user creation is globally disabled

No longer supported!

Moderator: Moderators

Postby zoli » Thu Jul 28, 2005 3:32 pm

Let us imagine a scenario with postcard ftp option:

- I am a bad guy and I want to run an ebay phishing site
- I create an account on polarhome.com
- send a postcard (with text you'll be all cooked)
- after activation nothing stops me to upload a phishing site.
- it will work as soon it is not reported to spoof@ebay.com
- ebay raise and abuse IR
- ISP closes polarhome again for at least 3-4 days
- I can do that as may times I like, but how may abuse incident will ISP tolerate for polarhome - certainly less.

As you can see - polarhome still does not have any information about the abuser. I agree, that it took few days more to access the account, but the result is same.

You must be aware, that ISPs do not tolerate such activity nowadays. Song networks tolerated 5-6 abuse incidents during one year before had throughn us out. Bredbandsbolaget took up the possibility to cancel/break the contract after the very first incident.

To be honest, I do not want any such incidents from polarhome any more.
They cost me too much nerves, time, negotiations and explanation with abuse teams etc... and at the end we do hang on their line as a personal/private subscriber (that is really questionable what kind of private subscriber runs 15 servers with 100k accounts on them). In one word: polarhome depends on abuse team's good will and positive approach - and we should not abuse that.

Therefore polarhome simply can not appreciate itself to be involved in abuse incidents any more if we want polarhome to prosper.

I would like to underline that my last sentence above, is not just a wish - this is a must. Therefore, here we should not consider options by measuring attraction but question of polarhome's existence should be taken into the same basket as well.

BTW Bredbandbolaget has just opened the line again (after 6 days)
Regards,
Z
---
Zoltan Arpadffy
zoli
Forum Admin
Forum Admin
 
Posts: 752
Joined: Mon Sep 30, 2002 1:27 am
Location: Stockholm, Sweden

Postby miker_alpha » Thu Jul 28, 2005 5:38 pm

OK, you persuaded me.

1. instant, free mail account
2. registered shell

No ftp accounts any more.


MikeR

P.S. I can probably help by sifting through the accounts on Alpha.polarhome (there are currently 751 accounts on DKA200:[home...]) and maybe on VAX.polarhome (haven't counted.) Of course some will be shell accounts - I'll have to check.

M.
Look for OpenVMS help on my webpage
Check for QOTD here.
Image
User avatar
miker_alpha
Moderator
Moderator
 
Posts: 256
Joined: Sat May 08, 2004 9:20 am
Location: Kibbutz Tzora, Israel

Postby afonic » Thu Jul 28, 2005 6:56 pm

I agree for just shell accounts.

Email accounts are not going to be used, as like miker said, someone looking for a free email service will turn elsewhere. But it is useful as the state of the account before getting shell access.

Also my opinion is that we should give one month time for everyone running an FTP account to move his files or upgrade to shell. After this month all FTP accounts should be deleted. This could make things more "clean" than having email accounts, shell accounts and "some" old FTP ones.
User avatar
afonic
Forum Admin
Forum Admin
 
Posts: 685
Joined: Tue Oct 14, 2003 11:11 pm
Location: Salonica, Greece

Postby eX » Thu Jul 28, 2005 11:53 pm

afonic wrote:Also my opinion is that we should give one month time for everyone running an FTP account to move his files or upgrade to shell. After this month all FTP accounts should be deleted. This could make things more "clean" than having email accounts, shell accounts and "some" old FTP ones.


It look like... "I know that you have site here few years already, but now you have 2 choices: upgrade account or it will be deleted". afonic you must be kidding... (but is't not funny!)
eX
Member
 
Posts: 38
Joined: Fri Dec 03, 2004 10:55 am

Postby Matej » Fri Jul 29, 2005 9:36 am

Don't forget that even the shell application form isn't even nearly secure. Anyone with a bit imagination can fill it out with fake information and eventually get an account.

I also don't like the idea to have old FTP accounts still enabled while new ones can't be created. Though eX has a point there. But on the other hand would it be "too much hassle" for you (in fact anyone) to send the application form and a couple bucks to support polarhome. It's really not much more work that to write a postcard.
User avatar
Matej
Forum Admin
Forum Admin
 
Posts: 365
Joined: Sun Sep 29, 2002 12:28 am
Location: Ljubljana, Slovenia

Postby Clem » Fri Jul 29, 2005 11:52 am

:shock: So your going to deleet my ftp acount? :shock: I think you should do the ftp acounts somthing like this..

#1. Take a online "Quiz" If you fail the quiz once you have to wait a month before you can try again, after the month is up if you honestly just made a mistake you can retake the quiz if you get it right this time you pass, if you fail again you are permantly blocked. *as in your host name is blocked example, Hostname : gdprtnt2-port-34.dial.telus.net*

#2. when and if you pass the above you recive a ticket number, you put that ticket number in the subject line of a email and email it along with the reasons you want a ftp acount, now not sure how you would do this but when the email is recived if the ticket number is valid it gets sent to a "folder" marked review otherwise it gets marked for deletion.

#3. Admin looks over email marked review and choses wich ones seem to be ok and wich ones you should happily delet.

#4. Now this is just an option but if the admin of the "new users" Thinks they are worthy of a ftp acount then they forward the email with their "opinions" of this new user to the big dude. who copy's and pasts the ticket number into a script and volia the user is activated and up and running.

------------------------
The one month waiting period between failure of the "test" will most likely weed out some of the not too bright lamers, seeing as the test would be structured around a nice long What's tolerated and what's not. User "legal" agreement. *HATE READING THOES* so basicaly these people that want a shell acount right away. wont bother and will look else where for systems to abuse while people that genuinly want the acount will take the time to do this..
and for thoes lamers who seem to slip thrue the "test" they have to pass steps 2,3,and finaly 4.
-------------------------
Personaly I am against the postcard system for me to send a post card wich I have never done in my life I would have to catch a ride to town, 30 miles. Search town, buy a postcard. fill it out. mail it. Wait a month(debateable i know:roll:) until the postcard gets there. mail is just a hasle for me. That's why I allways use email. Another thing you could do is have the requetee give you phone number / for them and for their isp. if they turn out to be an ass phone the isp and get them shutdown.

-------------------------
Whell that's just my short 2c on this :P let me know what you think. via email / msn or that private message thingy on forum here (name just sliped my head.)

Anyways. gtg to bed 2:51 am took me an hour to think this up!

~Clem
User avatar
Clem
Newbie
 
Posts: 9
Joined: Fri Jul 29, 2005 9:58 am
Location: Chetwynd

Postby Matej » Fri Jul 29, 2005 2:47 pm

Clem, first of all welcome to the forums.

So your going to deleet my ftp acount?

No, we're still discussing what to do with the accounts.

Your idea sounds like a lot of work not only for the users but also for the admin (not me - Zoli).
A month waiting time will probably be far to long even for the people who are desperate to get an account. BTW, banning hostnames is a tricky thing. What of the user has a dynamic IP?

As I said in my first post I'm still for stopping FTP service.
User avatar
Matej
Forum Admin
Forum Admin
 
Posts: 365
Joined: Sun Sep 29, 2002 12:28 am
Location: Ljubljana, Slovenia

Postby Clem » Fri Jul 29, 2005 11:12 pm

Your right it would be hard for thoes with dial up. I was thinking along the lines of a system somthing like the moonligh glade has. except without the irc. But it was just an idea. Maby you could do it somehow with a cookie. that would weed out the total nobs. (yes everyone has to start somewhere) I'll do a little reasearch on it and see what I can dig up.. God i love !GOOGLE! :)
User avatar
Clem
Newbie
 
Posts: 9
Joined: Fri Jul 29, 2005 9:58 am
Location: Chetwynd

Postby eX » Fri Jul 29, 2005 11:50 pm

Clem wrote::shock: So your going to deleet my ftp acount? :shock:


Oh my God! One from (how many? 10000...?) FTP users finally show his care. FTP account owners don't be so shy... Or it might really happen that your accounts will be deleted.
Since it look that FTP users don't care to much what will be with their accounts I wont discuss about that too anymore...
eX
Member
 
Posts: 38
Joined: Fri Dec 03, 2004 10:55 am

Postby eX » Fri Jul 29, 2005 11:54 pm

Clem I use dial-up and my cookies are (same as all other garbages) erased daily.
eX
Member
 
Posts: 38
Joined: Fri Dec 03, 2004 10:55 am

Postby pijan » Sat Jul 30, 2005 1:45 am

i want register my web hosting in polarhome ftp but my register is not done.why.....help me...
pijan
Newbie
 
Posts: 1
Joined: Sat Jul 30, 2005 1:39 am
Location: malaysia

Postby Matej » Sat Jul 30, 2005 9:59 am

Here is one of those who probably really need an account.

What if you read the topic and the first post before you ask?
User avatar
Matej
Forum Admin
Forum Admin
 
Posts: 365
Joined: Sun Sep 29, 2002 12:28 am
Location: Ljubljana, Slovenia

Postby miker_alpha » Sat Jul 30, 2005 11:35 am

Perhaps put a box up at /service/shell web page to say that account creation has been temporarily suspended due to abuse (Zoli ?)

Maybe main page as well...

Have a restful weekend, everyone!

MikeR

P.S. I've tried to look up the profiles of e.g Clem and Pijan (two recent posters) and saw nothing but a blank page... something wrong?

M.
Last edited by miker_alpha on Sat Jul 30, 2005 11:42 am, edited 1 time in total.
Look for OpenVMS help on my webpage
Check for QOTD here.
Image
User avatar
miker_alpha
Moderator
Moderator
 
Posts: 256
Joined: Sat May 08, 2004 9:20 am
Location: Kibbutz Tzora, Israel

Postby eX » Sat Jul 30, 2005 11:36 am

Matej wrote:Here is one of those who probably really need an account.


You got that impression? How does he found THIS topic without reading it (explanation on his "why"... ;-) Funny guy...


pijan if this forum theme is to long for reading I suggest you to read atleast few "news" lines on main site.
eX
Member
 
Posts: 38
Joined: Fri Dec 03, 2004 10:55 am

Postby afonic » Sat Jul 30, 2005 7:09 pm

eX wrote:
afonic wrote:Also my opinion is that we should give one month time for everyone running an FTP account to move his files or upgrade to shell. After this month all FTP accounts should be deleted. This could make things more "clean" than having email accounts, shell accounts and "some" old FTP ones.


It look like... "I know that you have site here few years already, but now you have 2 choices: upgrade account or it will be deleted". afonic you must be kidding... (but is't not funny!)


No, not at all. Removing idle accounts, see which ones are not idle, make sure they are not abusive, then create a special status of "ex-FTP accounts" etc is too much work.

We should email each user's mailbox and say that FTP accounts will be no more (post it in the frontpage also), and so they have 1 month to upgrade or move their files. After this 1 month all FTP accounts not upgraded will be deleted.

This is the painless (for zoli) way and the best for the Polarhome servers that will get rid of many junk. (for example sites that seem active but haven't been updated since the last century, files (no HTML) only accounts, phpBB forums that have not been updated since 2.0 - and therefore risk the security of the server etc).

The users that their sites are really active will take notice and move to another ISP or upgrade.
User avatar
afonic
Forum Admin
Forum Admin
 
Posts: 685
Joined: Tue Oct 14, 2003 11:11 pm
Location: Salonica, Greece

Postby amec » Sat Jul 30, 2005 10:16 pm

Matej wrote:Here is one of those who probably really need an account.

What if you read the topic and the first post before you ask?


Just becouse he is yelling that he's account is not created, does not mean that he needs it for a good purpose. If he was net even able to read what is written on the front page I doubt that he would deserve to be considered eligible for any kind of account. :>
I've climbed the mountains high
And walked among the clouds
amec
Moderator
Moderator
 
Posts: 8
Joined: Sat Jul 30, 2005 9:41 pm
Location: here and there

Postby amec » Sat Jul 30, 2005 10:20 pm

eX wrote:
Clem wrote::shock: So your going to deleet my ftp acount? :shock:


Oh my God! One from (how many? 10000...?) FTP users finally show his care. FTP account owners don't be so shy...


1...2....3.... doesn't really matter. Problem is, that there should be a way of protecting those accounts. On the other hand, if all FTP accounts will be disabled, for sure there will some mails (probably some of them not very frendly) asking for reactivation and these requests should be checked one-by-one.

Anyway an email to inform those poor guys that they have to switch to a shell account would be useful.
I've climbed the mountains high
And walked among the clouds
amec
Moderator
Moderator
 
Posts: 8
Joined: Sat Jul 30, 2005 9:41 pm
Location: here and there

Postby zoli » Sat Jul 30, 2005 10:30 pm

hi,

seems, we are reaching the decision point. It is good, because we can not postpone this decision for ages.

What we all agree on:

1. all not used (never used) ftp accounts should be deleted.
2. new accounts should be created will all featuers but just e-mail access should be allowd.
3. shell registartion should not change.

What we couls not agree on so far - what to do with current/active ftp accounts. There are two main approaches:

1. leave they on current level (after a security/content audit)
2. grant them fre months in order to have time to upgrade to shell. After that time all not upgraded ftp account should fall back to e-mail level.

MY PERSONAL opinion follows:
I agree with afonic that option 2. would create a much cleanar polarhome and reduce security risks in the future. But as a human being with positive approach, my conscience votes for option 1. Leave they as they are. We just simply can not do so to polarhome users.
It is said: Do not do to others what you do not want them to do to you.
Regards,
Z
---
Zoltan Arpadffy
zoli
Forum Admin
Forum Admin
 
Posts: 752
Joined: Mon Sep 30, 2002 1:27 am
Location: Stockholm, Sweden

Postby DenisF » Sun Jul 31, 2005 1:20 am

Right so i actually did take the time to read this entire thread at 2am *shrugs*

now my 2 cents;

stick to this registration system that lets people make "everything disabled" email accounts, and if they want the full featured thing - they will register a shell account with the proccedure that polarhome currently uses to upgrade ftp -> shell.

so basicly only 2 types of accounts: (1) e-mail only (2) shell

current FTP accounts should all get a few months notice to either upgrade to shell, or move their files to some other host or whatever..


also on a slightly offtopic note.

seeing as how only shell accounts are gonna have websites from that point onwards, maybe 'finally' no more safemode and disabled mail()? :)


P.S
with this new 'wave' of ftp accounts upgrading to shell, you'll get 10 (moneys) per account, in total it's gonna be a very nice sum that can be used to bribe the ISP' abuse team :P :lol: [or server upgrades or whatever else :lol: ]
Image
[ FAQ ] :: [ Policy ] :: [ Port Forwarding Guide ] :: [ Search ]
User avatar
DenisF
Forum Admin
Forum Admin
 
Posts: 679
Joined: Mon Dec 16, 2002 9:09 pm
Location: Israhell

Postby eX » Sun Jul 31, 2005 1:32 am

btw. i think that some free shell providers have scripts whic automatically remove user if he/she didn`t log himself in XX days. So i am forced to log into shell account atleast once in every 90 days or account is threated as abandoned... Those things could made FTP account cleaning easyer.

btw. last sentence from DenisF don't sound bad. "blackfond" for abuse team (and emergency situation).. haha (ok, it`s not funny)
Last edited by eX on Sun Jul 31, 2005 1:42 am, edited 1 time in total.
eX
Member
 
Posts: 38
Joined: Fri Dec 03, 2004 10:55 am

PreviousNext

Return to FTP accounts

Who is online

Users browsing this forum: No registered users and 1 guest

cron