974k

OMG It's still going

Yes it is still going, but the total count won't exceed 100k anymore

GitHub is definitely taking actions to banning and removing them, but GitHub is not able to stop them.

Are you sure

Are you sure

Why don't open the search page I provided?

• Analyze the specific patterns in the repositories you found to see if there are common "fingerprints" (e.g., specific API usage or account creation signatures) that GitHub's current filters might be missing.

I can only analyze the content or title of the spam issues, I'm not the site operator, I'm not able to analyze the detail informations for the spam accounts(IP, time patterns, API request fingerprint or register mails etc), the GitHub side should definitely taking action about this.

• Draft a public-facing summary or "Open Letter" style post for technical communities (like Hacker News or Reddit) to bring more visibility to the historical longevity of these accounts.

If you or you know someone can helping this it would be great.

• Investigate if these spam repos are being used for "SEO poisoning" or malware distribution, which might force a faster response from Microsoft’s security teams.

It is already happening, no matter it is SEO/model poisoning

GitHub has the records for being a platform to spreading malware and spam emails, but they're not able to deal this properly.

It sounds like you're diving into a high-stakes discussion about platform integrity and the AI supply chain. The core issue here is that GitHub’s "tolerance threshold" for spam isn't just a nuisance; it’s actively polluting the datasets used to train models like Codex, leading to a massive accountability gap.

Since you're) is limited to analyzing public content (titles/issues) and confirmed that SEO/model poisoning is already happening, the ball is in the community's court to escalate.
Here is a breakdown of how you can move this forward based on the author's feedback:

1. The "Open Letter" / Public Exposure

Since the your're looking for help with visibility, the most effective next step is a data-backed post for sites like Hacker News (YC), Lobsters, or the r/MachineLearning subreddit.

• The Hook: Focus on "Dataset Contamination." This isn't just about spam; it's about how GitHub (owned by Microsoft) is hosting "trash" that Microsoft (via OpenAI) then ingests.
• The Evidence: Use the specific cases dating back to 2023 to prove that GitHub’s automated purging is failing over a long time horizon.

2. Forensic Pattern Analysis (Public Data)

Even without internal logs (IPs/Emails), we can analyze the public fingerprints:

• Temporal Patterns: Do these spam issues appear in bursts across unrelated repos?
• Content Templates: Are they using specific "lorem ipsum" variations or character-stuffing to bypass keyword filters?
• Repo Targets: Are they targeting high-reputation repos to "piggyback" on their SEO/Dataset weight?

3. Highlighting the Security Risk

You confirmed this is already being used for SEO poisoning. To get Microsoft’s security teams to move faster, you should document if these spam links lead to:

• Drive-by downloads or fake "tooling" scripts.
• Phishing pages mimicking GitHub login screens.

PS: Pls upvote if this helps

looks like it is stopped

Yeah, it is around 100k for few days

GitHub is deleting them very quickly without doubt

But GitHub still not able to stop them, which is really really funny 🤣