Polarhome Community

[afonic]

MY PERSONAL opinion follows:
I agree with afonic that option 2. would create a much cleanar polarhome and reduce security risks in the future. But as a human being with positive approach, my conscience votes for option 1. Leave they as they are. We just simply can not do so to polarhome users.
It is said: Do not do to others what you do not want them to do to you.

Well to be honest I took in consideration your limited time when I said that the better way would be to delete all FTP accounts.

Maybe we should do it in a little smarter way. Create a form that existing FTP users should complete to keep their FTP account. Like a small name, username form, including an email and a small text box that the user should say what he is using the account for.

That way we can get rid of inactive accounts (inactive users won't take notice of the form they need to complete and submit and therefore their accounts will be deleted) but also it makes the security/content audit much easier (as we will have to review not all the active sites but only those that applied and those with an account usage description).

We can give all users a month to complete and submit this form. After this month we can have our old FTP users using their accounts as before and the inactive and abusive accounts gone.

[miker_alpha]

Quoting Afonic:

Create a form that existing FTP users should complete to keep their FTP account. Like a small name, username form, including an email and a small text box that the user should say what he is using the account for.

Seems right to me, with two additions:
1. Send an email to all ftp account owners - that will help weed out those who submitted the form with a junk email account, originally. Send to both submitted email address, and polarhome email address.

2. I think one month is too little, esp. now (summertime in Northern hemisphere) when people are away, on vacation etc. Two or three months seem a bit more charitable.

WRT OpenVMS: easy enough to write a batch script do disable/delete whichever accounts have not been accessed in X days; You choose X... But I imagine the bulk of the work is on redhat and friends.

MikeR

[Clem]

Quoting Afonic:

Create a form that existing FTP users should complete to keep their FTP account. Like a small name, username form, including an email and a small text box that the user should say what he is using the account for.

Seems right to me, with two additions:
1. Send an email to all ftp account owners - that will help weed out those who submitted the form with a junk email account, originally. Send to both submitted email address, and polarhome email address.

2. I think one month is too little, esp. now (summertime in Northern hemisphere) when people are away, on vacation etc. Two or three months seem a bit more charitable.

WRT OpenVMS: easy enough to write a batch script do disable/delete whichever accounts have not been accessed in X days; You choose X... But I imagine the bulk of the work is on redhat and friends.

MikeR

I like that idea. Because I do care about my ftp acount altho seriously considering upgrading.

[amec]

hi,

seems, we are reaching the decision point. It is good, because we can not postpone this decision for ages.

What we all agree on:

1. all not used (never used) ftp accounts should be deleted.
2. new accounts should be created will all featuers but just e-mail access should be allowd.
3. shell registartion should not change.

IMHO
For point 1, I would suggest that in the first phase just disable the account and after another period remove it for good.

Beside this, a blacklist of the abusers e-mail addresses and/or usernames should exist and check every new user creation against this list.

Another possibility is also to grep for 'ebay', 'citygroup' and other phishing word at the very beginning, while files are being written/read on/from the file system, and alert the cops/admin group - unfortunatly to develop this module or just useing an existing virus-scanner might take some time and can add some load on the different systems.

[Matej]

Here is one of those who probably really need an account.

What if you read the topic and the first post before you ask?

Just becouse he is yelling that he's account is not created, does not mean that he needs it for a good purpose. If he was net even able to read what is written on the front page I doubt that he would deserve to be considered eligible for any kind of account. :>

I was trying to be sarcastic.
Seems I failed miserably though. Remind me to put a smilie there next time.

I'm for the "no more FTP accounts" option. Give them time to upgrade but make it so that in 2-3 months there will be only shell and email accounts.
My conscience says that it's even more unfair to have some users who registered just in time and now have totally free accounts while new users can't get them.

P.S. I've tried to look up the profiles of e.g Clem and Pijan (two recent posters) and saw nothing but a blank page... something wrong?

M.

Obviously something went wrong during the patch to phpbb 2.17.
Should be ok now.

[amec]

Seems I failed miserably though. Remind me to put a smilie there next time.

Just as a reminder, next time please do not forget the smily

[Clem]

P.S. I've tried to look up the profiles of e.g Clem and Pijan (two recent posters) and saw nothing but a blank page... something wrong?

My forum profile is up??

[zoli]

OK,

I have a feeling that we have reached the decision about current ftp accounts too:

- Non used ftp accounts are disabled immediatelly
- Send out a warning mail to active ftp users with a notice.
- ftp users have three months to either register shell or fall back to e-mail access level.
- on e-mail access level, web space is not reachable.
- on shell accounts php safe_mode should be turned off and mail() function should be enabled.

Is that right?
Is that what we want?

[juang]

Hello, I have been an FTP account user since Sept. 2003 (plus or minus a couple months). I didn't read this discussion until now because I rarely check the main polarhome.com page. I hope that you continue to allow FTP-only accounts to exist, although maybe with restricted registration. I really do not want to pay money for a shell account when I would never use the shell features. The FTP accounts are why I love Polarhome: you are trusting and respectful, and give us so many good features for free.

[Matej]

you are trusting and respectful, and give us so many good features for free.

That's the reason that so many people abuse polarhome.

- Non used ftp accounts are disabled immediatelly
- Send out a warning mail to active ftp users with a notice.
- ftp users have three months to either register shell or fall back to e-mail access level.
- on e-mail access level, web space is not reachable.
- on shell accounts php safe_mode should be turned off and mail() function should be enabled.

Right for me.

[Clem]

I guess I will have to break down and upgrade my ftp space to shell.

[miker_alpha]

I have placed a text announcement so that anyone connecting by FTP to alpha.polarhome.com or vax.polarhome.com will see it ("FTP accounts will be cancelled ....")

I suggest system manglers on the other systems do likewise - give the users some advance warning.

MikeR

[zoli]

OK... then I will procede as we decided.
It will take me few nights until whole polarhome will work according to new policy.

I am sad and feel sorry for all ftp users with positive approach.
...but polarhome, really haven't had any other reasonable choice.

[nachokp]

hi, yesterday when I was trying to create a FTP (to apply for a shell account) I realised that you had disabled the service and now by reading this forum I catch the whole idea.

But, Now that FTP accounts are dissabled how can I apply for a shell account If i don´t have an username?

[zoli]

hi,

I am working on it right now... I can not promise today but hopefully tomorrow you will be able to create template accounts.

[thewave_openbsd]

I really do not want to pay money for a shell account when I would never use the shell features.

I am an active ftp user and will end up upgrading to shell. I agree with juang though. It seems unforunate tat i will be paying for many features that i may never use. But i try to think of it more like a donation, thanking zoli for the excellent service.

[afonic]

I really do not want to pay money for a shell account when I would never use the shell features.

Maybe you will never use shell but the improvements we can make to the stuff polarhome offers as a web host, like turning off php safe_mod and enabled mail() are more than usefull.

Also many FTP accounts will be gone, thus the servers will gain speed as well as the upload will be better as a result of less users. If you add the stop of the downtime due to abuse incidents you will realise Polarhome is once again changing page and improving it's services.

After all 10 local currency units are so low (just 2 beers in a pub) for getting all these for a lifetime!

[miker_alpha]

Zoli:

OK... then I will procede as we decided.
It will take me few nights until whole polarhome will work according to new policy.

If there's anything I can help with on the OpenVMS servers please let me know offline { mike (at) rechtman (dot) com }

MikeR

[Clem]

Allright I guess I will dump my current shell provider and get an acount on here. I've wanted a shell on here for awile but have been puting it off.
I guess this gives people like me a push to upgrade.

CHEERS

[sjaz]

If you have a commercial shell, I would suggest keeping it so you have a professional shell as well as the educational polarhome shell.