Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Security report on bots looking for (probably) this action on deployed files #479

Open
ngeorger opened this issue Sep 10, 2024 · 1 comment
Open

Security report on bots looking for (probably) this action on deployed files #479

ngeorger opened this issue Sep 10, 2024 · 1 comment

Comments

@ngeorger
Copy link

Bug Description
Not a bug, just a report. I'm getting requests looking for (probably) sites that use this acton on their workflows. I'm not using this action, but I think it could be relevant to report that there are active bots looking for this.
Regards!
image
@OliverMichalik
Copy link

Shortly after I started using this action, my server got infected with 'pefctl' (bitcoin miner). The process runs under the user I used for this action.

The credentials were saved only in the Secrets and used only for this action.

I cannot 100% confirm that this action caused the compromise of my credentials, but there is a possibility that something is going on, considering that bots are scanning for the ftp deploy file.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
2 participants
@ngeorger @OliverMichalik