检测 GitHub 提交的 IP 地址
[英]Detect IP address of GitHub commit
问题描述
i'm the owner of a few corporate github repositories.
我是一些企业 github 存储库的所有者。 Lately we have been suspicious of a developer who may be enlisting outsourced help through his borrowed github identity (many 4am commits in batches).最近,我们怀疑一个开发人员可能通过他借用的 github 身份(许多凌晨 4 点分批提交)寻求外包帮助。 Is there a way on github.com to determine the source IP address of the committer? github.com上有没有办法确定提交者的源IP地址? On the traffic page i can infer this info based on teh number of unique clones, but this is not enough data for us to validate our concerns.在流量页面上,我可以根据唯一克隆的数量推断此信息,但这不足以让我们验证我们的担忧。
Cheers, Joe Anonymous干杯,乔匿名
1 个解决方案
解决方案1
12 2014-11-18 20:09:23
If this "individual", if I'm quoting your corporatese right, lets his subcontractors commit themselves to the official repo in his name without further precautions, then he is an idiot and deserves to be fired.如果这个“个人”,如果我引用你的公司的话是对的,让他的分包商以他的名义承诺官方回购,而没有进一步的预防措施,那么他就是一个白痴,应该被解雇。
In this case, you probably don't even need the committer's IP address.在这种情况下,您甚至可能不需要提交者的 IP 地址。 The commit itself contains some very useful data:提交本身包含一些非常有用的数据:
git cat-file -p <suspicious-commit-id>
Will show the entire commit object.将显示整个提交对象。 It will contain two lines like this:它将包含如下两行:
author Foo Bar <foo@bar.com> 1398017575 +0200
committer Foo Bar <foo@bar.com> 1398017575 +0200
As you can see there is timezone info following the Unix-epoch timestamps.如您所见,Unix-epoch 时间戳后面有时区信息。 If you're on the East Coast in the USA, you should see something like -0500 .如果您在美国东海岸,您应该会看到类似-0500 。 If the subcontractors are in India, you'll see +0630 or something like that.如果分包商在印度,您会看到+0630或类似的+0630 。
The "individual" has probably more sense than that. “个人”可能比这更有意义。 So the subcontractors push to his repo, then he rewrites history and pushes to the official repo.所以分包商推送到他的 repo,然后他重写历史并推送到官方 repo。 In the latter case, good luck.在后一种情况下,祝你好运。
声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.