PyPI and GitLab Witness Spam Attacks
The GitLab, a source code hosting website, and the Python Package Index (PyPI) portal both are flooded with advertisements for shady websites and assorted services by the spammers. However, both the attacks have no links to each other.
The PyPI attack in which it is flooded with more than 10,000 listings is the biggest of the two attacks. The Python Package Index (PyPI) is a Python programming language software repository. PyPI allows the user to search and install Python community applications. To deliver their applications, package developers use PyPI. It also hosts tens of thousands of Python libraries. The fact that anybody can create entries in PyPI’s website for Python Libraries, which were essentially used as massive SEO advertising for various shady pages, lately has been misused by the spammers.
These pages typically featured a broth of search-engine-friendly keywords for different topics that varied from games to pornography and films to presents, and a compressed link at the bottom, mostly pointing to a platform attempting to receive data from the payments card.
Though the PyPI team has accepted and affirmed that they are aware of the SEO spam flood. “Our admins are working to address the spam,” stated Ewa Jodlowska, Executive Director of the Python Software Foundation. She further added, “By the nature of pypi.org, anyone can publish to it, so it is relatively common.”
Although the PyPI spam attack seems to have been going on for at least a month, another new attack has been found at GitLab, a website that allows developers and companies to host and sync the work on source code repositories. A danger that is still unidentified seems to spam the Issues Tracker for thousands of GitLab ventures that each prompted an e-mail to account owners with spam contents. Similar to PyPI spam, these comments have diverted users to shady websites.
Certainly, GitLab was not prepared for any such attack since the e-mail infrastructure had slackened, interrupted, and queued legit e-mails according to an incident status report published by the company. They said, “We confirmed that mail latency was caused by a user’s spam attack. Mitigation is in progress, as we drain the offending job processing queues.”
Spamming source code repository seems to be a new strategy for spamming communities, who have generically targeted their comments of shady links on websites, forums, and news portals in recent years. Although spam isn’t an attractive attack vector, many businesses frequently struggle to protect servers, web applications and subdomains and often end up exploiting these services to host or actually participate in spam attacks.