response 4 of 68:

Jul 26 18:51 UTC 2007

 #3: "but the vandal had literally shut down Grex to the point that
 staff could not get in remotely to do anything."

Actually, there was a way to get in.  I didn't know it at the time,
but I've learned a few things during all this abuse.  One is that if
something similar should happen again, I could still get in.  I wouldn't
be able to use any full-screen programs, like vim or mutt, but I could
still get things done.  I could edit files with ed or ex, and read or
send mail with the old standby unix mail program.  If necessary, I
could transfer files to my own computer, edit them here, and transfer
them back with rsync (scp still doesn't seem to work, though, for some
reason, or it didn't the last time I tried).

Basically, all the vandal (scholar) did was to tie up all of the ptys
(pseudo-terminals).  Each time you log in through telnet or ssh, you
are connected to one of these.  There are a fixed number of ptys
available, and once they're gone, further logins are rejected, at least
through telnet.  ssh will still allow you to connect and run programs,
if you know how, and scholar knew how, because he was doing it.  When
I managed to slip in somehow once, he was connected, but invisible.
He didn't appear when I ran the finger, w, or who commands, and the
"last" command didn't show him there, but ps did.  It took me awhile
to figure that out.  I saw him with ps, but I didn't recognize what I
was looking at.  Someone with more experience may have figured it out
quicker, but I eventually did figure it out, and I'll know next time
(if there is a next time) what to look for.