|
Grex > Coop11 > #47: Banning a site from Grex; a discussion of when to do this | |
|
| Author |
Message |
| 25 new of 264 responses total. |
janc
|
|
response 25 of 264:
| 
Dec 1 21:23 UTC 1998 |
How many users are coming from this site? If this is what I think it
is, it is not a small technical college but a very large (and reputable)
university. If this is inconveniencing a large number of legitimate
users, then we should not leave it in place long.
|
krj
|
|
response 26 of 264:
|
Dec 1 22:07 UTC 1998 |
My guess is that a LOT of users come from this site. The telnet queue
has been markedly shorter since the site ban.
|
scott
|
|
response 27 of 264:
|
Dec 1 22:37 UTC 1998 |
We should leave the block in place until responsible people at the site have
agreed to keep their problem users from causing trouble on the Internet.
|
jiffer
|
|
response 28 of 264:
|
Dec 1 23:03 UTC 1998 |
Has the site actually been banned? I am noticing that I don't have to wait
in a que every time I log on, and that there isn't alot of new and rude users
in party.
|
mary
|
|
response 29 of 264:
|
Dec 1 23:24 UTC 1998 |
Perhaps it would have been useful to put something in
the MOTD stating that (the named) site would be banned
soon unless the problem stopped or at least the system
administrators took an active roll it trying to control
the sabotage. That way when all these users suddenly
found themselves unable to reach Grex they'd at least
know what the problem is and maybe help put pressure on
to resolve the situation.
|
steve
|
|
response 30 of 264:
|
Dec 2 00:46 UTC 1998 |
There have been 1,715 accounts created from that site since August 11th,
but this includes psuedo acocunts like newuser, exit and so on.
Mary, I don't think it sould have made any difference at all.
Every time I managed to find someone from there that was willing
to talk to me, I explained about Grex and asked the person to
tell all their friends there about the situation. It wasn't
a blanket statement like the motd would have been, but then
again, vandals don't read notices--or if they do they don't
respect them.
But, your comment about people at least knowing is a valid one.
|
cmcgee
|
|
response 31 of 264:
|
Dec 2 04:01 UTC 1998 |
Good move, Steve. I think you did the right thing. I totally disagree with
Richard that we "owe" members access through any specific ISP. Members of
this organization make donations to keep _our_ system up and functioning.
They haven't contracted with us to buy anything, especially not access
through a particular other system.
So there is no way that we "owe" them refunds. If, in a case like this, a
member lets us know she now has a problem reaching us, we should give them
information that lets them 1) solve the problem at the banned site, or 2)
find another ISP to use to reach us.
|
krj
|
|
response 32 of 264:
|
Dec 2 04:53 UTC 1998 |
Subjectively, I feel there has been a significant decline in the
number of harassing & annoying twits in party since this site was banned.
(agreeing with jiffer in #28.) And the telnet queues are shorter.
There may be some popular sentiment for keeping the ban in place for a while.
|
remmers
|
|
response 33 of 264:
|
Dec 2 11:44 UTC 1998 |
Re resp:29 and resp:30 - Whether it would have made any difference or
not to notify in advance via the motd, it would have been an appropriate
gesture, and *might* have been helpful in getting users from that site
to pressure site administrators. So I think that's how we should handle
any similar situations in the future.
I also feel that if we *do* get a positive response from system
administrators pledging to correct the problem, we should restore the
site's access, regardless of what the "popular sentiment" might be.
|
davel
|
|
response 34 of 264:
|
Dec 2 12:49 UTC 1998 |
What John just said, on all counts.
|
remmers
|
|
response 35 of 264:
|
Dec 2 13:40 UTC 1998 |
Also re the advance notification issue: I'm trying to put myself in the
position of a legitimate, non-trouble-making user from that site (of
which there are no doubt many) who suddenly finds that he and all his
friends have been cut off, and who may be totally unaware that there is
a serious vandal problem to which the site administrators have been
unresponsive. These users are left guessing as to what Grex's motives
were for the cutoff, and I am more than a bit uncomfortable with what
the guesses might be.
Although I think site banning may be a necessary last resort, I think
that some advance notification should always be given, so that the
motives are clear. We don't want to foster false impressions of what
we're up to.
|
mta
|
|
response 36 of 264:
|
Dec 2 14:26 UTC 1998 |
I agree, John.
Cutting off access seems to have been the only option left, but in the
future it would be good if we could notify the good users from a site
before cutting them off, too.
|
remmers
|
|
response 37 of 264:
|
Dec 2 14:45 UTC 1998 |
Another reason for a warning: It would give users from the site an
opportunity to download mail and other files, knowing that their access
might be cut off. As it is, they didn't have a chance.
Other folks might not feel the same way, but if I were making a decision
at this point, I would restore access now and put a short message in the
MOTD explaining why the action was taken, and that a cutoff will occur
again if problems recur and site administrators are unresponsive. That
way, innocent parties from that site can take preventive measures and,
hopefully, pressure the administrators.
|
mary
|
|
response 38 of 264:
|
Dec 2 14:47 UTC 1998 |
I strongly agree.
|
steve
|
|
response 39 of 264:
|
Dec 2 15:12 UTC 1998 |
No response as yet from the administrator I talked to about this
incident. In his defense, I think he is the admin of a main site
that acts as an ISP to other educational institutions, so we may
have an extra level of people to deal with in this case.
John, I understand exactly what you are saying, and this has
bothered me enough that I've had dreams about this whole thing.
I've never done this before, and I hope to never do so again.
Marcus is right--we've banned sites before, but as far as I know
they've been small places with one user--a nasty vandal--and
shutting them down didn't affect Grex much.
This case is different: a LOT of people come in from this
site, but also, a significant number of problems have come in.
When I made the decision to ban this place, I'd already found a
backup account for the vandal, complete with another copy of the
fork bomb. (Hand typed with the same strange spacing as the one
I killed that started all this).
Let me as you this, John (and others who think this was the
wrong thing to do): in a situation where Grex is getting harmed
from activity (ie, a fork bomb, not unpleasant people) repeatedly,
don't we have a responsibility to take care of Grex, first? That
in the final analysis what keeps the system running for all must
take precedence?
I'll point out that I sent out more than 110 pieces of mail
to various people about their actions here, and have had hundreds
(and I do mean hundreds) of conversations with people from that site
asking them not to do certain things and to ask them to tell their
friends about Grex's limitations.
Do you think that putting a notice in the MOTD would have been
as noticed as what I did, prior to my banning this site? I think
not.
|
mta
|
|
response 40 of 264:
|
Dec 2 15:44 UTC 1998 |
Steve, I don't think anyone is sayiong you did the wrong thing. I'm certainly
not.
What we are saying is that during the whole process you went through of
hundreds of mails and conversations, a heads up to other users that this is
going on would be a kindness to those users who probably have no influence
over either the admin or the hackers. I think you're right that it wouldn't
have much effect on the problem...
|
steve
|
|
response 41 of 264:
|
Dec 2 15:49 UTC 1998 |
Thanks. Maybe I'm reading things incorrectly. I find myself being
stressed over this more than I thought I would.
Another question: if we don't get any responce from the site, what
do we do? I'm trying to figure out now if any of the accounts that
came in from that site have other access, but I don't think many will.
I don't think we've received a single piece of mail asking why they
can't get in.
|
mta
|
|
response 42 of 264:
|
Dec 2 16:24 UTC 1998 |
STeve, it's not entirely a bad thing that this tresses you out. If it were
no big deal, we'd be in danger of this becoming a first tier solution which
I'm pretty sure no one wants. But do try to slow down and breathe. ;)
Maybe one solution is to set a time limit, open access back up, and see what
happens. It's quite likely that the problems will start all over again
--then again, it's also possible that the hackers will have wandered off to
harass an accessible site by then.
Either way, we can be prepared with a new "policy" for how to handle this
problem. One that protects Grex while still being as considerate of
legitimate users from that site as is feasible. I would hope that we'll never
need it -- but I wouldn't count on it. ;)
|
rcurl
|
|
response 43 of 264:
|
Dec 2 16:24 UTC 1998 |
Are the ids from that site identifiable now? Could they all be sent e-mail
explaining (briefly) why the site was banned, and saying that they will
have access again after some date, but if vandalism continues, the ban
will go into effect permanently? Perhaps also explain how they can help
prevent this from happening by asking their administrators to take some
action against vandals. Yes, I know there could be a thousand or so,
but the mail could be sent over several days.
|
cmcgee
|
|
response 44 of 264:
|
Dec 2 16:57 UTC 1998 |
If these people are like many of our Indian users, I believe that Grex _is_
their email. No way for them to read email until we reopen Grex to them.
I, for one, would be willing to put up with one day of slow Grex (maybe a
Monday when people there might be "trying" Grex again) just to put up an MOTD,
and let them get their email explaining what they need to do with their
administrators in order to solve our problem.
Then, if it happens _even_once_ again, ban the site until the administrators
satisfy staff that the problem is under control.
|
rcurl
|
|
response 45 of 264:
|
Dec 2 17:18 UTC 1998 |
Good point - it is even easier just to send them all mail *here*.
|
aruba
|
|
response 46 of 264:
|
Dec 2 17:37 UTC 1998 |
I like Colleen's solution in #44.
|
valerie
|
|
response 47 of 264:
|
Dec 2 18:07 UTC 1998 |
This response has been erased.
|
steve
|
|
response 48 of 264:
|
Dec 2 20:08 UTC 1998 |
I just had a conversation with someone (student) from the site; they
came in from lonestar.org and started a talk with me. Unforunately,
their net connection was slow enough that we didn't get very far.
I think they got my explaination of what went on, but I'm not sure.
Still no response from the administrators at the site.
|
steve
|
|
response 49 of 264:
|
Dec 2 20:12 UTC 1998 |
Rane, I think cmcgee is right. Or, they may have other mail like
hotmail but use Grex as the vehicle to get to it. I'll check on that.
I have a list of all the users.
|