Closed jimaek closed 4 months ago
I expect they won't be able to log in after GH blocks them, so this is only a question of clearing up the blocked accounts, or setting some flag on our side, but I'm not sure if there's even any use for that flag.
If they cant login they can still use our pre-generated API keys to continue the abuse. e.g. to run too many purges, or pre-adopt probes and then use the API key to run tests using the free generated credits. I want to cut all access if Github is banned
As I see values from tokens
and adopted_probes
collections associated with the banned account should be removed. While values from credits
collection shouldn't be deleted, as it is more like a history of all of the incomes.
I guess credits don't matter as long as the user can no longer log in and the tokens were invalidated.
Spammers like creating fresh Github accounts to abuse services like our CDN. They will try to abuse our dashboard too. The good thing is that Github seems to be quick to ban those accounts after a while. So we need a way to sync those bans and disable accounts on our side too.