this repository is malicious because it distributes malware
it is self evident.
https://git.rwth-aachen.de/nick.tokariev/gi4/-/issues/1
Hi, @diehard88.
While this site is using GitLab to host malware, it is not affiliated with GitLab the company itself.
I would suggest getting in touch with their ISP.
Name resolution:
git.rwth-aachen.de. 83649 IN A 134.130.122.52
Abuse information for the IP address above:
OrgAbuseHandle: ABUSE3850-ARIN
OrgAbuseName: Abuse Contact
OrgAbusePhone: +31205354444
OrgAbuseEmail: abuse@ripe.net
OrgAbuseRef: https://rdap.arin.net/registry/entity/ABUSE3850-ARIN
1 Like
I noticed that too, the domain is not gitlab’s.
I investigated a bit further and realized they are the gitlab of the rwth aachen university in germany.
they are legit.
the malicious link was posted in a comment by a new user within a major repository.
I am notifying the admins.
what pisses me off is the fact that this crap was being advertised in the google app.
thanks for the heads up.
ou como diria o romário: svaleu!
2 Likes
found another comment from a newly created bogus issue within a different repository.
https://git.rwth-aachen.de/nick.tokariev/gi4_uebung01/-/issues/1
Unfortunately, posting here about it doesn’t help since nobody here can block it or do anything about it - only the people who administer that Gitlab instance which means contacting whoever manages https://git.rwth-aachen.de/.
It’s a Gitlab installation totally outside of Gitlab’s control. If these repositories were hosted on gitlab.com then it would make sense to report them here. This is effectively a private installation of Gitlab, just like when I install Gitlab myself on my own server.
All you are effectively doing is promoting those links by adding them here to your post so that more people can find them.
I am requesting Gitlab Admins/Mods to close this topic and remove the links because this forum is now inadvertently being used to propagate those malware links so that more people find them. Please do not post any more links here unless they are actually repositories hosted on gitlab.com
1 Like
and you are promoting censorship.
So, you agree to promoting malware, with what you just said in reply to me. You accuse me of censorship, when you were complaining about people having repositories with malware in the first place.
In which case, the fact you are complaining that by removing the links to said malware is censorship, then that makes your posts nothing more than spam, trying to promote malware. Because otherwise you would agree with me that the links should be removed, since search engines, etc, index this site, increasing the promotion of these malware repositories.
I agree that you are promoting the censorship of my alerts.
The community needs to be aware of existing threats.
The aachen gitlab team just removed both comments, problem solved.
Let’s keep the discussion civilized and on-topic.
@iwalker has a good point that linking to the sites you mentioned has the effect of promoting them on search engines.
At the same time, I appreciate your point about wanting to remove the malware.
@diehard88, please consider quoting your links https://example.com/like/this so they’re not clickable or followed by search engines.
Thanks & obrigado.
2 Likes
Hello @diehard88,
Please understand that neither GitLab staff nor community members on this forum can remove malicious content from self-hosted GitLab instances. This power lies solely with the administrator of the specific GitLab instance hosting the content. In the future, the most effective way to address such issues is to report abuse directly to the administrators of the instance.
As a member of the GitLab Security team, I genuinely understand and share your concerns when finding GitLab is being used to host or distribute malware. However, it’s important to note that sharing links to malware on the GitLab forum can lead to unintended consequences. These links will be viewed by many others and indexed by search engines, increasing the likelihood that people will discover and download the malware you’re reporting. I’m sure it wasn’t your intention to make malware more accessible, but unfortunately, sharing direct, unedited links to malware-containing web pages in a public forum can have that effect. Whenever I share a link containing potentially malicious or sensitive content, I modify the https::// to hxxps:// so that anyone visiting that URL must make an informed decision and concerted/intentional effort before they can access it.
As the malicious content has been removed, I’ve decided to leave this topic open and not redact the (now) non-working URLs for the sake of Transparency.
If you find security issues like this in the future, please first verify whether the content is hosted on GitLab.com. If it is hosted on GitLab.com, please create a Confidential Security Issue to report it. If it’s not hosted on GitLab.com, please reach out to the administrators of the instance hosting the content.
2 Likes
I understand. Another way to relay this type of information is by posting screenshots instead of URL’s.
I like the suggestion of quoting links. The URL you provided as example is indeed not clickable, though it is clickable in the email I received from the forum.
Peace.
got it.
I asked aachen gitlab the reason for using this gitlab’s community forum and not their own.
please see screenshot.
peace.
this is getting worse.
I found another self-hosted gitlab called gitlab dot pasteur dot fr.
Their support and community forum links point to yours. Are they active here? I couldn’t find them.
their self-hosted gitlab is a mess.
this screenshot shows a repository with almost 400 issues, all of them posted with URL’s to download malware.
Hey @diehard88 ,
Using this “Community forum” link in self-hosted instance is never the right approach, as this is “baked into” the GitLab Instance and AFAIK cannot be changed (or even if it can be, I believe noone actually does). I believe it was anyways supposed to be just a link to get help around GitLab itself, not a support of that specific IT that manages instance.
Normally, there is a way to “Report Abuse”. E.g. for issues, there should be available an option like this:
4 Likes
FYI. I have edited the posts above and changed the URLs to code formatted snippets.
This GitLab community forum is embedded as URL into the GitLab self-managed and SaaS menus. Please refrain from continuing posting abuse reports here - and follow @paula.kokic suggestion to use the direct “report abuse” actions in issues and profiles. Thanks.
4 Likes