Unauthorized Fork in My Repository - Please Help

[Marie-L1]

Hi GitHub Community,

I’m reaching out because I’ve encountered a troubling situation regarding one of my repositories. A user on LinkedIn, Md. Mizanur Rahman, contacted me and asked if they could use my code. I declined their request multiple times, explaining that I did not want them to use my code. Despite this, the user insisted and eventually said, “Well, you should’ve made your repo private then.” Shortly after this, I discovered that they had forked my repository without my permission.

I have since made the repository private, but I am concerned that the fork still exists and may have been used maliciously. Unfortunately, I didn’t capture their GitHub username before making the repo private, but I have their LinkedIn messages as evidence.

Details:

• Repository name: Portfolio2
• The fork occurred right after the last conversation on January 14, 2025 at around 11 am.
• The user’s name on LinkedIn: Md. Mizanur Rahman from Bangladesh.
• I’ve already made the repository private and have no direct access to their profile anymore.

I’m requesting help in identifying the fork or taking appropriate action, as I believe this may be a violation of GitHub’s usage policies and intellectual property rights.

Thank you in advance for any help or guidance you can provide.

Here is his Linkedin:

[spenserblack]

When your repository was forked, did it have a license file or any documentation regarding usage permissions?

[Ahmed-M-Ezzat]

It’s definitely not cool that someone would fork your repo after you clearly said no. Here’s what you could do:

Look for the Fork: Even though your repository is now private, you should still be able to see if there’s a fork through GitHub. Go to your repo's main page and check the "Forks" section to see if it shows up there.

Reach Out to GitHub Support: If you find the fork and are worried about it being used inappropriately, definitely hit up GitHub Support. They can look into it and see if there’s anything they can do.

Save Your Evidence: You mentioned having the LinkedIn messages, which is great! Make sure you keep those handy in case GitHub needs proof of your communications.

Security Settings: You might want to look into setting up some extra security measures for your future repos, like adding a clear license and usage terms that outline how you want your code to be used.

Hopefully, this helps!

[Marie-L1]

Thank you! This is the first time I've had an issue like this, so I was unsure what to do. I'll definitely be setting up a clear license in my next repo.

[Thyrail]

Hi Marie,

I understand your concerns, and I’ll try to provide some guidance regarding this situation:

1. Forks and Privacy:

• When your repository was public, anyone could technically fork it, as GitHub's policies allow forking public repositories. Once you made your repository private, existing forks should no longer have access to your repository’s content. However, if the user cloned your repository locally before you made it private, GitHub cannot retroactively remove those copies.

2. Reporting the Issue:

• You can contact GitHub Support to report this issue, especially since you have evidence from your LinkedIn messages. Provide as much detail as possible, including the repository name, the date and time of the fork, and the user's LinkedIn information. Use GitHub’s Abuse Report form to file your complaint.

3. Legal Options:

• If you have included a license in your repository, check its terms. Licenses like MIT or Apache allow use and redistribution under certain conditions. If you did not include a license, your code is automatically protected under copyright law, meaning others cannot legally use or redistribute it without your permission. You may want to consult a legal professional for further action.

4. Preventing Future Issues:

• To avoid similar situations in the future, consider keeping sensitive repositories private from the start. If you want to share your code publicly but still retain control over its use, include a license that suits your needs and clearly defines permissible usage.
  While this situation is frustrating, GitHub is generally helpful in addressing such cases. Hopefully, they can assist you in resolving this matter.

---

If my answer helps resolve your issue, I would appreciate it if you could mark this discussion as closed. This ensures that others in the community can see that the problem has been addressed, and it helps maintain an organized forum.

Thank you, and I hope you can resolve this situation swiftly!