Abuse report, no images, just malicious links in descriptions #2208
Comments
jinnatar
changed the title
|
I have reported this to our support team for investigation and take down. |
|
Let me add a few more:
Searching for "metashape" on Docker Hub leads to tons more, only the first few entries seem to be genuine, the rest is spam: |
|
On a side note: Is there really no way to report malicious users/images on hub.docker.com directly? |
|
Here's even more pages https://twitter.com/OmgImAlexis/status/1503271248629239814 From my count there most likely more than 100k repos that're purely spam. Edit: I've been reporting this since 2018 https://twitter.com/OmgImAlexis/status/970576831341518849 |
I've been told to open a support ticket every time I find one. 😕 |
|
The end number is the year the account was created. |
|
One more for the pile: https://hub.docker.com/u/kritragmilea Hard to believe this is the best method to report but here we are… |
|
Hi all, We thank you all for reporting all these accounts diligently. We will be taking down all users who breached our Terms of Service without notice. You can reply to this thread if you have found more. Regards, Suzaril Shah |
|
@suzarilshah no offense but Docker Inc. needs to be do more on this. Expecting users to report them one by one isn't working. |
|
@suzarilshah quite a few if not all of the ones I listed above haven't been taken down. I've reported them on twitter and now here. Is there a reason it takes multiple days for something like this to be taken down? |
|
Another one for the pile. |
|
Glad to see nothing at all has been done to fix this. This took me SECONDS to find these. |
|
@suzarilshah what's going to happen here? Does docker have a spam team? Are you guys making any efforts to prevent this or are you seriously expecting us to keep reporting these manually one by one? |
|
Could you also check upon this one https://hub.docker.com/u/redhatopenjdk? |
|
@zdtsw not sure what makes you think that's a spam account. Just looks like a random dev that wanted that name. |
@OmgImAlexis thanks for checking up! From user @apurvann's techblog/index.md @suzarilshah care to take a look this one? |
|
I stumbled onto these seemingly spammy images and found this issue. https://hub.docker.com/search?tab=tags&q=luigi&sort=updated_at&order=desc All of the images have different creators, are pushed at different dates spaced over the last 6 months. I tried to pull one of them to eyeball it but it failed with "manifest unknown". |
I honestly have no clue. From what I've seen in the past with websites they usually expect the owner of those trademarks to contact them when there's an issue otherwise they don't do anything. |
|
Do we still have any docker staff following this issue? If not, any better way to continue this conversation? |
|
Many of those ayamgoyeng containers have been created in the last 2 or 3 months, have 100k+ pulls, and are several hundred MB's in size. That's a considerable amount of network traffic... More concerning is that the images are asociated with a github account that has a single project "my first project" that has a single release with some privacy focused crypto-coin wallet things in it. Timezone is also set to Moscow in the images... This doesn't look particularly great. |
|
Another one: |
|
Another one: |
|
These image look suspicious: https://hub.docker.com/u/wohlvollatal1970 |
|
This still an issue and these can be so easily found, I still to this day don't get why docker hub doesn't do anything about this until it's reported. |
|
You've gotta be kidding me, these are all still up. WTF docker. |
|
And another one for the list. |
|
https://hub.docker.com/u/buzzvemubuch loads of spam |
|
these have still not been removed. it's been well over a year since that comment was posted. |
|
Is the preferred course of action here to find a journalist to highlight Dockers incompetence, or should you perhaps act on an abuse report without the intermediate press cycle? Or is the problem that every repo should be reported separately? I see my original is gone, but many subsequent ones are not. |
|
Honestly i dont know. I do know Docker inc. seems to be ignoring this. |
|
another day and yet i found even more |
|
I've found anoter one..... |
|
Here is a malicious code file I’d like to report on Docker Hub. This code file is a tool helping fabricate disinformation and it violates others publicity rights. https://hub.docker.com/r/xijinping615/xi-jinping-tts |
Problem description
Hub has no built-in abuse reporting, so reporting here instead. The user synlapoolca1970 seems to host only malicious links with no images published.
URL: https://hub.docker.com/u/synlapoolca1970
Task List
The text was updated successfully, but these errors were encountered: