|
Grex > Coop9 > #107: Question for all Grex users on how to handle a problem user | |
|
| Author |
Message |
steve
|
|
Question for all Grex users on how to handle a problem user
| 
Jun 25 20:53 UTC 1997 |
This is a question for all the users on Grex. Please read this
and think about it, and then add your thoughts.
We have a user on Grex, whom I'll refer to as "X" at this time.
This person was I think a paying member of Grex at one point, but
has not been such in a while. We've had an unforunate though
sporadic series of problems with this person, in terms of their
doing things on Grex, and affecting others through e-mail. I
have not looked in the master newuser records to verify this
but I believe that we've had various problems with this person
for three years now.
One of the problems Grex faces is an ever increasing number of
people who see Grex as a free file storage site, and a place to
compile/run IRC and 'bots. Especially bots--there are hundreds,
and I do mean hundreds of people who have brought over the "eggdrop"
bot, along with TCL (programming tool for UNIX) that it uses.
Together these take about 1M of disk, which expands to about 3M
when uncompressed. Besides the eternal (and infernal) bots, a
huge number of image and audio files are making their way into
Grex. Many of them are in the 100K class and smaller, but an
amazing number of them are more than 500K.
So many of these have arrived in the last six months that I've
taken to sending a "stock" message, which lives in
/a/s/t/steve/Ginai (means: Grex is not an isp)
that anyone can read. I'd say I'm sending out between 3 and 10
copies of this each day. The good news is, once people see the
notice, they'll often say "sorry!" and not do it again, truely
not realizing that Grex has a 28K link to the net. I'd say that
more than 97% of all requests to do this are not repeated. The
remaining are the oddball cases, which are at least in some part
due to their not understanding English. This leaves a very few
people who dileberately FTP large things after being asked to stop.
Again, the vast majority of people are pretty reasonable.
All this is background, and should be talked about in another item.
I'd noticed user X FTPing in a jpeg file and asked this person not
to. Knowing that X was a problem in the past I wondered what would
happen. No response from X. Then the same named jpeg appeared on
grex again, probably about a day or so later. The third time I saw
this happen I sent the mail again, stating I'd already talked to
this person several times, and removed the file.
Several days later I received a nearly incomprehensible message
from this person saying that I should practice what I preach,
if I understood what they were saying. I replied sorry, but we've
had various run-ins with you before, and had been nofitied, etc.
No response to this mail of mine.
Some number of days ago I found a new account ("Y") that had FTPed
the now familiar name (female) from the same site as before. The
site is a system similar in nature to Grex out west. Noting the
FTP/login usage patterns, .login similarities and strange permissions
on the home directories of X and Y, it wasn't hard to see that this
was an attempt to evade me and continue FTPing things into Grex.
So, I removed the file and sent mail to Y, saying that I knew it was
X, and that taking out new accounts wasn't going to accomplish
anything. A few days later I got mail from Y, quoting my letter
but with no new message. I'm fairly sure they were using PICO
and didn't exit correctly.
Last night account X logged into Grex locally, and used "screen"
to occupy all the remaining ptys on Grex. I got a tel from someone
on this and when I looked one of the nine screen ptys were in use--
all the others were just sitting there idle. I asked X to release
the ptys. No response. After a couple of minutes I killed all
but one of them, the sole active screen.
Today (Weds 6/25) I discovered that X FTPed in the same named jpeg
again, roughly around the time that all the ptys were being used.
This is not the first time we've had problems with this user. This
isn't the fifth time--its more like the 8th time (having jotted
down in reverse order the incidents that I remember off the top of
my head) we've felt what this person has done.
At this point I felt it worthwhile to get this persons attention
if such a thing is possible, so I changed the passwords to X and Y
this afternoon. About 20 minutes after I'd done this there was
a flurry of attempted logins from X, and then Y on the dialins.
Given the strange permisions on the home dir of the two accounts,
whatever contents are there (Y has very little but X might hold
some value to its owner), they cannot access that data. If anything
can bring this person around, I believe this will.
My question to Grex at large is what should and can be done with
this person? At this point I'd be in favor of a "Grex Diplomat
Squad" that is in charge of talking to someone like this, to see
if whatever problems that exist can be resolved.
I didn't like the idea of changing the passwords on these two
accounts, but I needed something to get the attention of this person.
Your input is appreciated.
|
| 28 responses total. |
albaugh
|
|
response 1 of 28:
|
Jun 25 23:42 UTC 1997 |
Sounds like you did a pretty reasonable job of courteously trying to get this
person to stop abusing grex. Does grex have a personal file space limit?
If not, perhaps it ought to get one. BTW, you said that the person is no
longer a member? If that's true, then he shouldn't have been able to FTP-pull
the file to grex, so was he FTP-pushing the file to grex from elsewhere?
|
steve
|
|
response 2 of 28:
|
Jun 26 03:24 UTC 1997 |
The user was FTPing into Grex, which of course anyone can do.
|
albaugh
|
|
response 3 of 28:
|
Jun 26 11:22 UTC 1997 |
Perhaps FTP-pushing of files onto grex should be disallowed?
|
steve
|
|
response 4 of 28:
|
Jun 26 14:00 UTC 1997 |
I'd rather not see that. Most people use FTP fpr reasonable things,
and the majority of unreasonable things seems to stem from a lack of
knowledge about Grex. We probably need to revisit all our messages
about FTPing to see if we can make them better.
|
valerie
|
|
response 5 of 28:
|
Jun 26 14:28 UTC 1997 |
This response has been erased.
|
nt
|
|
response 6 of 28:
|
Jun 26 16:55 UTC 1997 |
Is there any way you could incraese the size of GREX's harddisk?
|
remmers
|
|
response 7 of 28:
|
Jun 26 18:21 UTC 1997 |
Sure, but disk space is not the bottleneck at this point -- it's
network bandwidth.
|
steve
|
|
response 8 of 28:
|
Jun 26 20:12 UTC 1997 |
Right--if people wanted to trade files via the dialin lines,
and didn't use the high speed lines to upload them to Grex (but
downloading files is OK), then we wouldn't have much of a problem
with it I don't think, unless we were tlking of hundreds of M.
But the link, that poor little abused link, handles all the net
traffic for us, and right now I cna't see what I'm typing becuase
of all the I/O its trying to do now. I hope this is english that
I'm writing. (ah, I just got some text back, now).
Basically we're starving for more link bandwidth. And,
if/when we get an ISDN line, the situation isn't going to
change much--we still won't have the extra bandwidth to deal with
all the folks who'd be exchanging image files if we let them.
|
cmcgee
|
|
response 9 of 28:
|
Jun 26 23:26 UTC 1997 |
Am I reading this correctly: That X deliberately sabotaged access to Grex
by blocking all unused "hookup spots" with the "screen" command. The result
of this action is that no one who wasnt already on grex could access grex?
And that this person can/may do this any time he or she wants just by creating
a new login id?
If this is true than we have a far more serious problem than just the person
deliberately FTPing things in after they have been asked to stop.
|
mary
|
|
response 10 of 28:
|
Jun 26 23:54 UTC 1997 |
I'd rather we didn't react to the infrequent jerk by making lots of rules
we'll have to live with all the time. If we do that the jerk will have
won.
My advice is to try very hard to not interpret this behavior as a personal
challenge. Do what you need to do to keep the system running, send
unemotional and succinct mail after dealing with any files or programs,
and don't make it a bigger issue than it absolutely needs to be.
Get as close as you can to ignoring bad behavior and it tends to become
unrewarding to those acting out.
|
steve
|
|
response 11 of 28:
|
Jun 27 00:14 UTC 1997 |
You have to remember, Grex is an open system. This means that there
are hundreds of ways to temporarily crash Grex. Hundreds.
We offer programming languages on Grex: C, perl, assembler, shell
scripts. A sociopath can harm Grex with them. Every once in a while,
one comes along and writes a program to hog up all Grex's resources,
effectively crashing it.
This happens every once in a while. Compared to the number of
people who use Grex, it occurs amazingly rarely. The price of an open
system is the possibility of abuse. I think we've proved that this
sort of thing doesn't occur very often.
|
supermom
|
|
response 12 of 28:
|
Jun 27 03:07 UTC 1997 |
r <f.log
r <log
|
supermom
|
|
response 13 of 28:
|
Jun 27 03:11 UTC 1997 |
~r <f.log
~r <log
|
steve
|
|
response 14 of 28:
|
Jun 27 03:11 UTC 1997 |
Richard, you need to say :r file at the > prompt, becuase
what you just did was to include the litteral commands in your
text, as opposed to what you wanted.
|
supermom
|
|
response 15 of 28:
|
Jun 27 03:15 UTC 1997 |
Login Name TTY Idle Login Time Location Work Phone
steve STeve Andre' h3 9 Jun 26 19:42
steve STeve Andre' p0 9 Jun 26 19:42
steve STeve Andre' p3 13 Jun 26 19:43
steve STeve Andre' s0 2:01 Jun 26 14:57
PID TT STAT TIME COMMAND
12737 h3 IW 0:01 -csh (csh)
14789 h3 IW 0:00 newmail
14813 h3 IW 0:00 screen
|
supermom
|
|
response 16 of 28:
|
Jun 27 03:26 UTC 1997 |
If you say "X" or "Y" use screen command , then some users complained,
What abot "YOU" ?
just like President Bill Cliton did "sex harassment", people just say :well,
he is President !",
You are a root, people can't complain, right ? That's waht you think.
|
steve
|
|
response 17 of 28:
|
Jun 27 03:26 UTC 1997 |
There you go, you did it right.
OK. I'm on four times. I'll point out that the ttys0 login
I killed once I realized that I'd left that connection on from
a system I use at MSU.
The other three logins are an artifact from screen. The
first login on ttyh3 was the "master" copy of myself, that
invoked the screen program. When I ran screen earlier tonight,
there were between 10 and 15 ptys free at any point.
It's no sin to use screen--its a useful program that allows
anyone to do multiple things. In my case, it often allows me
to be "root" on one console and "me" (steve) on the other. I
don't often get to do fun conferences these days, but screen
lets me do that.
So, I was on four times 'till I realized my MSU login was
on, then killed it. I was then "on" three times, once on a
dialin, and twice on ptys.
I'll point out right now that sometimes its really needed,
staff doing things right in the middle of things, and sometimes,
I need to do several things at once. I regret to say that we've
have a lot of vandals testing the locks lately.
Since you're bringing up screen, lets talk about your
usage, Richard. The other night, someone sent me a tel,
stating that you were on as "kr", multiple times. When I
did a who I found nine instances of "kr" running, and a
whole pile of people in the telnet queue waiting to get in.
After I sent you a tel asking you to release the unused
ptys, I examined all of them and discovered that you were
using one pty, with all the others unused.
A few minutes later I elected to kill them, given that
there were a lot of people waiting to get in.
Given the nature and longevity of the problems you've
caused on Grex, I can say that I wasn't surprised at your
actions of that night. You've been an amazingly disruptive
peron on Grex. I really wish you'd stop this.
|
steve
|
|
response 18 of 28:
|
Jun 27 03:27 UTC 1997 |
Well, I hope I've explained things well enough for people
to understand why I've done what I've done with regard to screen.
|
tao
|
|
response 19 of 28:
|
Jun 27 16:13 UTC 1997 |
Your actions have been fair and reasonable, STeve.
|
void
|
|
response 20 of 28:
|
Jun 27 18:45 UTC 1997 |
what tao said. :)
|
dpc
|
|
response 21 of 28:
|
Jun 27 19:27 UTC 1997 |
What void said.
|
tsty
|
|
response 22 of 28:
|
Jun 27 22:26 UTC 1997 |
... what about the 'look who's on' stuff i post now and then
with a dozen or so logins from identical quartets .... even if the
loginids are not identical, that's an *easy* way to hog 15-20 ports.
i took a careful read of /a/s/t/steve/Ginai and it reads so very well.
i would also like to point out the *necessity* for staff (as opposed
to other logins) to use more resources than a usual login - like steve
and screen, above.
if there EVER were more cognizant necessary resource users than staff
is around here ... that group has yet to be imagined, let alone realized.
|
dang
|
|
response 23 of 28:
|
Jun 27 22:37 UTC 1997 |
Besides, as long as noone is waiting, you can use several screen logins.
That's what it's there for.
|
scg
|
|
response 24 of 28:
|
Jun 28 03:54 UTC 1997 |
re 22:
In the US, connections other than PPP accounts are pretty much
obsolete. If you see two Americans from the same IP address, it's fairly
likely that they're the same person, or at least coming through the same
corporate firewall. OTOH, many other parts of the world are far more like
the US was a few years ago, where the way to connect to the Net was to dial
up to a Unix shell account and then telnet out from there. In that scenario,
everybody with the same ISP would come from the same IP address.
|