You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
When deploying VCIO in public instances, there can be cases of abuse by spammers that request API keys for some random email and these folks can then rightfully complain that this VCIO instance is a source of annoyance.
Here I think a spammer requested an API key for someone else on the public.vulnerablecode.io and this created the spam signal @ AWS.
complaints via nexb-support
Attachments
Dec 8, 2024, 6:05 PM (21 hours ago)
to support
This is an email abuse report for an email message from amazonses.com on Sun, 8 Dec 2024 07:25:16 +0000
---------- Forwarded message ----------
From: [email protected]
To: --------------
Cc:
Bcc:
Date: Sun, 8 Dec 2024 07:25:15 +0000
Subject: Re: VulnerableCode.io API key request
We should design a way possibly with some captcha or similar, or integration with some auth thing like GH or Google to make this more difficult for spammers
We should also improve the text of the email with something like:
You (or someone pretending to be you) has requested a VulnerableCode API key
at https://public.vulnerablecode.io/account/request_api_key/ from this address:
123.129.33.123
If you have not requested this API key, you can safely ignore it. If you have any problems please contact [email protected]
The text template is below and also needs some love and updates:
When deploying VCIO in public instances, there can be cases of abuse by spammers that request API keys for some random email and these folks can then rightfully complain that this VCIO instance is a source of annoyance.
Here I think a spammer requested an API key for someone else on the public.vulnerablecode.io and this created the spam signal @ AWS.
We should design a way possibly with some captcha or similar, or integration with some auth thing like GH or Google to make this more difficult for spammers
The text template is below and also needs some love and updates:
vulnerablecode/vulnerabilities/views.py
Line 263 in b47f382
The text was updated successfully, but these errors were encountered: