|
Grex > Coop11 > #47: Banning a site from Grex; a discussion of when to do this | |
|
| Author |
Message |
| 25 new of 264 responses total. |
mdw
|
|
response 53 of 264:
| 
Dec 2 23:29 UTC 1998 |
I doubt the site being in india had anything to do with STeve's
decision. Most of the other sites we've blocked have been in north
america, but that probably reflects more on the vandal population at
large, than anything else.
The only way this site being india is a "problem", is that we're
probably dealing with a language (and cultural) barrier on top of
everything else. India is a Really Big place - there is a lot more room
there for Very Different ways of viewing the world, and a *lot* of
native langauges, more than perhaps in any other country in the world.
I think Richard is forgetting that we have an obligation to legitimate
users of grex, as well as vandals. If grex is always labouring under
fork bombs, that is not in anyone's true best interest.
|
steve
|
|
response 54 of 264:
|
Dec 2 23:58 UTC 1998 |
Richard, I would have blocked *any* site that did what this particular
site did. I do not care if they were of American, Indian, French or
South Afrian origin. The actions were what mattered, not what color
they are. In cyberspace, it is words and actions that count, not what
someone looks like.
"open access" means that we don't raise many barriers to get here,
but that doesn't mean that there aren't any, Richard. For example we
do not hand out root accounts. Does that make us non "open access"?
Please think about what you are saying, Richard: if we have to give
notice before blocking a site because of vandal problems, aren't we
likely going to experience MORE problems during the time before the
block goes into effect?
I'm afraid that on this issue (and is so often the case) you and I
are on completely opposite sides of the issue.
As for anyone interpreting this as a racial issue, I intend on having
something for anyone to read before the block if lifted, to combat this
idea. I was aware that it could be seen that way by some.
|
rcurl
|
|
response 55 of 264:
|
Dec 3 05:49 UTC 1998 |
Although Richard observed that "the grex bylaws say it is the objective of
grex to provide an "open access" computer conferencing system", he seems
to have confused an objective with an obligation, in his further comments.
|
remmers
|
|
response 56 of 264:
|
Dec 3 11:17 UTC 1998 |
Misti's resp:40 correctly interpreted what I was saying. Shall we do
what Colleen suggests in resp:44? I would be in favor of that.
Marcus in resp:53 makes reference to other sites that have been blocked.
Could you give some details? How many sites, where located, for what
reasons, for how long? I don't think that users should be kept in the
dark about these kinds of staff actions.
Regardless of whether Richard's point about the site being blocked
because it is Indian has any validity or not, one of my concerns -- as I
mentioned earlier -- is that this is exactly the opinion that the
innocent users from that site might form, in the absence of any warning
or explanation. They might be totally unaware of the vandal problem and
think that they've been blocked because they're Indian. Do we really
want to convey that impression? Lifting the ban for a short period and
posting a message in the MOTD would help correct it.
|
steve
|
|
response 57 of 264:
|
Dec 3 12:18 UTC 1998 |
No, of course not. We've not gotten any response from the admin
there yet. What should we do--put a large notice in the motd and
open that site up for a day? Send mail to each of the accounts that
have logged in from that site explaining what happened? How long
should the site remain open before closing it back down, or should
we keep it open?
|
rcurl
|
|
response 58 of 264:
|
Dec 3 16:59 UTC 1998 |
Play it by ear in regard to the reaction (keep us posted). But the note
in the motd and, more important, mail to each account that logs in from
the site, should be done. I'd suggest opening the site for at least
a week, or until it appears the problem is either solved or the problem
remains serious.
|
mta
|
|
response 59 of 264:
|
Dec 3 18:04 UTC 1998 |
I'd like to see the block lifted as soon as it's feasible, with the
understanding that it will be put back in place at the first sign of serious
trouble.
My reasoning is that there are people, as Ruchard pointed out, who have been
counting on grex for e-mail and communication of other sorts who are in no way
responsible for the hacker activity. I'd like to let them know as soon as
possible what's going on so they can make other arrangemnts if possible or at
least let their contacts know that Grex is no longer a reliable address/contact
point for them.
Mind you, STeve, I think you did exactly the right thing -- but we seem to
have a pretty universal consensus about how to deal with this sort of situation
in the future and I'd like to implement that in this case, too, as far as we
can.
|
janc
|
|
response 60 of 264:
|
Dec 3 18:20 UTC 1998 |
I support the idea of doing at least a short re-open to inform people
there of what is going on. Sending mail to some of the users would be
good.
|
krj
|
|
response 61 of 264:
|
Dec 3 19:02 UTC 1998 |
Proposed motd draft:
To users from XXXX University:
From (date) to (date), Grex has blocked access from your site
due to your administrators' refusal to cooperate with Grex after
users from your site have attacked our system. If this problem
recurs, the site ban will be re-imposed for a lengthy period.
Users from this site should encourage site administrators to contact
Grex staff at (address). Users from this site who depend on Grex
for e-mail need to prepare to find another provider, in case
your site continues to refuse cooperation.
Putting this into the motd gets it some circulation at other sites
in India, and maybe we can shame the offending site into taking some
action, as well as explaining our action to all Indian users.
|
dpc
|
|
response 62 of 264:
|
Dec 3 19:13 UTC 1998 |
A good draft, krj!
|
aruba
|
|
response 63 of 264:
|
Dec 3 19:21 UTC 1998 |
I would like to see some language in there to the effect that the Grex staff
takes this action very reluctantly and regretfully. I also think it's a bit
long for an MOTD message, but not for an e-mail sent to all the users from the
site.
|
steve
|
|
response 64 of 264:
|
Dec 3 19:41 UTC 1998 |
Ken, excellent start. I can add a little more, but what you did is a
very good starting point.
OK, send this to all the accounts from this site with a short blurb in
the motd, or this message (once finished) in the motd?
I think my preference would be to send it to all the users, becuase
there are a LOT of people who are going to make a bee-line to their
mail, and thus we have a chance of significant numbers of people reading
this.
|
remmers
|
|
response 65 of 264:
|
Dec 3 20:59 UTC 1998 |
I agree with Mark about the "reluctantly and regretfully".
My preference would also be to send the message to the affected users,
with a shorter MOTD message, perhaps reading like this:
TO USERS FROM SITE <site name here>: Access from your site was
blocked from <date> to <date> because of repeated vandal attacks
from your site and the refusal of your site administrators to
cooperate with Grex in addressing the problem. If the problems
are not corrected, it will be blocked again. Please see your email
for further details.
That's still a tad long...
|
steve
|
|
response 66 of 264:
|
Dec 3 21:11 UTC 1998 |
How about
TO USERS FROM SITE <site name here>: Access from your site was
blocked from <date> to <date> because of repeated vandal attacks
from your site. Please read your email for further details.
and all the rest goes into email?
|
krj
|
|
response 67 of 264:
|
Dec 3 21:48 UTC 1998 |
Given the relative importance of this information, compared to what's
usually in the MOTD, I think we can put up with MOTD bloat for a couple
of days. I like remmers' text because it stresses the likelihood that
the site will be blocked again if some cooperation is not forthcoming.
|
steve
|
|
response 68 of 264:
|
Dec 3 21:53 UTC 1998 |
Well, my thoughts were to put that in the mail that everyone gets.
Because people have been away from their mailboxes, I think they'll
read it. If we can reduce the bloat in the motd I'm all for it,
because this information is still for only a small fraction of the
total number of users on the system.
|
janc
|
|
response 69 of 264:
|
Dec 3 22:40 UTC 1998 |
One wording change:
Instead of
the refusal of your site administrators to cooperate
say
the failure of your site administrators to cooperate
I don't remember seeing a "hell no, we won't help" message.
|
richard
|
|
response 70 of 264:
|
Dec 3 22:47 UTC 1998 |
one thing I wonder is if the fork-bombers really came from that site.
There were some people here and on mnet just rabid about site-blocking
the Indians. Surely someone from somewhere else could have accessed
that ISP, and telneted through it to grex, *just* to send forkbombs to
provoke staff into the site-blocking itwouldnt do otherwise?
My feeling is that site-blocking is futile because these folks will
just find other ways to get in. Is it now policy to site-block all
sites that have users doing these kind of things?
And how does grex want to be treated if the situation was reversed?
What if other sites start start site-blocking grex because one or two grex
users are using grex to send evil code or something? Is that fair to
everyone else who uses grex? Has grex ever been site blocked actually?
|
robh
|
|
response 71 of 264:
|
Dec 3 23:08 UTC 1998 |
Generally, our staff members actually respond to the e-mail
they get about vandals here. And deal with it. If the
Indian site's staff had responded to our e-mail, we wouldn't
have blocked the site, no matter who was doing the bombing.
|
steve
|
|
response 72 of 264:
|
Dec 3 23:13 UTC 1998 |
Yes, Richard, the fork bombers came from that site. Must you question
everything that is said?
Grex has been told a couple of times now, that it could be blacklisted
from a site (most notably a IRC site) if certain users didn't stop doing
things from here (like send mail). If Grex were to have some users who
did obnoxious things from here, if we didn't clean it up I would *expect*
that that other site would block us. Thats only reasonable.
Site blocking is not an ultimate tool for this sort of problem, but in
this particular case I thought that the vast majority of users from this
site did not have other access to the net. That has proven true. One or
two people seem to be on from another site, but just one or two as far
as I have been able to tell.
As for your last paragraph, I'm sure there are places that HAVE blocked
us in one way or another, because of something that some user did here.
We've had 160,337 accounts created on Grex now, so it's quite reasonable
to assume that somewhere, someone did something that pissed someone off
and we were blocked in one way or another. However, you're missing the
larger point--Grex isn't a place where 467 users all go to some spot on
the net every day. Any site that blocked Grex for whatever reason wouldn't
be seen by many people, except for some few sites like hotmail, altavista,
etc.
So Richard, let me ask you something. What if you had been on during
the time when the fork bombs went off here? What would your complaints
have been, when Grex ran hundreds of times slower than it should? For
some reason, I can't think that you wouldn't have complained.
|
albaugh
|
|
response 73 of 264:
|
Dec 4 00:12 UTC 1998 |
Oh my God, richard has come up with a conspiracy theory for a grex hate crime!
That's gotta be his best ever! :-)
|
scg
|
|
response 74 of 264:
|
Dec 4 01:43 UTC 1998 |
Given that there have been misguided people calling for banning Indian users
fora while, the theory that some racist American broke in to that system and
then started attacking Grex from there does seem possible. If the Staff's
goal in banning the abusive site was to block out abusive Indians, as opposed
to abusive people, it would even be a cause for concern. In fact, though,
it's irrellevant. If a vandal is trying to do bad things to Grex, it really
doesn't matter if that vandal is from India, or Ann Arbor, or Mars. It's
still a problem. The administrators of the site the vandal is coming from
still has a responsibility to deal with the person or people, either by
disciplining or cutting off authorized users who are causing problems, or by
patching security holes that are allowing unauthorized users in. The problem
is that that site has been causing us lots of problems, and its administrators
haven't responsed to attempts to contact them.
|
aruba
|
|
response 75 of 264:
|
Dec 4 03:27 UTC 1998 |
The message sent via e-mail should probably contain a pointer to this item as
well.
|
steve
|
|
response 76 of 264:
|
Dec 4 05:07 UTC 1998 |
I've just sent off another letter to my contact about this.
Given that it is in the middle of the day there, I am hoping to
get a response. If not, then tomorrow I guess we'll go ahead
with the mail and reopening. I'll post the letter to all the
users here, first.
|
rtg
|
|
response 77 of 264:
|
Dec 4 05:38 UTC 1998 |
I find it hard to believe that this university gives its students telnet
access to the internet, and not an email server. STeve, if you have a
list of all accounts which were created from that subnet, how difficult
would it be to scan the .plan files of those accounts for alternate e-mail
addresses? If a significant number of the users have alternate e-mail,
then I would see it as unnecessary to unblock the subnet, and instead send
the explanatory e-mail direct to the alternate addresses.
Second, you did not explain exactly how the blocking was accomplished.
Does our router have some firewall filtering ability? If so, can it
filter by protocol as well as IP address? Would it be possible to open
the subnet to http traffic, so the affected users could read this
discussion via backtalk? If we do chose to unblock the site, how about
allowing telnet, but no FTP? THen they'd have to hand-key the source for
their bombs, at least. And it wouldn't impede the 'legitimate' users of
mail, party, and bbs.
|