Skip to content

Add monitoring for common spam patterns #1678

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Merged
merged 3 commits into from
Apr 1, 2019
Merged

Add monitoring for common spam patterns #1678

merged 3 commits into from
Apr 1, 2019

Conversation

sgrif
Copy link
Contributor

@sgrif sgrif commented Mar 18, 2019

We've noticed some common patterns in recent spam attacks. While our
response time on these has been ok, we can look for some of these common
patterns and page whoever is on-call earlier than we'd otherwise notice.
The exact patterns we look for is considered sensitive information, and
thus not in the repo and should not be discussed publicly.

Note that I've opted to look for crates that are likely spam, rather
than volume. Volume is more likely to have false positives, and is
better handled by more aggressive rate limiting.

This assumes that we consider a spam attack to be something we always
want to page for. Since we have better coverage of someone watching
discord most hours, we could alternatively have this post in a private
channel, and let whoever is awake determine if it's worth paging over.

If someone does get paged, it's assumed that this will get resolved
either by them taking action to remove the crates, or if the crate is
legitimate, by updating the config vars to remove that pattern.

sgrif added 2 commits March 18, 2019 16:12
@sgrif
Add monitoring for common spam patterns
3636a77 
We've noticed some common patterns in recent spam attacks. While our
response time on these has been ok, we can look for some of these common
patterns and page whoever is on-call earlier than we'd otherwise notice.
The exact patterns we look for is considered sensitive information, and
thus not in the repo and should not be discussed publicly.

Note that I've opted to look for crates that are likely spam, rather
than volume. Volume is more likely to have false positives, and is
better handled by more aggressive rate limiting.

This assumes that we consider a spam attack to be something we always
want to page for. Since we have better coverage of someone watching
discord most hours, we could alternatively have this post in a private
channel, and let whoever is awake determine if it's worth paging over.

If someone does get paged, it's assumed that this will get resolved
either by them taking action to remove the crates, or if the crate is
legitimate, by updating the config vars to remove that pattern.
@sgrif
rustfmt
e9d59aa
@carols10cents
Copy link
Member

Can you privately share the patterns you're thinking of setting these environment variables to initially?

@jtgeibel
Copy link
Member

What do you think about also adding a check to monitor the count of crates where created_at is within the last hour? If that number is high, say over 60, then we could alert as well. This could work along side the rate limiting, to catch people evading it with multiple accounts.

@jtgeibel
Copy link
Member

jtgeibel commented Apr 1, 2019

@bors r+

@bors
Copy link
Contributor

bors commented Apr 1, 2019

📌 Commit fb3da01 has been approved by jtgeibel

bors added a commit that referenced this pull request Apr 1, 2019
@bors
Auto merge of #1678 - sgrif:sg-monitor-spam, r=jtgeibel
44060f3 
Add monitoring for common spam patterns

We've noticed some common patterns in recent spam attacks. While our
response time on these has been ok, we can look for some of these common
patterns and page whoever is on-call earlier than we'd otherwise notice.
The exact patterns we look for is considered sensitive information, and
thus not in the repo and should not be discussed publicly.

Note that I've opted to look for crates that are likely spam, rather
than volume. Volume is more likely to have false positives, and is
better handled by more aggressive rate limiting.

This assumes that we consider a spam attack to be something we always
want to page for. Since we have better coverage of someone watching
discord most hours, we could alternatively have this post in a private
channel, and let whoever is awake determine if it's worth paging over.

If someone does get paged, it's assumed that this will get resolved
either by them taking action to remove the crates, or if the crate is
legitimate, by updating the config vars to remove that pattern.
@bors
Copy link
Contributor

bors commented Apr 1, 2019

⌛ Testing commit fb3da01 with merge 44060f3...

@bors
Copy link
Contributor

bors commented Apr 1, 2019

☀️ Test successful - checks-travis
Approved by: jtgeibel
Pushing 44060f3 to master...

@bors bors merged commit fb3da01 into rust-lang:master Apr 1, 2019
@sgrif sgrif deleted the sg-monitor-spam branch May 14, 2019 16:22
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers
No reviews
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
4 participants
@sgrif @carols10cents @jtgeibel @bors