PyPI and GitLab victims of hacker attacks

Spammers flooded the Python Package Index (PyPI) portal and the GitLab website with unwanted content, flooding them with ads for suspicious sites and services.

Both sites are flooded with unwanted content over the weekend

The attacks were not related to each other. The largest of the two attacks occurred on PyPI, the official package repository for the Python programming language, and a website that hosts tens of thousands of Python libraries. Over the past month, spammers have been abusing the fact that anyone can create entries on a PyPI site to generate pages for non-existent Python libraries that basically served as giant SEO ads for various suspicious sites.

The pages usually contained many search engine-friendly keywords for a variety of topics, from games to pornography and from streaming movies to gifts, as well as an abbreviated link at the bottom, which often leads to a website trying to get payment card information. The PyPI team said they are aware of the flood of SEO spam emails, saying their team is working to fix the problem. But while the unwanted PyPI attack seems to last at least a month, a new one has been discovered on GitLab, a site that allows developers and companies to host and sync work on source code repositories.

A hitherto unknown hacker sent an Issue Tracker on Sunday and Monday for thousands of GitLab spam projects that sent email to account holders. Just like spam on PyPI, this spam also redirected users to suspicious sites. Things are now returning to normal, but both incidents show the danger of leaving the system open and unprotected on the Internet.

Source: Zdnet


Source: PC Press by pcpress.rs.

*The article has been translated based on the content of PC Press by pcpress.rs. If there is any problem regarding the content, copyright, please leave a report below the article. We will try to process as quickly as possible to protect the rights of the author. Thank you very much!

*We just want readers to access information more quickly and easily with other multilingual content, instead of information only available in a certain language.

*We always respect the copyright of the content of the author and always include the original link of the source article.If the author disagrees, just leave the report below the article, the article will be edited or deleted at the request of the author. Thanks very much! Best regards!