double-check new accounts with BMO to catch and notify of username squatting

RESOLVED FIXED

Status

()

RESOLVED FIXED
7 months ago
4 months ago

People

(Reporter: dkl, Assigned: dkl)

Tracking

(Blocks: 1 bug)

Production

Details

Attachments

(1 attachment)

(Assignee)

Description

7 months ago
using the current feed daemon code that detects when new users are created, look at the username of the new user and check it against any nicks in the BMO profiles that match. If the nick matches and the email addresses do not, then create some kind of alert or log message that can be used to alleviate the issue.
(Assignee)

Comment 1

7 months ago
Created attachment 8967854 [details] [review]
github pull request
Assignee: nobody → dkl
Status: NEW → ASSIGNED
Attachment #8967854 - Flags: review?(dylan)
(Assignee)

Comment 2

7 months ago
In the code I have currently, I am logging as a WARN when it finds a username that is potentially a squatter for someone else's nick. I am not sure if that is enough or if we should be taking a more aggressive approach. Should I disable the account with some explanatory text, should I email bugzilla-admin, or will the warn log messages be sufficient. Thoughts?

dkl
Flags: needinfo?(mcote)
Flags: needinfo?(dylan)
(In reply to David Lawrence [:dkl] from comment #2)
> In the code I have currently, I am logging as a WARN when it finds a
> username that is potentially a squatter for someone else's nick. I am not
> sure if that is enough or if we should be taking a more aggressive approach.
> Should I disable the account with some explanatory text, should I email
> bugzilla-admin, or will the warn log messages be sufficient. Thoughts?

given the current state of monitoring i think a WARN and an email to phabricator-admin makes sense (don't know if phabriator-admin exists, if not we should create one; it's self-service).

Comment 4

7 months ago
Yeah, agreed.  dkl, can you see about creating a phabricator-admin list if one doesn't exist?  Ensure glob, smacleod, yourself, and I are all on it.
Flags: needinfo?(mcote)
(Assignee)

Comment 5

7 months ago
(In reply to Mark Côté [:mcote] from comment #4)
> Yeah, agreed.  dkl, can you see about creating a phabricator-admin list if
> one doesn't exist?  Ensure glob, smacleod, yourself, and I are all on it.

RITM0061908 Created
(In reply to David Lawrence [:dkl] from comment #5)
> (In reply to Mark Côté [:mcote] from comment #4)
> > Yeah, agreed.  dkl, can you see about creating a phabricator-admin list if
> > one doesn't exist?  Ensure glob, smacleod, yourself, and I are all on it.
> 
> RITM0061908 Created

for next time here's how to create one yourself: https://mana.mozilla.org/wiki/pages/viewpage.action?pageId=43718013
(Assignee)

Updated

7 months ago
Flags: needinfo?(dylan)

Updated

7 months ago
Blocks: 1381498
(Assignee)

Comment 7

7 months ago
This is done
Status: ASSIGNED → RESOLVED
Last Resolved: 7 months ago
Resolution: --- → FIXED

Updated

6 months ago
Duplicate of this bug: 1402431
Out of curiosity, were there any exceptions noted in the first pass of this?

Comment 10

6 months ago
Not that I am aware of.  dkl?
Flags: needinfo?(dkl)
(Assignee)

Comment 11

6 months ago
(In reply to Jonathan Claudius [:claudijd] (use NEEDINFO) from comment #9)
> Out of curiosity, were there any exceptions noted in the first pass of this?

When you say exceptions, do you mean did it find any username squatters already in the system?

dkl
Flags: needinfo?(dkl)
(Assignee)

Updated

6 months ago
Flags: needinfo?(jclaudius)
(In reply to David Lawrence [:dkl] from comment #11)
> (In reply to Jonathan Claudius [:claudijd] (use NEEDINFO) from comment #9)
> > Out of curiosity, were there any exceptions noted in the first pass of this?
> 
> When you say exceptions, do you mean did it find any username squatters
> already in the system?
> 
> dkl

Yes, exactly that.
Flags: needinfo?(jclaudius)
(Assignee)

Comment 13

6 months ago
(In reply to Jonathan Claudius [:claudijd] (use NEEDINFO) from comment #12)
> (In reply to David Lawrence [:dkl] from comment #11)
> > (In reply to Jonathan Claudius [:claudijd] (use NEEDINFO) from comment #9)
> > > Out of curiosity, were there any exceptions noted in the first pass of this?
> > 
> > When you say exceptions, do you mean did it find any username squatters
> > already in the system?
> > 
> > dkl
> 
> Yes, exactly that.

The code we implemented looks at accounts as they are created so I would need to go through the list pre-deployment and see if anything sticks out right away. I didn't really do that before as Phab was still being used by a small group of Mozilla people so I didn't feel like I would fine any. I can make a point to take a look soon though.

This is the current list of users https://phabricator.services.mozilla.com/people/ if you want to look as well.

dkl
(Assignee)

Updated

4 months ago
Attachment #8967854 - Flags: review?(dylan)
You need to log in before you can comment on or make changes to this bug.