Abuse report, no images, just malicious links in descriptions

[jinnatar]

Problem description

Hub has no built-in abuse reporting, so reporting here instead. The user synlapoolca1970 seems to host only malicious links with no images published.

URL: https://hub.docker.com/u/synlapoolca1970

Task List

• [x] This is NOT a security issue
• [x] I do NOT have a Docker subscription
• [x] I have looked through other issues and they do NOT apply to me

[jinnatar]

Other users doing the same thing: (they all seem to have something with hackrf in it, which is how I keep finding these)

• https://hub.docker.com/u/rolirecus1975
• https://hub.docker.com/r/precafsubto1974
• https://hub.docker.com/u/tandpillectdon1988
• https://hub.docker.com/u/thorvarave1989
• https://hub.docker.com/u/emledelea1972
• https://hub.docker.com/u/talritinot1975
• https://hub.docker.com/u/togwestgeschsa1979
• https://hub.docker.com/u/holthornrantti1975
• https://hub.docker.com/u/compranbime1976
• https://hub.docker.com/u/inprecanstum1974
• https://hub.docker.com/u/etcakemak1971
• https://hub.docker.com/u/fahbasicbi1978
• https://hub.docker.com/u/berfgoldsickla1975
• https://hub.docker.com/u/gatmerecbi1972
• https://hub.docker.com/u/reicelpine1982

[ingshtrom]

I have reported this to our support team for investigation and take down.

[struffel]

Let me add a few more:

• https://hub.docker.com/u/tabtosupfest
• https://hub.docker.com/u/linknemali
• https://hub.docker.com/u/joybidoube
• https://hub.docker.com/u/itchansapi

Searching for "metashape" on Docker Hub leads to tons more, only the first few entries seem to be genuine, the rest is spam: https://hub.docker.com/search?q=metashape&type=image

[struffel]

On a side note: Is there really no way to report malicious users/images on hub.docker.com directly?

[OmgImAlexis]

Here's even more pages https://twitter.com/OmgImAlexis/status/1503271248629239814

From my count there most likely more than 100k repos that're purely spam.

Edit: I've been reporting this since 2018 https://twitter.com/OmgImAlexis/status/970576831341518849

[OmgImAlexis]

On a side note: Is there really no way to report malicious users/images on hub.docker.com directly?

I've been told to open a support ticket every time I find one. 😕

[OmgImAlexis]

The end number is the year the account was created.

https://hub.docker.com/u/adeqasta- 49 repos - 2021
https://hub.docker.com/u/arlelado - 249 repos - 2020
https://hub.docker.com/u/cafilvesin - 51 repos - 2021
https://hub.docker.com/u/enuntogjust - 200 repos - 2021
https://hub.docker.com/u/esrerasma - 227 repos - 2020
https://hub.docker.com/u/furtnipechou - 49 repos - 2021
https://hub.docker.com/u/heltecoha - 31 repos - 2021
https://hub.docker.com/u/hoblimofett - 232 repos - 2020
https://hub.docker.com/u/liticheta - 249 repos - 2020
https://hub.docker.com/u/neysiodesing - 200 repos - 2021
https://hub.docker.com/u/pedilimo - 33 repos - 2021
https://hub.docker.com/u/polaworklo - 202 repos - 2020
https://hub.docker.com/u/reocreamelom - 219 repos - 2020
https://hub.docker.com/u/roatcombackfo - 47 repos - 2021
https://hub.docker.com/u/seysecsimpwar - 213 repos - 2020
https://hub.docker.com/u/skiduscurock - 207 repos - 2020
https://hub.docker.com/u/snoopalhartu - 207 repos - 2020
https://hub.docker.com/u/travmepteti - 231 repos - 2020
https://hub.docker.com/u/unimcegor - 244 repos - 2020

https://hub.docker.com/u/atxaseto - 220 repos - 2020
https://hub.docker.com/u/evquistepean - 215 repos - 2020
https://hub.docker.com/u/firsconfire - 214 repos - 2020
https://hub.docker.com/u/geeksmecuswo - 227 repos - 2020
https://hub.docker.com/u/renseitlewin - 202 repos - 2020
https://hub.docker.com/u/restlemgeperp - 233 repos 2020
https://hub.docker.com/u/smalevagen - 231 repos - 2020
https://hub.docker.com/u/tapadedla - 206 repos - 2020
https://hub.docker.com/u/timbzafifu - 235 repos - 2020
https://hub.docker.com/u/urevacscot - 49 repos - 2021

https://hub.docker.com/u/steerindyrou - 214 repos - 2020
https://hub.docker.com/u/linkcentfimit - 222 repos - 2020
https://hub.docker.com/u/locklivecom - 221 repos - 2020
https://hub.docker.com/u/tranbirushou - 236 repos - 2020
https://hub.docker.com/u/weitokersren - 217 repos - 2020
https://hub.docker.com/u/percalingco - 222 repos - 2020
https://hub.docker.com/u/surpchopjuggnoc - 215 repos - 2020
https://hub.docker.com/u/jancinistfin - 248 repos - 2020
https://hub.docker.com/u/lieroureting - 48 repos - 2021
https://hub.docker.com/u/brocimpobot - 241 repos - 2020

[littlejackal]

One more for the pile:

https://hub.docker.com/u/kritragmilea

Hard to believe this is the best method to report but here we are…

[suzarilshah]

Hi all,

We thank you all for reporting all these accounts diligently. We will be taking down all users who breached our Terms of Service without notice.

You can reply to this thread if you have found more.

Regards,

Suzaril Shah Docker Inc.

[OmgImAlexis]

@suzarilshah no offense but Docker Inc. needs to be do more on this. Expecting users to report them one by one isn't working.

[OmgImAlexis]

@suzarilshah quite a few if not all of the ones I listed above haven't been taken down. I've reported them on twitter and now here.

Is there a reason it takes multiple days for something like this to be taken down?

[karmapop]

@suzarilshah

Another one for the pile.

https://hub.docker.com/u/nvestaboggting

[OmgImAlexis]

Glad to see nothing at all has been done to fix this.

This took me SECONDS to find these.

https://hub.docker.com/r/stanonaril/free-download-game-tradewinds-3-full-16-gemintris
https://hub.docker.com/r/inprimlowsche/shoemaster-qs-10-02-crack-extra-quality
https://hub.docker.com/r/stanonaril/hypernova-escape-from-hadea-free-download-addons-nesbiren
https://hub.docker.com/r/lintamalo/sinhala-history-bookspdf
https://hub.docker.com/r/gorjugega/320kbps-mp3-bollywood-songs-download
https://hub.docker.com/r/biodanhowhip/star-trek-yamato-class
https://hub.docker.com/r/dinsehardva/donde-puedo-ver-videos-de-pedofilia
https://hub.docker.com/r/jamentitul/comentariu-literar-la-poezia-plumb-de-iarna-de-george-bacovia
https://hub.docker.com/r/crusaccestee/program-traducere-subtitrare-din-engleza-in-romana
https://hub.docker.com/r/figinglandlo/crysis3englishlanguagepack

[OmgImAlexis]

@suzarilshah what's going to happen here? Does docker have a spam team? Are you guys making any efforts to prevent this or are you seriously expecting us to keep reporting these manually one by one?

[zdtsw]

Could you also check upon this one https://hub.docker.com/u/redhatopenjdk? Images from this user have nothing to do with openjdk nor redhat.

[OmgImAlexis]

@zdtsw not sure what makes you think that's a spam account. Just looks like a random dev that wanted that name.

[zdtsw]

@zdtsw not sure what makes you think that's a spam account. Just looks like a random dev that wanted that name.

@OmgImAlexis thanks for checking up! Does docker allow any individual create any username to publish images, including Trademarker (i.e redhat openshift openjdk etc) For me, this one is trying to mislead other users to download images with name e.g "redhat-openjdk18-openshift" but it is actually something for Tensorflow. esp. RedHat has it is offical image "registry.access.redhat.com/redhat-openjdk-18/openjdk18-openshift"

From user @apurvann's techblog/index.md However, the image which is recommended for building Java based images, might not actually work for some people (As one of my attempts, I tried *redhatopenjdk/redhat-openjdk18-openshift* image but it didn't work for me) that's the consequence when confusing user. I believe with 10k+ downloads count, most of them were done by mistaken.

@suzarilshah care to take a look this one?

[RoryMMMM]

I stumbled onto these seemingly spammy images and found this issue. I've been searching for an image for python Luigi pipeline tool. I stumbled onto hundreds of what look like auto-generated images that follow the same recipe:

Image name: <meaningless text>/website
Description: <random int> year old <random job> Luigi <random name> from <random place> has <random hobbies> 

https://hub.docker.com/search?tab=tags&q=luigi&sort=updated_at&order=desc

All of the images have different creators, are pushed at different dates spaced over the last 6 months. I tried to pull one of them to eyeball it but it failed with "manifest unknown".

[OmgImAlexis]

@OmgImAlexis thanks for checking up! Does docker allow any individual create any username to publish images, including Trademarker (i.e redhat openshift openjdk etc) For me, this one is trying to mislead other users to download images with name e.g "redhat-openjdk18-openshift" but it is actually something for Tensorflow. esp. RedHat has it is offical image "registry.access.redhat.com/redhat-openjdk-18/openjdk18-openshift"

I honestly have no clue. From what I've seen in the past with websites they usually expect the owner of those trademarks to contact them when there's an issue otherwise they don't do anything.

[zdtsw]

Do we still have any docker staff following this issue? If not, any better way to continue this conversation? @suzarilshah @dieucao @izzychu

[Burekasim]

https://hub.docker.com/r/ayamgoyeng

[RoryMMMM]

Many of those ayamgoyeng containers have been created in the last 2 or 3 months, have 100k+ pulls, and are several hundred MB's in size. That's a considerable amount of network traffic...

More concerning is that the images are asociated with a github account that has a single project "my first project" that has a single release with some privacy focused crypto-coin wallet things in it. Timezone is also set to Moscow in the images...

This doesn't look particularly great.

[h1pmnh]

Another one: https://hub.docker.com/u/bemapasle

[vallieres]

Another one: https://hub.docker.com/u/ulminase

[jozefizso]

These image look suspicious: https://hub.docker.com/u/wohlvollatal1970

[OmgImAlexis]

This still an issue and these can be so easily found, I still to this day don't get why docker hub doesn't do anything about this until it's reported.

https://hub.docker.com/r/kegvifarto/native-instrument-komplete-9-ultimate-torrent-top
https://hub.docker.com/r/aperbulme/shri-muhurta-13-portable-astrology-104-free
https://hub.docker.com/r/tripupanin/assassins-creed-brotherhood-crack-file

[OmgImAlexis]

You've gotta be kidding me, these are all still up. WTF docker.

https://github.com/docker/hub-feedback/issues/2208#issuecomment-1123148425

[Rohaq]

And another one for the list.

bosnebacktea1974

[regisbsb]

https://hub.docker.com/u/buzzvemubuch loads of spam

[ImLunaHey]

@suzarilshah https://github.com/docker/hub-feedback/issues/2208#issuecomment-1123148425

these have still not been removed. it's been well over a year since that comment was posted.

[ImLunaHey]

https://twitter.com/OmgImAlexis/status/1718047747725779377

[jinnatar]

Is the preferred course of action here to find a journalist to highlight Dockers incompetence, or should you perhaps act on an abuse report without the intermediate press cycle? Or is the problem that every repo should be reported separately? I see my original is gone, but many subsequent ones are not.

[ImLunaHey]

Honestly i dont know. I do know Docker inc. seems to be ignoring this.

[ImLunaHey]

another day and yet i found even more

[BCArchAngel]

I've found anoter one..... https://hub.docker.com/u/brugcarrahan - 221 Repos - Joined 2020

[Kylie1004]

Here is a malicious code file I’d like to report on Docker Hub. This code file is a tool helping fabricate disinformation and it violates others publicity rights. https://hub.docker.com/r/xijinping615/xi-jinping-tts Such act is forbidden in Docker’s Terms of Service, Privacy and Restrictions on Use 3.3g “Use the Service to violate the legal rights (such as rights of privacy and publicity) of others”, and also 3.3h “Promote or encourage illegal activity”. In July 2019, the House of Representatives and the Senate introduced the Deep Fake Reporting Act of 2019, in which fabricated audio intend to mislead should be forbidden. I still can’t believe there are still illegal information and content violations as such. Hope somebody will show up and remove this malicious code file.