|
Grex > Coop12 > #156: Make off-site e-mail and ftp a non-default priviledge | |
|
| Author |
Message |
| 20 new of 70 responses total. |
keesan
|
|
response 51 of 70:
| 
Dec 10 22:45 UTC 2002 |
Coincidentally I just got a message from hotmail abuse explaining the same
thing. Perhaps Marcus could write a similar filter for 'hotmail' spam.
Yes, there is lots of faked yahoo spam too.
|
carson
|
|
response 52 of 70:
|
Dec 11 06:03 UTC 2002 |
resp:50 (that's *really* useful information about HotMail e-mail.
thanks!)
|
gull
|
|
response 53 of 70:
|
Dec 11 14:27 UTC 2002 |
No problem. If anyone's using Exim, I can post the lines from my system
filter that deal with it. I got the idea from a filter someone else wrote.
|
hash
|
|
response 54 of 70:
|
Dec 20 16:04 UTC 2002 |
as an aside, I thought I'd mention that m-net keeps an archive of rootkits
and eggdrop bots and bnc clients that we keep. I use this archive to scan
m-net's filesystem a couple times a day to find files we don't like and remove
them. I think the main thing this has helped with is making it hard for
people to use us as a rootkit distribution spot. people were putting rootkits
in their webspace and then we'd get e-mails from admins saying they'd been
hacked from m-net when actually the intruder just downloaded their tools from
us.
I also think spamcop is doing a disservice to the internet.
|
pfv
|
|
response 55 of 70:
|
Dec 21 17:19 UTC 2002 |
Yeah, the ftp-situation is less than amusing.. In the course of a
normal day, you'll usually see one or two dedicated idiots working
hard to build all sorts of wild shit they've gotten ftp'd into grex
- bots, bnc and bitchx are typical, but I've also watched 'em trying
to build up "exploit" crap.
That having been said, I'd also mention that I've used ftp myself so
that I can work on shit at home and then bring it back to grex for
testing/install.
Except for the fact it would mean bothering staff, I certainly like
the idea of ftp-on-request and limited period.. Remember, most of
the time they are doing the ftp to then extract & compile - and not
with any good intentions.
|
russ
|
|
response 56 of 70:
|
Dec 22 05:54 UTC 2002 |
I'm currently wondering about the value of limiting ftp, if e-mail
is still available. If I were trying to get around an absence of
ftp I would use split/uuencode/mail/uudecode/cat to get files over.
Heck, I've done that more than once.
On the other hand, quashing ftp privs for the abusers would give
them one more hurdle to jump. Every hurdle would probably cut the
number of abusers by half or better. (As would grex's mail delays.)
If someone had to ask to get ftp privs, taking them away becomes a
real penalty as they cannot get around it by running newuser again.
|
mdw
|
|
response 57 of 70:
|
Dec 22 08:04 UTC 2002 |
People already frequently use the web to fetch files in & out. This is
a big part of the problem already, but since web access is also
important to people I don't see any easy solution.
|
carson
|
|
response 58 of 70:
|
Dec 22 18:56 UTC 2002 |
(it's about time for a vote on this, no?)
|
gull
|
|
response 59 of 70:
|
Dec 22 19:24 UTC 2002 |
Yeah, blocking FTP access without blocking web access isn't likely to be
effective. I've noticed FTP in general seems to be a slowly dying protocol
-- most sites seem to encourage using HTTP, instead.
|
remmers
|
|
response 60 of 70:
|
Dec 22 20:40 UTC 2002 |
Re #58: That's up to Russ at this point.
|
carson
|
|
response 61 of 70:
|
Dec 23 15:21 UTC 2002 |
(right, but don't you usually put on the "voteadm" hat and remind
everyone that it's been two weeks, yadda yadda yah?)
|
remmers
|
|
response 62 of 70:
|
Dec 23 19:52 UTC 2002 |
Yep, it's been two weeks, so this proposal can be brought up for a
vote if Russ wants one.
|
russ
|
|
response 63 of 70:
|
Dec 24 03:22 UTC 2002 |
I would modify the proposal, to allow staff to make off-site e-mail,
ftp *and web access* non-default priviledges for new users, if this
should be a more expedient way of stopping abuses or freeing resources
than the currently-allowed schemes.
|
remmers
|
|
response 64 of 70:
|
Dec 26 12:24 UTC 2002 |
To put this to a vote, I'll need an exact wording for the proposal.
|
carson
|
|
response 65 of 70:
|
Apr 28 05:22 UTC 2003 |
(so the proposal would look something like...)
"I propose that off-site e-mail, ftp access and web access not be granted
to new accounts by default. Access would be given only if the account
was created from our dial-in ports, if the account holder becomes a
member, or by special request granted by staff if our resources are
adequate.
"Current accounts would not be affected."
(Russ, is that correct? John, is there anything else needed?)
|
remmers
|
|
response 66 of 70:
|
Apr 28 11:36 UTC 2003 |
Nothing else would be needed, other than Russ's go-ahead.
|
carson
|
|
response 67 of 70:
|
Apr 28 15:39 UTC 2003 |
(since the proposal has already been introduced once, is there a
provision for another member sponsoring the same proposal?)
|
remmers
|
|
response 68 of 70:
|
Apr 28 23:06 UTC 2003 |
The bylaws put that exclusively in the hands of the original
proposer.
|
russ
|
|
response 69 of 70:
|
Jun 12 03:59 UTC 2003 |
Re #65 (sorry for the delay): That is an accurate summing-up
of my sentiments, and likely better phrased than I'd've had time
to do. I'll adopt it if you'll relinquish parental rights. ;-)
|
carson
|
|
response 70 of 70:
|
Jul 3 03:59 UTC 2003 |
(parental? the kid is yours. just call me Foster.) ;)
|