Fwd: Re: [Coder-Com] suggestion of a WHOIS modification

Fri, 03 Jan 2003 06:25:13 -0800 

Resending minus some LT/GT around e-mail addresses, because the previous one
seems to have been a false positive in the HTML detect rules.

----- Forwarded message from Andrew Miller [EMAIL PROTECTED] -----
    Date: Fri,  3 Jan 2003 20:39:55 +1300
    From: Andrew Miller [EMAIL PROTECTED]
Reply-To: Andrew Miller [EMAIL PROTECTED]
 Subject: Re: [Coder-Com] suggestion of a WHOIS modification
      To: [EMAIL PROTECTED]

Quoting stoney` [EMAIL PROTECTED]:

> Well technically since cservice issues usernames that allow users to mode
> +x, they need to be notified when there's credible evidence of abuse.
> Unfortunately, the only way to confirm abuse is by having an IRCop check
> user@hosts of clones and then report it to cservice (messy isn't it). We
> currently have #zt for channel takeovers, and #cservice for X and
> registered channel issues but since #cservice ops aren't necessary IRCops,
> and #zt has it's hands full with other lameness, I do think we need a
> channel where IRCops are willing to validate hidden host abuses.
> Comments?
The following table is kept updated by X...

CREATE TABLE users_lastseen (
        user_id INT4 CONSTRAINT lastseen_users_id_ref REFERENCES users ( id ),
        last_seen INT4,
        last_hostmask VARCHAR( 256 ),
        last_updated INT4 NOT NULL,
        PRIMARY KEY (user_id)
);

A droner/cloner probably won't bother logging on from elsewhere to wipe out the
lastseen table, so this could be used both to verify complaints of abuse after
QUIT(removing the need for IRCops to complain to cservice, as cservice can do
lookups themselves) and also, this creates possibilities for more offline data
mining to try to detect accounts being abused before someone complains(e.g. an
unrealistic number of logins to X from a class C within a certain time). Of
course, this should allow the admins to mark it as a fraud, but not auto-suspend
as in some cases normal data could trigger it.
> stoney`
>
> At 08:37 PM 1/2/2003 -0500, you wrote:
> >You mean like #support on GamesNET or #feds on QuakeNet? That kinda thing?
> >
> >Py Fivestones wrote:
> >
> >>The question still remains: How can a user complain to a lamer's ISP? I
(Long quoted history removed)



----- End forwarded message -----

Reply via email to