correlr/roam
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions
roam/daily/2020-07-13.org
Correl 9775046d26 Add aweber roam files
2021-09-01 16:57:39 -04:00

47 lines
2.9 KiB
Org Mode
Raw Blame History

This file contains ambiguous Unicode characters

This file contains Unicode characters that might be confused with other characters. If you think that this is intentional, you can safely ignore this warning. Use the Escape button to reveal them.

:PROPERTIES:
:ID: 81ada51d-463a-4e2a-9e7a-af123720dde7
:END:
#+title: 2020-07-13
* Ops Initiative Workshop
- [[id:ac416861-ce45-49ac-8b60-f8ea39362135][Migration to common RabbitMQ]]
- EDELIV parent ticket: https://jira.aweber.io/browse/EDELIV-4083
- Eric to look into [[id:e4d00c11-da8a-4c91-8f38-ce939846e5cb][CoreAPI]] changes needed for common-rabbitmq migration.
- Looking at Sites RabbitMQ publishing
- Enlightener
- Billing
- Also updating with new control-panel credentials
- Sites (docker) common-rabbitmq migration changes:
https://gitlab.aweber.io/CP/applications/sites/-/merge_requests/5258
- Sites ([[id:ddeea682-c8f0-4607-8e2b-0f8ee4fd6191][Puppet]]) common-rabbitmq migration changes:
https://gitlab.aweber.io/PSE/config-management/puppet/-/merge_requests/158
* Compromised Account Credentials
#+begin_quote
Tom Kulzer Today at 1:03 PM
@MeghanN @correlr we are seeing major issues with account credentials being compromised by someone thats sending phishing emails. @Josh Smith IDd that they are likely using bots to test credentials from other site data compromises and catching people that have logins where they use the same email/pswd elsewhere. Our data on the login dashboard appears broken.. https://aweber.slack.com/archives/CF62W5U10/p1594645641053600
https://grafana.aweber.io/d/000000530/account-logins?orgId=1&refresh=5m
Does anyone have suggestions on how we can be preventing or catching these kind of compromises better?
#+end_quote
#+begin_quote
Ian Ratti
The PayPal phishing abuser is now logging into old accounts to send phishing notices. Some recent accounts:
https://admin.aweber.io/account/index/1515621#
https://admin.aweber.io/account/index/1506549#
https://admin.aweber.io/account/index/1516301#
Now logging in from Egypt and promoting the same phishing page links (https://wlpork.co.za/ ) on these two older accounts starting 7/11/20 that were previously inactive for years:
https://admin.aweber.io/account/index/247035#
https://admin.aweber.io/account/index/304061# (sent in a request to close due to the compromise, found this via the 8 huge imports waiting in review)
#+end_quote
#+begin_quote
Tom Kulzer 21 minutes ago
thoughts Ive had:
- sift.com has an account takeover product that were not using and could potentially, but its expensive and wouldnt have the historical data on these accounts thatd be necessary to catch these specific bad actor instances.
- email alerts when someone logs in with an IP or region different than theyve done in the past.
- do some sort of cross match on publicly available compromised account password files to see if we have crossover and force reset pswds on those users.
- force an email verification click when someone logs in from a different region than theyve historically logged in from.
Im not sure on other ideas.
#+end_quote
Brian H has been tackling this so far: https://jira.aweber.io/browse/CCPANEL-10593
Reference in a new issue View git blame Copy permalink