We should setup alerts so if failed logins rise above a certain level, we know.
Moving to normal priority since I'm not sure why after all these years it would suddenly be urgent to do this. Second, since there has been no work done on this since Friday it would indicate that it's not that urgent. If there is a rationale for why we need this quickly, feel free to change the status back.
From my perspective, as a Trust and Safety Responder, we have two-factor authentication required. We have strong passwords required. We have LoginNotify to notify us of such things. It's doing its job. I'm not sure there's much more we need to be doing. @Reception123, do you think we should maybe decline this for now, or perhaps lower to low priority?
@RhinosF1 Okay, fair, but how were you envisioning Trust and Safety would respond to a rise in failed logins? If you just mean SRE blocking access requests at the Varnish level, that's fine and within their scope. But as to any Trust and Safety-level involvement, I'm not sure we really need to do anything about failed logins. I suppose SRE could pass information from the Varnish server access logs to the Trust and Safety team to try and narrow down a responsible party, but then again, they're failed logins. If it's like some sort of mass scale of dictionary password attacks, then it's unlikely, I would say, to be a current Miraheze user, so the best level of involvement as by SRE at the Varnish level
That's true. Trust and Safety would have to be engaged in terms of long-term Varnish-level bans of IP ranges, certainly,
I suppose it's a concern, but from my perspective, I would consider it to be relative low priority so as not to derail or sidetrack focus from other tasks. T8065 seems to be a higher priority from T&S perspective.