this post was submitted on 13 Jun 2026
24 points (85.3% liked)

Programming

27246 readers
176 users here now

Welcome to the main community in programming.dev! Feel free to post anything relating to programming here!

Cross posting is strongly encouraged in the instance. If you feel your post or another person's post makes sense in another community cross post into it.

Hope you enjoy the instance!

Rules

Rules

  • Follow the programming.dev instance rules
  • Keep content related to programming in some way
  • If you're posting long videos try to add in some form of tldr for those who don't want to watch videos

Wormhole

Follow the wormhole through a path of communities !webdev@programming.dev

founded 3 years ago
MODERATORS
snowe@programming.dev
Ategon@programming.dev
UlrikHD@programming.dev
bugsmith@programming.dev
Spyro@programming.dev
24
We made 75 private repos public on a timer. The internet noticed in 6 minutes. (codatus.com)
submitted 2 hours ago by peternovakdev@programming.dev to c/programming@programming.dev
6 comments fedilink hide all child comments
 

Live AWS keys in 75 throwaway repos, each made public for one of five windows from 60 seconds to 12 hours, every use logged. The keys were tripwires; the real question was who notices a private repo going public, and what they do once they're in.

The most useful finding is the dull one: re-hiding the repo does nothing. One busy harvester kept re-validating the captured keys for a day after the repos went private again. Only rotating the key stops it.

This came out of building a monitor for exactly these repo-setting changes.

top 6 comments
sorted by: hot top controversial new old
[–] squaresinger@lemmy.world 23 points 2 hours ago (1 children)

Info for anyone reading, while the read was quite interesting, the whole article turned out to be an ad.

[–] FrostyPolicy@suppo.fi 6 points 2 hours ago

From the post description this made it obvious it's an ad for something. Otherwise it sounded like someone actually made reasearch on the subject.

This came out of building a monitor for exactly these repo-setting changes.

[–] setsubyou@lemmy.world 7 points 2 hours ago (1 children)

It’s really not surprising that it’s so fast, since you can easily get newly created repos and repos made public from a github API (the “list public events” one at /events). Makes sense that people are polling this and feeding it to TruffleHog.

[–] squaresinger@lemmy.world 3 points 1 hour ago

I guess the rather consistent 6 minutes don't come from it actually taking so long but rather from some kind of caching that only makes these repos show up after 5 minutes plus 1 minute for fetching and using the api key.

[–] vk6flab@lemmy.radio 4 points 2 hours ago

There's hardly any cost to a bot operator, malicious , opportunistic or legitimate, to hit your end-point, so once they found a reason to hit it, hitting it a million more times costs cents.

Operators like Meta seem to make it a sport, trying to hit you with multiple parallel requests from multiple sources, across both IPv4 and IPv6 simultaneously, resulting in an effective DDoS for small and medium end point owners and increasing costs significantly for anyone trying fruitlessly to stay ahead of their onslaught.

The malicious traffic by contrast, attempts to sneak in a request with dynamic rate throttling as part of their attempts to stay hidden.

Between these two extremes are the opportunistic operators who hit the same 404 endpoint day after day, hour after hour, minute by minute, for weeks with specific blocks the only remedy.

There are plenty of legitimate bots that quietly go about their business, hitting you every couple of seconds, leaving you alone for long stretches, incrementally crawling, honouring the robots.txt file and generally acting the way a considerate adult might. They've been getting lower and lower in numbers over the years.

Source: I have logs.

[–] MonkderVierte@lemmy.zip 3 points 2 hours ago

There are criminal but professsional groups with million-$ budgets out there.