|
Grex > Coop11 > #47: Banning a site from Grex; a discussion of when to do this | |
|
| Author |
Message |
| 25 new of 264 responses total. |
wgm
|
|
response 15 of 264:
| 
Dec 1 01:20 UTC 1998 |
What's a fork bomb?
|
davel
|
|
response 16 of 264:
|
Dec 1 02:33 UTC 1998 |
A program intended to eat system resources until none are left for anyone
else.
|
steve
|
|
response 17 of 264:
|
Dec 1 04:19 UTC 1998 |
A fork bomb does what Dave said, by splitting off a copy ("forking")
itself, which wakes up and makes copies of itself, too. A form of
cybernetic cancer I suppose. Eventually, the system becomes so bogged
down that little else happens.
Here on Grex, we've changed some things such that no one person
can grab "everything". Thus today when the load average was at 77,
things were rather miserable but things still ran, however slowly.
...Still trying to contact the system administrators of the site
in question.
|
scg
|
|
response 18 of 264:
|
Dec 1 05:28 UTC 1998 |
All too often, system administrators don't feel like they have much of an
incentive to respond to people from other sites, but will generally feel some
sort of heat if they're unresponsive to their own customers/users. As long
as we're clear in any response we give that this is something we've been
forced to do due to the lack of response from that site's administrators, but
that we will be happy to unblock it if they fix the problem, that seems likely
to get users from there (if they care) to start demanding that their system
administrators fix the problem, which will hopefully have a positive effect.
I think STeve's been far more patient about this than I would have been. I
would have blocked the site a long time ago. At this point, I really don't
think think there's much else we could do, to keep Grex working well for
everybody else.
|
mdw
|
|
response 19 of 264:
|
Dec 1 06:25 UTC 1998 |
I don't see what the possible presence of a paying member has to do with
anything. Members don't "contract" for services. They "donate" to
support grex. The fact that a paying member *might* be using an
incompetent ISP who doesn't care about vandals isn't and shouldn't be
our responsibility. Giving a refund in this case would be like giving a
refund because the member's computer broke. It should be the member's
responsibility, and it's certainly in the member's best interests, to
find another ISP that does a better job of handling vandals.
Something to keep in mind with all this, is that dealing with these
incidents is already incredibly time-consuming on the part of staff. It
can take hours to go through the system logs, pull together all the
information available about the vandal's activities on grex, where they
came from, and how to get in touch with the places they came from, then
to compose a message pulling together all the various log entries and to
send it off. (This is even *with* the canned boiler plate fork bomb
template.) After this, it's a matter of waiting, first for the site to
respond (it often takes 24 hours, or sometimes several days, before a
site will respond, and some sites never respond.) In the cases were we
end up blocking things, this process often repeats itself, which means a
whole new mail message has to be composed, with the new log file
entries. This process can in some cases take months to resolve.
|
steve
|
|
response 20 of 264:
|
Dec 1 08:43 UTC 1998 |
Most unforunately, Marcus is entirely too right about the time
factor involved in dealing with dreck like this.
I'm not entirely sure what we should do, should blocking
a site ever get a member. I'd sure want us to explain the
situation to him/her, and see how we affected that person.
There might not be a contract implied here, but I'd want to
talk to the person and let them know exactly what was going
on.
Good news on the communications front: I've just sent a
long letter to an admin there who might be able to help us,
so I elected to do that rather than sleep tonight.
We'll see what happens next.
|
krj
|
|
response 21 of 264:
|
Dec 1 16:41 UTC 1998 |
At risk of drift, I will throw out an old proposal of mine: it is time
to consider making shell access available via application only.
The argument that we need to provide exposure to a Unix programming
environment is greatly lessened with the rise of the free PC unixes such
as Linux. And if anyone still wants to work on programming issues
on grex: well, they can apply for the shell account.
Balanced against this is the enormous amount of staff time sucked up
dealing with malicious users. The Internet puts us in a different
situation in term of open access, and we're too attractive to vandals.
|
rcurl
|
|
response 22 of 264:
|
Dec 1 17:23 UTC 1998 |
Re #19: Marcus misses the point that a member could be instantaneously
disenfranchised without prior notice by this action. This could have
been ameliorated by first notifying any members on the system that it
was about to be banned, and informing them they would have to find
another ISP. (I think this might all be kind of theoretical - we
haven't been told yet whether any members were using the site.)
|
aruba
|
|
response 23 of 264:
|
Dec 1 19:55 UTC 1998 |
We currently have one member in India, and that is sisiro. Judging from the
wtmp file he logs in from a number of different IP addresses, so I don't know
how to tell if he has been blocked by cutting off this site. (His last login
was 11/20). Perhaps someone who knows the name of the site that was blocked
should write to him and ask? I see that his mail is being forwarded to
hotmail.com.
|
steve
|
|
response 24 of 264:
|
Dec 1 20:03 UTC 1998 |
Good point, Mark. I just checked, and that user has never
logged in from the site in question.
|
janc
|
|
response 25 of 264:
|
Dec 1 21:23 UTC 1998 |
How many users are coming from this site? If this is what I think it
is, it is not a small technical college but a very large (and reputable)
university. If this is inconveniencing a large number of legitimate
users, then we should not leave it in place long.
|
krj
|
|
response 26 of 264:
|
Dec 1 22:07 UTC 1998 |
My guess is that a LOT of users come from this site. The telnet queue
has been markedly shorter since the site ban.
|
scott
|
|
response 27 of 264:
|
Dec 1 22:37 UTC 1998 |
We should leave the block in place until responsible people at the site have
agreed to keep their problem users from causing trouble on the Internet.
|
jiffer
|
|
response 28 of 264:
|
Dec 1 23:03 UTC 1998 |
Has the site actually been banned? I am noticing that I don't have to wait
in a que every time I log on, and that there isn't alot of new and rude users
in party.
|
mary
|
|
response 29 of 264:
|
Dec 1 23:24 UTC 1998 |
Perhaps it would have been useful to put something in
the MOTD stating that (the named) site would be banned
soon unless the problem stopped or at least the system
administrators took an active roll it trying to control
the sabotage. That way when all these users suddenly
found themselves unable to reach Grex they'd at least
know what the problem is and maybe help put pressure on
to resolve the situation.
|
steve
|
|
response 30 of 264:
|
Dec 2 00:46 UTC 1998 |
There have been 1,715 accounts created from that site since August 11th,
but this includes psuedo acocunts like newuser, exit and so on.
Mary, I don't think it sould have made any difference at all.
Every time I managed to find someone from there that was willing
to talk to me, I explained about Grex and asked the person to
tell all their friends there about the situation. It wasn't
a blanket statement like the motd would have been, but then
again, vandals don't read notices--or if they do they don't
respect them.
But, your comment about people at least knowing is a valid one.
|
cmcgee
|
|
response 31 of 264:
|
Dec 2 04:01 UTC 1998 |
Good move, Steve. I think you did the right thing. I totally disagree with
Richard that we "owe" members access through any specific ISP. Members of
this organization make donations to keep _our_ system up and functioning.
They haven't contracted with us to buy anything, especially not access
through a particular other system.
So there is no way that we "owe" them refunds. If, in a case like this, a
member lets us know she now has a problem reaching us, we should give them
information that lets them 1) solve the problem at the banned site, or 2)
find another ISP to use to reach us.
|
krj
|
|
response 32 of 264:
|
Dec 2 04:53 UTC 1998 |
Subjectively, I feel there has been a significant decline in the
number of harassing & annoying twits in party since this site was banned.
(agreeing with jiffer in #28.) And the telnet queues are shorter.
There may be some popular sentiment for keeping the ban in place for a while.
|
remmers
|
|
response 33 of 264:
|
Dec 2 11:44 UTC 1998 |
Re resp:29 and resp:30 - Whether it would have made any difference or
not to notify in advance via the motd, it would have been an appropriate
gesture, and *might* have been helpful in getting users from that site
to pressure site administrators. So I think that's how we should handle
any similar situations in the future.
I also feel that if we *do* get a positive response from system
administrators pledging to correct the problem, we should restore the
site's access, regardless of what the "popular sentiment" might be.
|
davel
|
|
response 34 of 264:
|
Dec 2 12:49 UTC 1998 |
What John just said, on all counts.
|
remmers
|
|
response 35 of 264:
|
Dec 2 13:40 UTC 1998 |
Also re the advance notification issue: I'm trying to put myself in the
position of a legitimate, non-trouble-making user from that site (of
which there are no doubt many) who suddenly finds that he and all his
friends have been cut off, and who may be totally unaware that there is
a serious vandal problem to which the site administrators have been
unresponsive. These users are left guessing as to what Grex's motives
were for the cutoff, and I am more than a bit uncomfortable with what
the guesses might be.
Although I think site banning may be a necessary last resort, I think
that some advance notification should always be given, so that the
motives are clear. We don't want to foster false impressions of what
we're up to.
|
mta
|
|
response 36 of 264:
|
Dec 2 14:26 UTC 1998 |
I agree, John.
Cutting off access seems to have been the only option left, but in the
future it would be good if we could notify the good users from a site
before cutting them off, too.
|
remmers
|
|
response 37 of 264:
|
Dec 2 14:45 UTC 1998 |
Another reason for a warning: It would give users from the site an
opportunity to download mail and other files, knowing that their access
might be cut off. As it is, they didn't have a chance.
Other folks might not feel the same way, but if I were making a decision
at this point, I would restore access now and put a short message in the
MOTD explaining why the action was taken, and that a cutoff will occur
again if problems recur and site administrators are unresponsive. That
way, innocent parties from that site can take preventive measures and,
hopefully, pressure the administrators.
|
mary
|
|
response 38 of 264:
|
Dec 2 14:47 UTC 1998 |
I strongly agree.
|
steve
|
|
response 39 of 264:
|
Dec 2 15:12 UTC 1998 |
No response as yet from the administrator I talked to about this
incident. In his defense, I think he is the admin of a main site
that acts as an ISP to other educational institutions, so we may
have an extra level of people to deal with in this case.
John, I understand exactly what you are saying, and this has
bothered me enough that I've had dreams about this whole thing.
I've never done this before, and I hope to never do so again.
Marcus is right--we've banned sites before, but as far as I know
they've been small places with one user--a nasty vandal--and
shutting them down didn't affect Grex much.
This case is different: a LOT of people come in from this
site, but also, a significant number of problems have come in.
When I made the decision to ban this place, I'd already found a
backup account for the vandal, complete with another copy of the
fork bomb. (Hand typed with the same strange spacing as the one
I killed that started all this).
Let me as you this, John (and others who think this was the
wrong thing to do): in a situation where Grex is getting harmed
from activity (ie, a fork bomb, not unpleasant people) repeatedly,
don't we have a responsibility to take care of Grex, first? That
in the final analysis what keeps the system running for all must
take precedence?
I'll point out that I sent out more than 110 pieces of mail
to various people about their actions here, and have had hundreds
(and I do mean hundreds) of conversations with people from that site
asking them not to do certain things and to ask them to tell their
friends about Grex's limitations.
Do you think that putting a notice in the MOTD would have been
as noticed as what I did, prior to my banning this site? I think
not.
|