user creation is globally disabled

No longer supported!

Moderator: Moderators

user creation is globally disabled

Postby zoli » Sun Jul 24, 2005 12:47 am

2005.07.24 polarhome user creation is globally disabled until we find a way to protect polarhome from users that use their ftp accounts for phishing, spoofing, distribute warez and other malitious activity. We waited two months for stable connection with fix IP that some "users" scrude up in two weeks. This can not be tollerated. You can send you opinion or constructive idea to root@polarhome.com or discuss it here.
Regards,
Z
---
Zoltan Arpadffy
zoli
Forum Admin
Forum Admin
 
Posts: 784
Joined: Mon Sep 30, 2002 1:27 am
Location: Stockholm, Sweden

Postby thewave_openbsd » Sun Jul 24, 2005 6:51 am

If users are creating many accouints, you could try adding some kind of waiting period before an account is activated.
thewave_openbsd
Newbie
 
Posts: 6
Joined: Mon Jun 13, 2005 5:34 am
Location: NZ

Postby miker_alpha » Sun Jul 24, 2005 8:22 am

How many requests per day/week/month are there?
Could some part of the FTP-account creation be made manual? Something like e.g. "postcardware" - account is only activated if/when you send a picture postcard with some kind of request id. That would definitely throttle the process, but if the numbers are high it's probably not practical.

Sorry I've no better idea :(

MikeR
Look for OpenVMS help on my webpage
Check for QOTD here.
Image
User avatar
miker_alpha
Moderator
Moderator
 
Posts: 256
Joined: Sat May 08, 2004 9:20 am
Location: Kibbutz Tzora, Israel

Postby zoli » Sun Jul 24, 2005 11:44 am

hi,

I have all data stored, but never made a chart of account creation progress - but you can count in range of tousands per month.

I think, that your idea is brilliant miker.
(I do not know what made your brain so wide - age, VMS, DEC experience or healty kibbutz food - whatever is it I want to do the same :) )

Suggestion:

e-mail - instant and free
ftp - postcardware
shell - application + one time addmission fee

We'll wait some time for other's opinion and idea.
If nothing better pops up, we proceede according to this.

BTW what to do with users that has ftp account today.
It is clear that they keep ther e-mail, but what about their files. Can we deny access to files from one day to another? This is an ethical question.
Regards,
Z
---
Zoltan Arpadffy
zoli
Forum Admin
Forum Admin
 
Posts: 784
Joined: Mon Sep 30, 2002 1:27 am
Location: Stockholm, Sweden

Postby miker_alpha » Mon Jul 25, 2005 8:11 am

age, VMS, DEC experience or healty kibbutz food


Age: That will get to you anyway - and then you'll be sorry!
VMS: well, you've got that
DEC: Sorry, unobtainable... (there is 'Digital India')
and
Kibbutz food: No great shakes, really, but you're welcome to pop over and try!

Thanks for compliments.

Should it go email account --> FTP account --> shell account ?
(Only grant FTP access to someone who has an email account etc.)

MikeR
Look for OpenVMS help on my webpage
Check for QOTD here.
Image
User avatar
miker_alpha
Moderator
Moderator
 
Posts: 256
Joined: Sat May 08, 2004 9:20 am
Location: Kibbutz Tzora, Israel

Postby eX » Mon Jul 25, 2005 1:36 pm

What about:
- account could be only asked through legal ISP mail and not free mail... + URL of that ISP (for easy checking). Of course this wont be 100% helpful and it might be annoying for person which will check all this but it might decrease abuse number. And yes I know.. what if some (in rare cases) ISP don`t offer mail? Well... nice explanation (with ISP url) might help to those people too.
- I was thinking once.. how many accounts on polarhome is "dead", non used, opened only for test, fun or something.. years ago? Maybe it wouldn`t be so bad to have some script which block account which isn`t "touched" more than let's say 90 days.. (or longer time.. ) and then additional month before account is terminated (with mail warning?)? I think that this isn't ethical question but practical. How many resources.. for nothing.
- this "postcardware" idea really isn't bad. Few free shell providers use it per years (cyberunners for example).

ZOLI said: BTW what to do with users that has ftp account today.
It is clear that they keep ther e-mail, but what about their files. Can we deny access to files from one day to another? This is an ethical question
.

Maybe those accounts should stay as they are.. same when some country change law.. it can`t affect for back if this don't help people more than old law and fix some injustice...
eX
Member
 
Posts: 38
Joined: Fri Dec 03, 2004 10:55 am

Postby miker_alpha » Mon Jul 25, 2005 5:59 pm

Combine the previous posts ideas:
Send email to ALL FTP account owners, say once a month for three months (or four, or six...) stating the position. Anyone that answers manually (i.e. not a 'bot answering) gets to keep their files. Otherwise their files are replaced by a web page with/pointing to an explanation.
The problem I see with
account could be only asked through legal ISP mail and not free mail...
How would you update a list of ISPs. Some ISPs have a commercial option (or more than one) and a free option...

??

MikeR
Look for OpenVMS help on my webpage
Check for QOTD here.
Image
User avatar
miker_alpha
Moderator
Moderator
 
Posts: 256
Joined: Sat May 08, 2004 9:20 am
Location: Kibbutz Tzora, Israel

Postby eX » Tue Jul 26, 2005 12:19 am

I know I know... but is there something more easy than request account with fresh anonime yahoo, hotmail, gmail etc.. mail? I know that my suggestion is far from perfect and it might cause a lot of work (with requested ISP URL and one click on it might be a little bit easy..) but also might atleast decrease abuse for some percent... Person which will have attempt to abuse Polarhome service probably wont use own legal ISP mail. Some from them will search for other way to trick Polarhome admin, some from them will probably succed, but many of them will probably quit and they will (ab)use some other more easy available service...

In combination with postcard it might look that way (in few steps):
1. Fill web form (similar as now) and you will recieve on your ISP mail CODE
2. Send a postcard to Zoli with some nice words and this CODE...
3. Admin will every few (huh... I feel that this isn`t that briliant part ) days (let's say once in week -/+) check postcard requests, ISPs and souch stuf and grant or deny account...
4. Shell...same as now (ftp + application + one time addmission fee ) when you already have FTP

Does this sound possibly? I think that the weakest part is part 3 because manually it might take really much time but from other side there will be probaly a little bit less FTP requests as now - because no one wont ask it just for temporally one day fun, test.. or abuse (less or more).
eX
Member
 
Posts: 38
Joined: Fri Dec 03, 2004 10:55 am

Postby thewave_openbsd » Tue Jul 26, 2005 5:20 am

I like that postcard idea. Id be more then happy to send a postcard. Infact, if i was going to the trouble of sending a postcard, id probly just end up sending 10 currency units and get a shell account. Which could be a good thing for polarhome.
thewave_openbsd
Newbie
 
Posts: 6
Joined: Mon Jun 13, 2005 5:34 am
Location: NZ

Postby miker_alpha » Tue Jul 26, 2005 5:25 pm

id probly just end up sending 10 currency units and get a shell account.

Well, if you made getting a FTP account conditional on having had an email account, and getting a shell account conditional on having had a FTP account, then you couldn't do that in one fell swoop.

Also: insist on picture postcards - might be interesting...

MikeR
Look for OpenVMS help on my webpage
Check for QOTD here.
Image
User avatar
miker_alpha
Moderator
Moderator
 
Posts: 256
Joined: Sat May 08, 2004 9:20 am
Location: Kibbutz Tzora, Israel

Postby afonic » Tue Jul 26, 2005 9:27 pm

I don't like the postcard idea at all.
Very few people will go through all this hassle just for the FTP account. If you put yourself in their place, would you do it, or just skip polarhome and look for another provider?

What I suggest is an admin-managed account enable. Users should apply for an account, filling up their details, including the reason they want the account for. They should confirm their email automatically (with a verification email, like in many free services). Then the admin (we mods can help too) will review the email verified accounts, delete those with no good reasons, fake - strange names etc, and enable the "good" ones.

Then the new ones can remain in "watching" status for a week or so while mods can monitor the site making sure there is not any illegal activity.

This won't eliminate problems, but new users will get the feeling that getting an account is a serious procedure, that takes some time (not instant) and involves people reviewing the data. It should also make clear that polarhome looks for "good" users, putting in good use its admin time and system resources. The user creation right now, takes 5secs and is the exact opposite.

The whole difficulty about this idea is zoli's limited time and the difficulty of writing such a PHP program.

Waiting for your ideas.
User avatar
afonic
Forum Admin
Forum Admin
 
Posts: 686
Joined: Tue Oct 14, 2003 11:11 pm
Location: Salonica, Greece

Postby eX » Wed Jul 27, 2005 9:54 am

afonic wrote:I don't like the postcard idea at all.
Very few people will go through all this hassle just for the FTP account. If you put yourself in their place, would you do it, or just skip polarhome and look for another provider?


To much hassle JUST for FREE FTP account? Disagree. What so wrong with that? If I really want this I will spend few coins and less than 15 minutes for buying/writing/sending postcards. If this is to hard for me than I probably don't need Polarhome account...

afonic wrote:Then the admin (we mods can help too) will review the email verified accounts, delete those with no good reasons, fake - strange names etc, and enable the "good" ones.


What the hell is strange fake name? Is name Jovanka Hasanabegić strange to you? Probaly is.. but someone from lets say Serbia or Bosnia might have this name.. Same about login name. Does login like "badboy" really mean that this person is bad and it will abuse.. or only another IRC teenager with "wanna-be-cool-looking" identd...
eX
Member
 
Posts: 38
Joined: Fri Dec 03, 2004 10:55 am

Postby Matej » Wed Jul 27, 2005 11:34 am

Yeah but ebay_1, ebay_2, ebay_3 and so on probably would be a strange fake name. :wink:

I like the postcard idea but I also agree with afonic. For me it would be to much hassle. But I really don't need a FTP account since I get a decent FTP service with much more bandwidth from my ISP.

I think that postcards would make people to signup only if they really need the accounts.

And while changing to postcardware Zoli should also perform a decent cleanup of the system (remove untouched accounts).

For active users I would sign mikers idea.
User avatar
Matej
Forum Admin
Forum Admin
 
Posts: 365
Joined: Sun Sep 29, 2002 12:28 am
Location: Ljubljana, Slovenia

Postby afonic » Wed Jul 27, 2005 3:39 pm

eX wrote:To much hassle JUST for FREE FTP account? Disagree. What so wrong with that? If I really want this I will spend few coins and less than 15 minutes for buying/writing/sending postcards. If this is to hard for me than I probably don't need Polarhome account...

If you live in a 1,000,000 population town like me and it takes you 50mins to get downtown and send an international postcard yes it's a bit of a hassle.
Also when you send it and you live, for example, in Brazil, it can take more than a month to arrive in Sweden. Usually people searching for an FTP account to host some stuff don't want to wait that much. I believe if we use the postcard idea we will get 1 signup out of 1,000 we get now. I know this may be good, as this 1 guy wants to use his account, but getting too few new users is not always good.
Probably an e-postcard is a better idea? :-)

eX wrote:What the hell is strange fake name? Is name Jovanka Hasanabegić strange to you? Probaly is.. but someone from lets say Serbia or Bosnia might have this name.. Same about login name. Does login like "badboy" really mean that this person is bad and it will abuse.. or only another IRC teenager with "wanna-be-cool-looking" identd...


Jovanka Hasanabegić seems pretty "real" to me. Strange names I mean, as Matej said, stuff like ebay63, net_devil, mymomwasahacker and stuff like that. Also without email verfication as it is today someone can register and use dave@notaserver.org as an email and still access his account.
User avatar
afonic
Forum Admin
Forum Admin
 
Posts: 686
Joined: Tue Oct 14, 2003 11:11 pm
Location: Salonica, Greece

Postby Matej » Wed Jul 27, 2005 3:54 pm

Email verification could be really useful if it's set so that you can register only 1 account per email address. So you would need 100 active email accounts to get 100 accounts (not mentioning all the time to check every account and click the validation link).
It's far from being a perfect protection but it'll make mass account registrations harder.
User avatar
Matej
Forum Admin
Forum Admin
 
Posts: 365
Joined: Sun Sep 29, 2002 12:28 am
Location: Ljubljana, Slovenia

Postby eX » Thu Jul 28, 2005 3:05 am

afonic
- if you realy want something you will do something for this (and I still think that postcard isn`t that big victim..)
- if you really need something you are probably prepared to do something for this (and again...I still think that postcard isn`t that big victim..)

-postcard which travel more than a month - from my experinces I could CLAIM that this is a nonsense. Stereothype from past. I writing this from my own experiences from almost whole world through years... as an alternative underground music "fan" I recieved through post more than 300 CDs/LPs from whole word. Something like 2 weeks ago I sended airmail letter from Europe (I paid something like 1USD for airmail stamps) with hidden cash in RENO (south US) for LP from Scared of Chaka (nice simple punk rock band..) and now I listening them already second day. Something like year ago I sended few bucks in Argentina (for nice "do it youreself" vegan hardcore band X-Acto) and I recieved their CD in less than one month (from the day when I sended money). So... more than a month? Maybe in some rare cases if letter is lost or something.

- this about user number quota is the funniest part. Is really important if Polarhome get every month 150 new FTP registrations and not 3000? Everyone have chance to get account... and it`s not all about quantity. Especially if some from them open account just for test, abuse or one-day joke... I believe that its no need to be afraid that Polarhome will loose decent users because postcard wish...

- 50 minutes... it's not that bad to turn off this damn PC sometimes and stretch legs on way to post office... ;-) In every case it`s only one time postcard order.

(btw. I hope that someone wont forget that we just discuss... and that we all together trying to find as much is possible better solution - even if we disagree sometimes ;)
eX
Member
 
Posts: 38
Joined: Fri Dec 03, 2004 10:55 am

Postby zoli » Thu Jul 28, 2005 9:12 am

hi,

seems, the discussion is moving more in directon of:

1. instant, free mail account
2. registered shell

No ftp accounts any more. Because:
- postcard registration does not give any security just time prolongation
- with prolonged ftp activation it is not attractive either.

Sounds reasonable for me. Like this we realy filter out the users. From 2001 there has not been any abuse incident where a shell account owner was involved.
Regards,
Z
---
Zoltan Arpadffy
zoli
Forum Admin
Forum Admin
 
Posts: 784
Joined: Mon Sep 30, 2002 1:27 am
Location: Stockholm, Sweden

Postby eX » Thu Jul 28, 2005 9:32 am

Huh. Surprised. What about existing FTP accounts?
eX
Member
 
Posts: 38
Joined: Fri Dec 03, 2004 10:55 am

Postby zoli » Thu Jul 28, 2005 10:16 am

hi,

if we decide to do so... I would suggest the following actions:

1. delete not used accounts
2. evaluate every ftp account and decide wheter to keep it or not
3. criteria for decision should be:
    - can account be used for malitious activity?
    - does it contain hacker tools, rootkits, eproms etc?
    - site content is not legal or ethical

4. ftp accounts that "survived" this audit, can be used with same rights as today.
5. no pure ftp accounts are allowed in the future.
6. newly created accouts are created with all features (as today) - but just mail functionality is enabled before shell registartion.

Does this sound reasonable?
Regards,
Z
---
Zoltan Arpadffy
zoli
Forum Admin
Forum Admin
 
Posts: 784
Joined: Mon Sep 30, 2002 1:27 am
Location: Stockholm, Sweden

Postby miker_alpha » Thu Jul 28, 2005 12:49 pm

I realize that polarhome is not in a competition, but personally if I were looking for a free, email-only account, I would look no further than e.g. gmail which seems convenient, has very few limitations (~1GB disk quota) and spam filtering.

I think there probably is a niche for free-or-almost-free FTP accounts for someone who wants to try some basic experiments, and it would be useful, I think, to be able to require an existing FTP account before upgrading to a shell account (as it stood until now.)

Not being familiar with Un*x: What limitations could be placed on such an account? CPU usage, disk space, login frequency, connection time, web pages served, types of files stored (e.g. no "executables": what are executables? *.EXE, *.COM, *.TSK ?)
etc...

There are ISPs that only allow certain types of files: *.HTM, *.HTML, *.GIF and *.JPEG for example; I suppose malware could be written in Javascript, but anyone capable of doing that is probably past the script-kiddie stage.


Just my $0.02 :D

MikeR
Look for OpenVMS help on my webpage
Check for QOTD here.
Image
User avatar
miker_alpha
Moderator
Moderator
 
Posts: 256
Joined: Sat May 08, 2004 9:20 am
Location: Kibbutz Tzora, Israel

Next

Return to FTP accounts

Who is online

Users browsing this forum: No registered users and 18 guests

cron