He’s commenting strange stuff on my project…
Thanks for raising this – and I completely understand your concern.
The user you’re referring to, testuser9c3c1ef7, appears to be a security researcher who is testing for potential vulnerabilities in online applications (we have a bug bounty for PlayCanvas, which is common for popular websites/online applications). From what we can see, there’s no indication that they’ve done anything harmful to your project, and these kinds of tests are typically designed to identify issues rather than exploit them.
That said, we always take this kind of activity seriously. We’ve already reviewed the situation internally, and our team continues to monitor for any suspicious behavior across the platform. If you notice anything else unusual or have specific concerns about your project’s integrity or access, please don’t hesitate to flag it with us directly via the forum or Discord.
In the meantime, your project and data remain secure, and you don’t need to take any action.
Thanks again for your vigilance!
thanks for getting back,
Yeah felt a little spooked by its jargon, for a second I felt a little more nervous but it’s good to know that it’s a false alarm and there’s nothing to worry about.
1 Like
it has been like that for years, there are hundreds of these things, its absolutely fine
When dealing with potential security concerns using chatgpt to generate a response is not a very good idea.
As for the user itself, as I said I see these everywhere and have for several years, and I while I do not understand their purpose they have never done anything actively harmful so I just ignore them. Think of them as wild birds or something. Just a neat thing to see.
What in my reply is incorrect?
Nothing, I hope. But the idea of security related questions being outsourced to ai just does not instill me with confidence. As in “if they cant even be bothered to write their own reply what else are they not bothering to do”. People like me who have been here for years know these weird accounts show up all the time and they are completely harmless, but the person who made the topic did not, and the idea that the person assuring them they are fine is generating their responses with ai is probably not very comforting.
Maybe “That said, we always take this kind of activity seriously” is a bit misleading.
remember this?
Personally I didnt feel like you took that very seriously.
But mostly I just really hate ai.
Oh, I see. So it is not the correctness of my reply you’re criticizing, it’s the amount of effort I put into the process of replying. Then perhaps I should outline that process:
- Locate that user in our admin panel.
- Scan user’s profile to understand more about that user’s details and motivations.
- Open several of the user’s public projects with special attention given to opening and checking their scripts in the code editor.
- Run some of their scenes.
- Remove the user’s comments from dev logs.
- Craft a prompt with my findings that user
testuser9c3c1ef7is a security researcher and that he is not doing any harm as far as I can detect as well as some background on our attitude and process around fielding reports on suspicious user behavior. - Edit the generated response (mainly to add important context about why security researchers are present on the platform - namely the bug bounty program).
- Proof read the final version.
- Reply.
What are you suggesting I do to improve my process further?
