|
Grex > Coop9 > #43: Account deletion due to mail abuse | |
|
| Author |
Message |
ajax
|
|
Account deletion due to mail abuse
| 
Jan 19 06:07 UTC 1997 |
There was an announcement in the Agora conference's System Problems
item recently about a user's account being deleted because a lot of
messages were sent from that account. There was some discussion
inquiring as to why the account was deleted, instead of taking other
measures, and if that's how such situations should be handled in the
future. This item is intended to continue that discussion.
Here's a recap of explanations from staff of what was done and why:
>#113 of 138: by Goddess Of Static Electricity (valerie) on Fri, Jan 17,
>1997 (13:42):
> Re mail problems: We had a user who sent out several thousand e-mail
> messages in the last day or two. This could explain both slow e-mail
> traffic and slow net-link problems. The user's account has been deleted.
>
> This probably doesn't explain the lack of mail to/from ford.com, though.
>
>#122 of 138: by Scott Helmke (scott) on Fri, Jan 17, 1997 (19:22):
>
> This was a clear case of vandalism, setting an automated system to send
> thousands of mail messages.
>
>#126 of 138: by Steve Gibbard (scg) on Fri, Jan 17, 1997 (22:53):
> Assuming this was a one shot thing, we could stop the mail from going out
> by just deleting the mail. The problem that lingers long after the mail
> has been sent, though, is that of mail coming back to the system, either
> from angry people wanting to reply to it, or due to incorrect addressing
> on the mail being sent out. We don't really care if this user can still
> read mail or not. Since it appears that the only reason the mail bomb
> was done was as vandalism, probably the user doesn't care either. What
> we do care about is load on the system. If the account isn't there, the
> mail will be stopped before it comes over our Internet link, since Grex
> won't accept mail for a user who doesn't exist.
|
| 89 responses total. |
scg
|
|
response 1 of 89:
|
Jan 19 06:15 UTC 1997 |
This response has been erased.
|
scg
|
|
response 2 of 89:
|
Jan 19 06:16 UTC 1997 |
The way it's been discussed, it sounds like Valerie deleted an account because
she didn't like how much mail a user was sending. There is a *huge*
difference between that, and deleting an account to stop something that could
only be seen as malicious, which is what Valerie did.
|
rcurl
|
|
response 3 of 89:
|
Jan 19 06:39 UTC 1997 |
How about if we are told what was done when and how? Was any attempt made to
contact this person? Could the mail have been deleted and not the account,
while the situation was being looked into? I presume it was *assumed* it
was malicious, without investigation? I am really mostly in the dark about
what really happened, and I'd like to know, to be a better member and provide
better input on handling problems or what seem like problem users.
|
janc
|
|
response 4 of 89:
|
Jan 19 17:12 UTC 1997 |
My impression was that the first day the account wasn't deleted and a message
was sent asking them not to do this. The second day the same person again
sent about a thousand messages, and got nuked. I'm not sure this is accurate.
|
tsty
|
|
response 5 of 89:
|
Jan 19 19:10 UTC 1997 |
i certainly have no problem whatsoever with the actions taken given the
descriptions of activities involved.
|
richard
|
|
response 6 of 89:
|
Jan 19 21:31 UTC 1997 |
Valerie didnt say whether this person had been contacted to ask why
they were doing what they were doing. I believe "newuser" *asks* people
not to run large mailing lists, but it doesnt say "If you run large
mailing lists, your account WILL be deleted" Some people dont know
policy.
I dont dispute that the actions taken were necessary, just that policy
that isnt spelled out and mader clear to the users is unethical. For
instance, I knew someone once who had a falling out with another user, and
that user hacked his password and ran a mailbomb on his account (this was
not on grex, elsewhere where the pw files obviously werent protec ted
well) HIs login got deleted and it was allhe could do to find out what
happened and prove that it wasnt him. These thingshappen.
I think the proper policy would have been to freeze his access so when
this user logs on he gets:
"Your account login has been suspended by Grex staff for security
violations. Please contact staff at (list telephone number) for an
explanation. Good Bye."
And then log that user off.
This allows the user to make a verbal case for himself, a chance for
redress of grievance. Even rapists and murderes get to make their case.
Scum who run mailbombs deserve the same opportunity.
|
scg
|
|
response 7 of 89:
|
Jan 19 23:15 UTC 1997 |
Richard seems to be talking interms of a long term user who makes a mistake.
In this case, we had a user woh created an account and did not a large
maailing list, but a "mail bomb" of sorts. This was not some long time user
losing an account that had been used for legitimate purposes.
|
richard
|
|
response 8 of 89:
|
Jan 20 02:05 UTC 1997 |
SCG, that seems to be saying the equivalent of that a person who has jsut
moved into a town doesnt deserve the same chance to defend himself or herself
as someone who has lived in that town all ther lives?
One time, back in college, I created an account ina computer lab and
had my password stolen because someone there saw me write it down. I
had that account all of six hours. Did I not deserve the chance to
get it back? Fortunately noone ran a mailbomb on that account but
even if they had, I still deserved the benefit of the doubt in that I had
created the login legitimately. Had the person who stole my account run
a mailbomb, I stilll should have had the opportnity to defend myself
before it was assumed I did it and my account deleted.
Like it or not, staff acts as the judiciary here. I think it is a bad
precedent if new logins arent given the same presumptions of legitimacy as
any other accounts. Even if this guy was scum, he should have had the
chance to respond before staff "executed" his login.
|
jenna
|
|
response 9 of 89:
|
Jan 20 02:12 UTC 1997 |
I'm glad she deleted the account. this has happened once or twice before
(people sending thousand of lettters) and I think staff has always handled
it well. no one needs to send 2000 + blank messages
|
scott
|
|
response 10 of 89:
|
Jan 20 02:17 UTC 1997 |
There's a difference between just moving into town and moving into town and
then immediately sending junk mail to everybody else in town, and the next
town over as well.
|
valerie
|
|
response 11 of 89:
|
Jan 20 05:44 UTC 1997 |
This response has been erased.
|
ajax
|
|
response 12 of 89:
|
Jan 20 06:27 UTC 1997 |
This Rob? I don't have a particular interest in this, I just entered
the item since it was overtaking the System Problems item, and I think
co-op is the more appropriate place to discuss it.
After hearing the details, I dunno, if the person was sending e-mail
to different addresses on the same system, it doesn't sound to me like
the person was doing it maliciously, they were doing it cluelessly,
which I think makes a big difference. But whether messages went to
different address or not isn't specified in #11. I definitely disagree
with STeve that *anybody* sending thousands of messages knows it's
wrong.
-Rob
|
rcurl
|
|
response 13 of 89:
|
Jan 20 08:10 UTC 1997 |
Does sound primarily thoughtless, plus a bit of arrogance - hmmm, might make
a great grexer...
|
dpc
|
|
response 14 of 89:
|
Jan 20 16:21 UTC 1997 |
Excellent work, Valerie! You did just the right thing, especially
with *two* mass mailings in two days.
|
richard
|
|
response 15 of 89:
|
Jan 20 17:27 UTC 1997 |
itsoundslikethis person was probably just ignorant. Tryingto recruit
employees in India, or at least get resumes to look through. He was
misuisng grex but it doesnt sound like hw was doing it to deliberately
hurt grex. There ARE people in other places who come here not kjnowing
muchabout cojpmputers and less about what grex can handle.
Maybe he thought grex was a supercomputer and could handle suchlevels of mail?
|
scott
|
|
response 16 of 89:
|
Jan 20 17:32 UTC 1997 |
The newuser text should talk about what grex is, though.
|
steve
|
|
response 17 of 89:
|
Jan 20 17:48 UTC 1997 |
Rob, I've yet to see a person do a mass mailing on the net who
didn't know about that they were doing. I suppose there are some,
but far more common are people who contract with "mail companies"
who do the actual dirty work.
I'vew probably deleted about 12 - 20 accounts for this reason
int he last three years. A couple of these were talked about
publiclaly (anyone remember the idiot from texas and white
supremicist crud to 12,000 accounts all over?), but most have just
been delt with. Probably the only way people noticed it was the
huge delays in everything when the sendmailfest was running.
|
janc
|
|
response 18 of 89:
|
Jan 20 19:21 UTC 1997 |
I don't really have much patience for people like this. The guy brought Grex
to it knees twice, impacting hundreds of other users, plus spammed mail all
over some hapless system elsewhere. Sure, its nice if we can figure out
whether he is an asshole or just stupid, and try to apply appropriate
corrections, but the highest priority is to MAKE HIM STOP. Staff doesn't
always have limitless time, so we sometimes have to prioritize.
|
albaugh
|
|
response 19 of 89:
|
Jan 20 20:19 UTC 1997 |
Assume for a minute there is some gray area associated with this incident.
In that case in might be nice to be able to quickly & painlessly take away
the user's sendmail capability, perhaps to anyone but "staff@grex", and send
him a note saying why that was done. If he were just ignorant instead of
malicious, that might allow time to patch things up. However, if in the mean
time grex got hit with bunches of bounces or angry replies, it would be easier
(better?) to just nuke the account...
|
janc
|
|
response 20 of 89:
|
Jan 20 21:54 UTC 1997 |
I don't know how to do that. I think it would require modifications to the
mail transport software to be able to turn off a person's ability to send
mail.
|
richard
|
|
response 21 of 89:
|
Jan 20 21:57 UTC 1997 |
takinga away one's sendmail capability probably requires code modificatons
for source code grex doesnt have already. Since that is the pat answer to
to any suggestions I make, I'll just asume it applieshere.
Grex should have the source code for anything it agrees to run...
Grex advertises picospan andbacktalk by using them, I dont see why
the source shouldnt have been provided for future use upon installation
|
richard
|
|
response 22 of 89:
|
Jan 20 21:58 UTC 1997 |
Jan slipped in...
|
valerie
|
|
response 23 of 89:
|
Jan 20 22:49 UTC 1997 |
This response has been erased.
|
richard
|
|
response 24 of 89:
|
Jan 20 22:56 UTC 1997 |
Why not write these unqrittenrules down so people can know what
they are. Unwrittenor unstatedpolicies wil always cause confusion when they
are acted upon.
Andhow are new staffers supposed to know allt he Un written policies.
A little "staff handbook" couldbe developed and would be a good idea.
|