Educause Security Discussion mailing list archives
Re: Recent Phishing Uptick
From: Mike Iglesias <iglesias () UCI EDU>
Date: Fri, 21 Feb 2014 06:36:53 -0800
On 02/21/2014 06:32 AM, Frank Barton wrote:
Thank you for the link/steps David. I was able to get in, and by using it find out that one of our users that had their password compromised accounts was logged into both from Nigeria and India. I saw that some of these logins were flagged as suspicious. (I wish I knew more about Google's definition of suspicious) but I got to thinking that it would be relatively simple to write up something that checks using the API on a regular basis, and checks unknown IP addresses against a geolocation service (and that caches this geolocation data to save on future lookups). before I start writing code, does anybody know if such a system already exists? what geolocation services have people used that they are happy with?
If you're using perl, you can use the Geo::IP::PurePerl package to get country codes for an IP address. You do need to update the data that it uses, but that's a pretty simple shell script that you can run weekly. -- Mike Iglesias Email: iglesias () uci edu University of California, Irvine phone: 949-824-6926 Office of Information Technology FAX: 949-824-2270
Current thread:
- Re: Recent Phishing Uptick, (continued)
- Re: Recent Phishing Uptick Joel L. Rosenblatt (Feb 20)
- Re: Recent Phishing Uptick David Curry (Feb 20)
- Re: Recent Phishing Uptick Frank Barton (Feb 20)
- Re: Recent Phishing Uptick Joel L. Rosenblatt (Feb 20)
- Re: Recent Phishing Uptick David Curry (Feb 20)
- Re: Recent Phishing Uptick Ejike, Emechete C. (Feb 20)
- Re: Recent Phishing Uptick Joel L. Rosenblatt (Feb 20)
- Re: Recent Phishing Uptick Joel L. Rosenblatt (Feb 20)
- Re: Recent Phishing Uptick David Curry (Feb 20)
- Re: Recent Phishing Uptick Joel L. Rosenblatt (Feb 20)
- Re: Recent Phishing Uptick Frank Barton (Feb 21)
- Re: Recent Phishing Uptick Mike Iglesias (Feb 21)
- Re: Recent Phishing Uptick Tim Doty (Feb 21)
- Re: Recent Phishing Uptick Mally Mclane (Feb 20)
- More details for Google Apps Phishing warning Josef Fortier (Feb 20)