📡 Blogger Bot Tracker #608

Workflow file for this run

.github/workflows/security-bot.yml at a7304e4

	name: "📡 Blogger Bot Tracker"

	on:
	schedule:
	- cron: '0 * * * *' # Runs every hour, on the hour
	workflow_dispatch: # Allows you to click "Run" whenever you want

	jobs:
	scrape-blogger:
	runs-on: ubuntu-latest
	permissions:
	issues: write

	steps:
	- name: "Forensic Fetch"
	run: \|
	TARGET="https://enablesmartspirit.blogspot.com/"

	# We use stealth headers so the Blogger bot doesn't hide the "USER####" text from us
	curl -s -L -A "Mozilla/5.0 (Windows NT 10.0; Win64; x64) Chrome/123.0.0.0" \
	-H "Referer: https://www.google.com/" \
	--compressed "$TARGET" > blogger_dump.html

	- name: "Identify Bot Response"
	id: detector
	run: \|
	# Look for the specific pattern you saw: "Answer: It seems that your repository..."
	# Also look for any USER#### IDs appearing on the page
	if grep -qE "Answer:\|USER[0-9]{4}\|failed" blogger_dump.html; then
	echo "BOT_RESPONDED=true" >> $GITHUB_ENV

	# Extract the specific text the bot wrote to show you in the report
	# This grabs 2 lines of context around the "Answer"
	grep -C 2 "Answer:" blogger_dump.html > bot_message.txt \|\| echo "Pattern found but hidden in script" > bot_message.txt
	fi

	- name: "Report Bot to GitHub"
	if: env.BOT_RESPONDED == 'true'
	env:
	GH_TOKEN: ${{ secrets.GH_TOKEN}}
	REPO: "DeveloperTryingToCodeLikeOtherOfThem/pxt-common-docs"
	run: \|
	MSG=$(cat bot_message.txt)
	gh issue create --repo "$REPO" \
	--title "📢 NEW BOT ACTIVITY ON BLOGGER" \
	--body "### The Tracker caught a bot update on the suspicious site:

	Detected Text:
	\`\`\`text
	$MSG
	\`\`\`

	Target Site: https://enablesmartspirit.blogspot.com/
	Status: Bot is actively generating fake triage reports." \
	--label "threat-detected"

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

Uh oh!

📡 Blogger Bot Tracker #608

Workflow file

📡 Blogger Bot Tracker #608

Uh oh!

Workflow file for this run