore reporting this user as a spammer is dishonest and likely won't
> have an effect.  A moderator will take a look at the account and see no
> spamming and ignore the reports.
>

I should have said "malicious" rather than "spam". I meant "spam"
generically as in "bot" / "junk" / "disruptive" / "attacker".


> Additionally, starting a mob campaign to abuse the "Report User" function
> is unethical.  You should use proper channels to get support from Github.
>

I've reported it myself and I'm asking those who know me to do the same.
That *is* the proper support channel.


> The current profile shows the account was created March 9, 2019.  If your
> account was hacked then deleted so the new owner could start over, then you
> have a good clear case for Github support to reclaim your username.
>

I moved from https://github.com/coolaj86 to https://github.com/solderjs
My intent was to wait a few weeks to give Google time to follow the 302s
and then protect myself from such an attack by recreating the account under
my old name. However, when I went back to do so, the attacker had already
made their move.

Had my account been a generic name that many people would like to use, then
we could say that perhaps the attacker was not an attacker, just eager and
lucky.

However, coolaj86 is a brand name that I've used exclusively. The only
other coolaj86s on the Internet are spam accounts - typically porn (such as
the .org and .net of the same name, which I once owned and let lapse since
I only used the .com).

https://donatstudios.com/GithubsTotalSecurityFacepalm
https://www.technadu.com/account-hijacking-github-chaos-kodi-community/60903/

In the case of go-bindata, the person who "hijacked" the account was trying
to restore broken functionality. Since the redirects were proper and the
repositories were not deleted, we can safely say that the attacker is not
trying to restore something broken.

I do see one other possible option:
It may have been someone who knew about the vulnerability and, fearing that
something might go wrong in the future, decided to take action now.

In that case, however, I believe that it would have been ethical and
appropriate for them to reach out to me.

At first I also thought that perhaps I did it late one night and forgot
about it, but the email address I've been using for the transitional
accounts didn't have an email about a new github account it and there is no
public information - and I'm fairly certain I would have put up something
like I have on twitter alerting people where the content was moved.


More information about the PLUG mailing list