hub-feedback
hub-feedback copied to clipboard
docker
Abuse report, no images, just malicious links in descriptions
Problem description
Hub has no built-in abuse reporting, so reporting here instead. The user synlapoolca1970 seems to host only malicious links with no images published.
URL: https://hub.docker.com/u/synlapoolca1970
Task List
- [x] This is NOT a security issue
- [x] I do NOT have a Docker subscription
- [x] I have looked through other issues and they do NOT apply to me
Other users doing the same thing: (they all seem to have something with hackrf in it, which is how I keep finding these)
- https://hub.docker.com/u/rolirecus1975
- https://hub.docker.com/r/precafsubto1974
- https://hub.docker.com/u/tandpillectdon1988
- https://hub.docker.com/u/thorvarave1989
- https://hub.docker.com/u/emledelea1972
- https://hub.docker.com/u/talritinot1975
- https://hub.docker.com/u/togwestgeschsa1979
- https://hub.docker.com/u/holthornrantti1975
- https://hub.docker.com/u/compranbime1976
- https://hub.docker.com/u/inprecanstum1974
- https://hub.docker.com/u/etcakemak1971
- https://hub.docker.com/u/fahbasicbi1978
- https://hub.docker.com/u/berfgoldsickla1975
- https://hub.docker.com/u/gatmerecbi1972
- https://hub.docker.com/u/reicelpine1982
I have reported this to our support team for investigation and take down.
Let me add a few more:
- https://hub.docker.com/u/tabtosupfest
- https://hub.docker.com/u/linknemali
- https://hub.docker.com/u/joybidoube
- https://hub.docker.com/u/itchansapi
Searching for "metashape" on Docker Hub leads to tons more, only the first few entries seem to be genuine, the rest is spam: https://hub.docker.com/search?q=metashape&type=image
On a side note: Is there really no way to report malicious users/images on hub.docker.com directly?
Here's even more pages https://twitter.com/OmgImAlexis/status/1503271248629239814
From my count there most likely more than 100k repos that're purely spam.
Edit: I've been reporting this since 2018 https://twitter.com/OmgImAlexis/status/970576831341518849
On a side note: Is there really no way to report malicious users/images on hub.docker.com directly?
I've been told to open a support ticket every time I find one. 😕
The end number is the year the account was created.
https://hub.docker.com/u/adeqasta- 49 repos - 2021
https://hub.docker.com/u/arlelado - 249 repos - 2020
https://hub.docker.com/u/cafilvesin - 51 repos - 2021
https://hub.docker.com/u/enuntogjust - 200 repos - 2021
https://hub.docker.com/u/esrerasma - 227 repos - 2020
https://hub.docker.com/u/furtnipechou - 49 repos - 2021
https://hub.docker.com/u/heltecoha - 31 repos - 2021
https://hub.docker.com/u/hoblimofett - 232 repos - 2020
https://hub.docker.com/u/liticheta - 249 repos - 2020
https://hub.docker.com/u/neysiodesing - 200 repos - 2021
https://hub.docker.com/u/pedilimo - 33 repos - 2021
https://hub.docker.com/u/polaworklo - 202 repos - 2020
https://hub.docker.com/u/reocreamelom - 219 repos - 2020
https://hub.docker.com/u/roatcombackfo - 47 repos - 2021
https://hub.docker.com/u/seysecsimpwar - 213 repos - 2020
https://hub.docker.com/u/skiduscurock - 207 repos - 2020
https://hub.docker.com/u/snoopalhartu - 207 repos - 2020
https://hub.docker.com/u/travmepteti - 231 repos - 2020
https://hub.docker.com/u/unimcegor - 244 repos - 2020
https://hub.docker.com/u/atxaseto - 220 repos - 2020
https://hub.docker.com/u/evquistepean - 215 repos - 2020
https://hub.docker.com/u/firsconfire - 214 repos - 2020
https://hub.docker.com/u/geeksmecuswo - 227 repos - 2020
https://hub.docker.com/u/renseitlewin - 202 repos - 2020
https://hub.docker.com/u/restlemgeperp - 233 repos 2020
https://hub.docker.com/u/smalevagen - 231 repos - 2020
https://hub.docker.com/u/tapadedla - 206 repos - 2020
https://hub.docker.com/u/timbzafifu - 235 repos - 2020
https://hub.docker.com/u/urevacscot - 49 repos - 2021
https://hub.docker.com/u/steerindyrou - 214 repos - 2020
https://hub.docker.com/u/linkcentfimit - 222 repos - 2020
https://hub.docker.com/u/locklivecom - 221 repos - 2020
https://hub.docker.com/u/tranbirushou - 236 repos - 2020
https://hub.docker.com/u/weitokersren - 217 repos - 2020
https://hub.docker.com/u/percalingco - 222 repos - 2020
https://hub.docker.com/u/surpchopjuggnoc - 215 repos - 2020
https://hub.docker.com/u/jancinistfin - 248 repos - 2020
https://hub.docker.com/u/lieroureting - 48 repos - 2021
https://hub.docker.com/u/brocimpobot - 241 repos - 2020
One more for the pile:
https://hub.docker.com/u/kritragmilea
Hard to believe this is the best method to report but here we are…
Hi all,
We thank you all for reporting all these accounts diligently. We will be taking down all users who breached our Terms of Service without notice.
You can reply to this thread if you have found more.
Regards,
Suzaril Shah Docker Inc.
@suzarilshah no offense but Docker Inc. needs to be do more on this. Expecting users to report them one by one isn't working.
@suzarilshah quite a few if not all of the ones I listed above haven't been taken down. I've reported them on twitter and now here.
Is there a reason it takes multiple days for something like this to be taken down?
@suzarilshah
Another one for the pile.
https://hub.docker.com/u/nvestaboggting
Glad to see nothing at all has been done to fix this.
This took me SECONDS to find these.
https://hub.docker.com/r/stanonaril/free-download-game-tradewinds-3-full-16-gemintris
https://hub.docker.com/r/inprimlowsche/shoemaster-qs-10-02-crack-extra-quality
https://hub.docker.com/r/stanonaril/hypernova-escape-from-hadea-free-download-addons-nesbiren
https://hub.docker.com/r/lintamalo/sinhala-history-bookspdf
https://hub.docker.com/r/gorjugega/320kbps-mp3-bollywood-songs-download
https://hub.docker.com/r/biodanhowhip/star-trek-yamato-class
https://hub.docker.com/r/dinsehardva/donde-puedo-ver-videos-de-pedofilia
https://hub.docker.com/r/jamentitul/comentariu-literar-la-poezia-plumb-de-iarna-de-george-bacovia
https://hub.docker.com/r/crusaccestee/program-traducere-subtitrare-din-engleza-in-romana
https://hub.docker.com/r/figinglandlo/crysis3englishlanguagepack
@suzarilshah what's going to happen here? Does docker have a spam team? Are you guys making any efforts to prevent this or are you seriously expecting us to keep reporting these manually one by one?
Could you also check upon this one https://hub.docker.com/u/redhatopenjdk? Images from this user have nothing to do with openjdk nor redhat.
@zdtsw not sure what makes you think that's a spam account. Just looks like a random dev that wanted that name.
@zdtsw not sure what makes you think that's a spam account. Just looks like a random dev that wanted that name.
@OmgImAlexis thanks for checking up! Does docker allow any individual create any username to publish images, including Trademarker (i.e redhat openshift openjdk etc) For me, this one is trying to mislead other users to download images with name e.g "redhat-openjdk18-openshift" but it is actually something for Tensorflow. esp. RedHat has it is offical image "registry.access.redhat.com/redhat-openjdk-18/openjdk18-openshift"
From user @apurvann's techblog/index.md However, the image which is recommended for building Java based images, might not actually work for some people (As one of my attempts, I tried *redhatopenjdk/redhat-openjdk18-openshift* image but it didn't work for me) that's the consequence when confusing user. I believe with 10k+ downloads count, most of them were done by mistaken.
@suzarilshah care to take a look this one?
I stumbled onto these seemingly spammy images and found this issue. I've been searching for an image for python Luigi pipeline tool. I stumbled onto hundreds of what look like auto-generated images that follow the same recipe:
Image name: <meaningless text>/website
Description: <random int> year old <random job> Luigi <random name> from <random place> has <random hobbies>
https://hub.docker.com/search?tab=tags&q=luigi&sort=updated_at&order=desc
All of the images have different creators, are pushed at different dates spaced over the last 6 months. I tried to pull one of them to eyeball it but it failed with "manifest unknown".
@OmgImAlexis thanks for checking up! Does docker allow any individual create any username to publish images, including Trademarker (i.e redhat openshift openjdk etc) For me, this one is trying to mislead other users to download images with name e.g "redhat-openjdk18-openshift" but it is actually something for Tensorflow. esp. RedHat has it is offical image "registry.access.redhat.com/redhat-openjdk-18/openjdk18-openshift"
I honestly have no clue. From what I've seen in the past with websites they usually expect the owner of those trademarks to contact them when there's an issue otherwise they don't do anything.
Do we still have any docker staff following this issue? If not, any better way to continue this conversation? @suzarilshah @dieucao @izzychu
Many of those ayamgoyeng containers have been created in the last 2 or 3 months, have 100k+ pulls, and are several hundred MB's in size. That's a considerable amount of network traffic...
More concerning is that the images are asociated with a github account that has a single project "my first project" that has a single release with some privacy focused crypto-coin wallet things in it. Timezone is also set to Moscow in the images...
This doesn't look particularly great.
This still an issue and these can be so easily found, I still to this day don't get why docker hub doesn't do anything about this until it's reported.
https://hub.docker.com/r/kegvifarto/native-instrument-komplete-9-ultimate-torrent-top
https://hub.docker.com/r/aperbulme/shri-muhurta-13-portable-astrology-104-free
https://hub.docker.com/r/tripupanin/assassins-creed-brotherhood-crack-file
You've gotta be kidding me, these are all still up. WTF docker.
https://github.com/docker/hub-feedback/issues/2208#issuecomment-1123148425
@suzarilshah https://github.com/docker/hub-feedback/issues/2208#issuecomment-1123148425
these have still not been removed. it's been well over a year since that comment was posted.
