Comment by nonbirithm

It seems like some of the spam might have been automated. From this comment at least one spammer seems to do a regex for "website" in the repo's name.

https://github.com/promcon/website/pull/158#issuecomment-701...

Some people were saying this could also be used to detect repositories that have "auto-merging" in order to add vulnerabilities to them later, perhaps using Hacktoberfest as a cover for more nefarious activities. That's strange, I haven't heard of projects that automatically merge certain PRs from arbitrary accounts.