double-check new accounts with BMO to catch and notify of username squatting

RESOLVED FIXED

Status

()

defect
RESOLVED FIXED
Last year
Last year

People

(Reporter: dkl, Assigned: dkl)

Tracking

Production
Dependency tree / graph

Firefox Tracking Flags

(Not tracked)

Details

Attachments

(1 attachment)

45 bytes, text/x-github-pull-request
Details | Review
Assignee

Description

Last year
using the current feed daemon code that detects when new users are created, look at the username of the new user and check it against any nicks in the BMO profiles that match. If the nick matches and the email addresses do not, then create some kind of alert or log message that can be used to alleviate the issue.
Assignee

Comment 1

Last year
Posted file github pull request
Assignee: nobody → dkl
Status: NEW → ASSIGNED
Attachment #8967854 - Flags: review?(dylan)
Assignee

Comment 2

Last year
In the code I have currently, I am logging as a WARN when it finds a username that is potentially a squatter for someone else's nick. I am not sure if that is enough or if we should be taking a more aggressive approach. Should I disable the account with some explanatory text, should I email bugzilla-admin, or will the warn log messages be sufficient. Thoughts?

dkl
Flags: needinfo?(mcote)
Flags: needinfo?(dylan)
(In reply to David Lawrence [:dkl] from comment #2)
> In the code I have currently, I am logging as a WARN when it finds a
> username that is potentially a squatter for someone else's nick. I am not
> sure if that is enough or if we should be taking a more aggressive approach.
> Should I disable the account with some explanatory text, should I email
> bugzilla-admin, or will the warn log messages be sufficient. Thoughts?

given the current state of monitoring i think a WARN and an email to phabricator-admin makes sense (don't know if phabriator-admin exists, if not we should create one; it's self-service).
Yeah, agreed.  dkl, can you see about creating a phabricator-admin list if one doesn't exist?  Ensure glob, smacleod, yourself, and I are all on it.
Flags: needinfo?(mcote)
Assignee

Comment 5

Last year
(In reply to Mark Côté [:mcote] from comment #4)
> Yeah, agreed.  dkl, can you see about creating a phabricator-admin list if
> one doesn't exist?  Ensure glob, smacleod, yourself, and I are all on it.

RITM0061908 Created
(In reply to David Lawrence [:dkl] from comment #5)
> (In reply to Mark Côté [:mcote] from comment #4)
> > Yeah, agreed.  dkl, can you see about creating a phabricator-admin list if
> > one doesn't exist?  Ensure glob, smacleod, yourself, and I are all on it.
> 
> RITM0061908 Created

for next time here's how to create one yourself: https://mana.mozilla.org/wiki/pages/viewpage.action?pageId=43718013
Assignee

Updated

Last year
Flags: needinfo?(dylan)
Assignee

Comment 7

Last year
This is done
Status: ASSIGNED → RESOLVED
Closed: Last year
Resolution: --- → FIXED
Duplicate of this bug: 1402431
Out of curiosity, were there any exceptions noted in the first pass of this?
Not that I am aware of.  dkl?
Flags: needinfo?(dkl)
Assignee

Comment 11

Last year
(In reply to Jonathan Claudius [:claudijd] (use NEEDINFO) from comment #9)
> Out of curiosity, were there any exceptions noted in the first pass of this?

When you say exceptions, do you mean did it find any username squatters already in the system?

dkl
Flags: needinfo?(dkl)
Assignee

Updated

Last year
Flags: needinfo?(jclaudius)
(In reply to David Lawrence [:dkl] from comment #11)
> (In reply to Jonathan Claudius [:claudijd] (use NEEDINFO) from comment #9)
> > Out of curiosity, were there any exceptions noted in the first pass of this?
> 
> When you say exceptions, do you mean did it find any username squatters
> already in the system?
> 
> dkl

Yes, exactly that.
Flags: needinfo?(jclaudius)
Assignee

Comment 13

Last year
(In reply to Jonathan Claudius [:claudijd] (use NEEDINFO) from comment #12)
> (In reply to David Lawrence [:dkl] from comment #11)
> > (In reply to Jonathan Claudius [:claudijd] (use NEEDINFO) from comment #9)
> > > Out of curiosity, were there any exceptions noted in the first pass of this?
> > 
> > When you say exceptions, do you mean did it find any username squatters
> > already in the system?
> > 
> > dkl
> 
> Yes, exactly that.

The code we implemented looks at accounts as they are created so I would need to go through the list pre-deployment and see if anything sticks out right away. I didn't really do that before as Phab was still being used by a small group of Mozilla people so I didn't feel like I would fine any. I can make a point to take a look soon though.

This is the current list of users https://phabricator.services.mozilla.com/people/ if you want to look as well.

dkl
Assignee

Updated

Last year
Attachment #8967854 - Flags: review?(dylan)
You need to log in before you can comment on or make changes to this bug.