Closed jimaek closed 4 months ago
MartinKolarik
commented
5 months ago I expect they won't be able to log in after GH blocks them, so this is only a question of clearing up the blocked accounts, or setting some flag on our side, but I'm not sure if there's even any use for that flag.
jimaek
commented
5 months ago If they cant login they can still use our pre-generated API keys to continue the abuse. e.g. to run too many purges, or pre-adopt probes and then use the API key to run tests using the free generated credits. I want to cut all access if Github is banned
alexey-yarmosh
commented
4 months ago As I see values from tokens and adopted_probes collections associated with the banned account should be removed. While values from credits collection shouldn't be deleted, as it is more like a history of all of the incomes.
MartinKolarik
commented
4 months ago I guess credits don't matter as long as the user can no longer log in and the tokens were invalidated.
Spammers like creating fresh Github accounts to abuse services like our CDN. They will try to abuse our dashboard too. The good thing is that Github seems to be quick to ban those accounts after a while. So we need a way to sync those bans and disable accounts on our side too.