Page MenuHomePhabricator

Repeated multiple failed attempts to log into user accounts (leading to email notifications)
Closed, ResolvedPublicSecurity

Description

There's a few threads on enwiki going on about increased account hacking activity. For example, here. Opening this just so folks are aware.

Event Timeline

Aklapper renamed this task from Multiple account hacking attempts today to Repeated multiple failed attempts to log into user accounts (leading to email notifications).Jan 10 2021, 4:52 PM
<Reedy> https://grafana.wikimedia.org/d/000000004/authentication-metrics?viewPanel=10&orgId=1&from=now-2d&to=now
<Reedy> Been quite an increase in failed logins for ~30H
<Reedy> Quick look at some logs, looks like a form of dictionary/enumeration type attack again accounts

Per grafana, lasted from Friday 10 AM to Saturday 4 PM UTC, with something like 1500 login attempts / min.

As long as you use a strong unique password, you don't need to worry about attacks like these.

The attacks did not continue and did not expose any weakness so unless the Security team wants to follow up IMO we can close this task.

sbassett assigned this task to Tgr.
sbassett triaged this task as Low priority.
sbassett moved this task from Watching to Our Part Is Done on the Security-Team board.
sbassett added a subscriber: sbassett.

so unless the Security team wants to follow up IMO we can close this task.

I think we can close the task for now. If the spikes come back we can re-open or file a new task. I'm not sure there's much we can analyze here other than noting where the spikes originated.

sbassett changed the visibility from "Custom Policy" to "Public (No Login Required)".Jan 12 2021, 1:24 AM
sbassett changed the edit policy from "Custom Policy" to "All Users".