Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Protect cloudbank demo hub from crypto miners #1216

Closed
3 tasks done
yuvipanda opened this issue Apr 18, 2022 · 0 comments · Fixed by #1218
Closed
3 tasks done

Protect cloudbank demo hub from crypto miners #1216

yuvipanda opened this issue Apr 18, 2022 · 0 comments · Fixed by #1218
Assignees
@yuvipanda

Comments

@yuvipanda
Copy link
Member

yuvipanda commented Apr 18, 2022
edited
Loading

Context

Saturday Apr 16 we got an email from GCP saying they detected crypto mining in our cloudbank hub. I investigated and made notes in https://hackmd.io/3_UBXSW3T4Om3wv_buyZ-g. I kicked out the miner after gathering evidence. Evidence gathering process as well as evidence itself is in that hackmd.

Currently, cloudbank demo hub is set to allow logins via username / password managed via auth0. This is open to anyone. Let's lock it down to only allowing institutional logincs via CILogon.

Proposal

  • Switch off from Auth0 to CILogon
  • Disable all known 'open account creation' providers in CILogon - Microsoft, Google, GitHub, ORCID
  • Bring the hub back online

Updates and actions

No response
yuvipanda added a commit to yuvipanda/pilot-hubs that referenced this issue Apr 19, 2022
@yuvipanda
Restrict cloudbank demo hub to edu & 2i2c users
381e0c7 
- Move cloudbank hub from username / password auth0 auth to
  CILogon
- Restrcit login to folks with emails either of 2i2c.org or any
  email ending in .edu. This doesn't catch *all* educational users,
  but I think it should catch everyone that cloudbank tries to reach.
- Switches @ericvd-ucb's admin email to use his berkeley.edu email,
  as gmail.com emails are no longer allowed

Fixes 2i2c-org#1216
@yuvipanda yuvipanda mentioned this issue Apr 19, 2022
Merged
@damianavila damianavila moved this from Ready to work to In progress in DEPRECATED Engineering and Product Backlog Apr 19, 2022
Repository owner moved this from In progress to Complete in DEPRECATED Engineering and Product Backlog Apr 19, 2022
@sean-morris sean-morris mentioned this issue Jul 5, 2022
Merged
@damianavila damianavila mentioned this issue Jul 11, 2022
Closed
6 tasks
@GeorgianaElena GeorgianaElena mentioned this issue Mar 10, 2023
Closed
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees

@yuvipanda yuvipanda

Labels
None yet
Projects
No open projects
DEPRECATED Engineering and Product Backlog
Archived in project
Milestone
No milestone
Development

Successfully merging a pull request may close this issue.

Restrict cloudbank demo hub to edu & 2i2c users yuvipanda/pilot-hubs
2 participants
@yuvipanda @damianavila