-
Notifications
You must be signed in to change notification settings - Fork 591
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Add monitoring for common spam patterns #1678
Conversation
We've noticed some common patterns in recent spam attacks. While our response time on these has been ok, we can look for some of these common patterns and page whoever is on-call earlier than we'd otherwise notice. The exact patterns we look for is considered sensitive information, and thus not in the repo and should not be discussed publicly. Note that I've opted to look for crates that are likely spam, rather than volume. Volume is more likely to have false positives, and is better handled by more aggressive rate limiting. This assumes that we consider a spam attack to be something we always want to page for. Since we have better coverage of someone watching discord most hours, we could alternatively have this post in a private channel, and let whoever is awake determine if it's worth paging over. If someone does get paged, it's assumed that this will get resolved either by them taking action to remove the crates, or if the crate is legitimate, by updating the config vars to remove that pattern.
Can you privately share the patterns you're thinking of setting these environment variables to initially? |
What do you think about also adding a check to monitor the count of crates where |
@bors r+ |
📌 Commit fb3da01 has been approved by |
Add monitoring for common spam patterns We've noticed some common patterns in recent spam attacks. While our response time on these has been ok, we can look for some of these common patterns and page whoever is on-call earlier than we'd otherwise notice. The exact patterns we look for is considered sensitive information, and thus not in the repo and should not be discussed publicly. Note that I've opted to look for crates that are likely spam, rather than volume. Volume is more likely to have false positives, and is better handled by more aggressive rate limiting. This assumes that we consider a spam attack to be something we always want to page for. Since we have better coverage of someone watching discord most hours, we could alternatively have this post in a private channel, and let whoever is awake determine if it's worth paging over. If someone does get paged, it's assumed that this will get resolved either by them taking action to remove the crates, or if the crate is legitimate, by updating the config vars to remove that pattern.
☀️ Test successful - checks-travis |
We've noticed some common patterns in recent spam attacks. While our
response time on these has been ok, we can look for some of these common
patterns and page whoever is on-call earlier than we'd otherwise notice.
The exact patterns we look for is considered sensitive information, and
thus not in the repo and should not be discussed publicly.
Note that I've opted to look for crates that are likely spam, rather
than volume. Volume is more likely to have false positives, and is
better handled by more aggressive rate limiting.
This assumes that we consider a spam attack to be something we always
want to page for. Since we have better coverage of someone watching
discord most hours, we could alternatively have this post in a private
channel, and let whoever is awake determine if it's worth paging over.
If someone does get paged, it's assumed that this will get resolved
either by them taking action to remove the crates, or if the crate is
legitimate, by updating the config vars to remove that pattern.