Detect IP address of GitHub commit

Asked 17/11, 2014 at 22:16 Answered 4/4, 2022 at 4:11

i'm the owner of a few corporate github repositories. Lately we have been suspicious of a developer who may be enlisting outsourced help through his borrowed github identity (many 4am commits in batches). Is there a way on github.com to determine the source IP address of the committer? On the traffic page i can infer this info based on teh number of unique clones, but this is not enough data for us to validate our concerns.

Cheers, Joe Anonymous

Sportsmanship answered 17/11, 2014 at 22:16 Comment(4)

Joe Anonymous the champion of transparency. Very interesting. – Phuongphycology 17/11, 2014 at 22:26

SzG the champion of finding irony. Not interesting to this thread. Anonymity is important to avoid sleuthing individuals from catching on before legal proceedings. The alternative is to take security and plagiarism lightly. – Sportsmanship 17/11, 2014 at 22:31

Unfortunately, IP information is not captured by Git itself, and even if it was, the end user would likely have control over it--so it wouldn't be trustworthy. If you were using GitHub Enterprise, I think you'd have a few more options (such as the push log). It appears that at least some client side actions show the client IP. But I don't think the push log is available on GitHub proper. – Rosenbaum 18/11, 2014 at 0:49

Thanks jszakmeister, that's the answer i was looking for. Sincerely appreciated. I'll just have to find another way to prove/disprove my theory. HR concerns require evidence, not theories. – Sportsmanship 18/11, 2014 at 4:6

If this "individual", if I'm quoting your corporatese right, lets his subcontractors commit themselves to the official repo in his name without further precautions, then he is an idiot and deserves to be fired.

In this case, you probably don't even need the committer's IP address. The commit itself contains some very useful data:

git cat-file -p <suspicious-commit-id>

Will show the entire commit object. It will contain two lines like this:

author Foo Bar <[email protected]> 1398017575 +0200
committer Foo Bar <[email protected]> 1398017575 +0200

As you can see there is timezone info following the Unix-epoch timestamps. If you're on the East Coast in the USA, you should see something like -0500. If the subcontractors are in India, you'll see +0630 or something like that.

The "individual" has probably more sense than that. So the subcontractors push to his repo, then he rewrites history and pushes to the official repo. In the latter case, good luck.

Phuongphycology answered 18/11, 2014 at 20:9 Comment(2)

This command is quite good. It gives me the mentioned two lines information. I think another tool, gitk would give you details information about entire commits. Before that, you have to ensure that gitk is installed on your computer. – Sollie 10/2, 2016 at 4:39

Only issue here is that savvy tricksters will VPN to a reasonable location. Of course, IP will not help in this case either but still very good info. – Kirit 17/6, 2021 at 14:28

The Security log might have enough info:

https://github.com/settings/security-log

Niemi answered 4/4, 2022 at 4:11 Comment(0)

Recommended topics

Hot tags