double-check new accounts with BMO to catch and notify of username squatting

RESOLVED FIXED

Status

()

defect
RESOLVED FIXED
a year ago
10 months ago

People

(Reporter: dkl, Assigned: dkl)

Tracking

Production

Firefox Tracking Flags

(Not tracked)

Details

Attachments

(1 attachment)

45 bytes, text/x-github-pull-request
Details | Review
(Assignee)

Description

a year ago
using the current feed daemon code that detects when new users are created, look at the username of the new user and check it against any nicks in the BMO profiles that match. If the nick matches and the email addresses do not, then create some kind of alert or log message that can be used to alleviate the issue.
(Assignee)

Comment 1

a year ago
Posted file github pull request
Assignee: nobody → dkl
Status: NEW → ASSIGNED
Attachment #8967854 - Flags: review?(dylan)
(Assignee)

Comment 2

a year ago
In the code I have currently, I am logging as a WARN when it finds a username that is potentially a squatter for someone else's nick. I am not sure if that is enough or if we should be taking a more aggressive approach. Should I disable the account with some explanatory text, should I email bugzilla-admin, or will the warn log messages be sufficient. Thoughts?

dkl
Flags: needinfo?(mcote)
Flags: needinfo?(dylan)
(In reply to David Lawrence [:dkl] from comment #2)
> In the code I have currently, I am logging as a WARN when it finds a
> username that is potentially a squatter for someone else's nick. I am not
> sure if that is enough or if we should be taking a more aggressive approach.
> Should I disable the account with some explanatory text, should I email
> bugzilla-admin, or will the warn log messages be sufficient. Thoughts?

given the current state of monitoring i think a WARN and an email to phabricator-admin makes sense (don't know if phabriator-admin exists, if not we should create one; it's self-service).
Yeah, agreed.  dkl, can you see about creating a phabricator-admin list if one doesn't exist?  Ensure glob, smacleod, yourself, and I are all on it.
Flags: needinfo?(mcote)
(Assignee)

Comment 5

a year ago
(In reply to Mark Côté [:mcote] from comment #4)
> Yeah, agreed.  dkl, can you see about creating a phabricator-admin list if
> one doesn't exist?  Ensure glob, smacleod, yourself, and I are all on it.

RITM0061908 Created
(In reply to David Lawrence [:dkl] from comment #5)
> (In reply to Mark Côté [:mcote] from comment #4)
> > Yeah, agreed.  dkl, can you see about creating a phabricator-admin list if
> > one doesn't exist?  Ensure glob, smacleod, yourself, and I are all on it.
> 
> RITM0061908 Created

for next time here's how to create one yourself: https://mana.mozilla.org/wiki/pages/viewpage.action?pageId=43718013
(Assignee)

Updated

a year ago
Flags: needinfo?(dylan)
(Assignee)

Comment 7

a year ago
This is done
Status: ASSIGNED → RESOLVED
Last Resolved: a year ago
Resolution: --- → FIXED

Updated

11 months ago
Duplicate of this bug: 1402431
Out of curiosity, were there any exceptions noted in the first pass of this?
Not that I am aware of.  dkl?
Flags: needinfo?(dkl)
(Assignee)

Comment 11

11 months ago
(In reply to Jonathan Claudius [:claudijd] (use NEEDINFO) from comment #9)
> Out of curiosity, were there any exceptions noted in the first pass of this?

When you say exceptions, do you mean did it find any username squatters already in the system?

dkl
Flags: needinfo?(dkl)
(Assignee)

Updated

11 months ago
Flags: needinfo?(jclaudius)
(In reply to David Lawrence [:dkl] from comment #11)
> (In reply to Jonathan Claudius [:claudijd] (use NEEDINFO) from comment #9)
> > Out of curiosity, were there any exceptions noted in the first pass of this?
> 
> When you say exceptions, do you mean did it find any username squatters
> already in the system?
> 
> dkl

Yes, exactly that.
Flags: needinfo?(jclaudius)
(Assignee)

Comment 13

11 months ago
(In reply to Jonathan Claudius [:claudijd] (use NEEDINFO) from comment #12)
> (In reply to David Lawrence [:dkl] from comment #11)
> > (In reply to Jonathan Claudius [:claudijd] (use NEEDINFO) from comment #9)
> > > Out of curiosity, were there any exceptions noted in the first pass of this?
> > 
> > When you say exceptions, do you mean did it find any username squatters
> > already in the system?
> > 
> > dkl
> 
> Yes, exactly that.

The code we implemented looks at accounts as they are created so I would need to go through the list pre-deployment and see if anything sticks out right away. I didn't really do that before as Phab was still being used by a small group of Mozilla people so I didn't feel like I would fine any. I can make a point to take a look soon though.

This is the current list of users https://phabricator.services.mozilla.com/people/ if you want to look as well.

dkl
(Assignee)

Updated

10 months ago
Attachment #8967854 - Flags: review?(dylan)
You need to log in before you can comment on or make changes to this bug.