RE: [dita-fa-edboard] bogus postings on dita.xml.org...

["Carol Geyer" <carol.geyer@oasis-open.org>]

DITA XML.org Editorial Board,

Many thanks to Scott for acting so quickly to remove the garbage postings.

Seth is working now to delete the spam links from the "Recent Posts" box. I'll
let you know what he is able to do and find out regarding the admin breach.

Bruce's suggestion about a two-step registration process sounds great (that's
the way we manage mail lists at OASIS), but I'm not sure if Drupal supports
anything like that. Greg, could you please advise on this as well as on the
log-scanning service Bruce mentioned?

On a brighter note, Seth has revised the Events page so it's *much* more
engaging and easier to navigate. We're still ironing out some style issues on
IE, but I hope you agree it is a big improvement.

Happy New Year,

Carol




-----Original Message-----
From: Bruce Esrig [mailto:esrig-ia@esrig.com] 
Sent: Sunday, December 31, 2006 4:41 PM
To: Scott Prentice; dita-fa-edboard@lists.xml.org
Subject: Re: [dita-fa-edboard] bogus postings on dita.xml.org...

Well, that's an interesting way to welcome the New Year!

Short of reviewing every user ... I wonder whether it's possible to 
introduce a two-step registration process. The user registers an e-mail 
address and then must confirm from that e-mail address.

To save on manual labor reviewing the logs ... I wonder whether there's a 
log-scanning service that can flag suspicious-looking e-mail addresses.

Bruce

At 07:07 PM 12/30/2006, Scott Prentice wrote:
>Hi...
>
>I noticed a large number of bogus postings on the site and was deleting 
>them along with blocking the usernames that posted them (if you delete the 
>user before removing the pages they posted, it appears that you can run 
>into trouble). This is all as you'd expect these days, but I ran into a 
>user named "admin" (who actually has full admin privileges) who posted an 
>item titled .. "tiny nude models" .. I've deleted the posting, but can't 
>(obviously) delete the user. Does this mean that someone has hacked in as 
>"admin"? Perhaps we should change the password for the user "admin"?
>
>Should we delete the users that post garbage .. or just block them? Either 
>way, they can just register again.
>
>Also .. if you go to the admin page .. http://dita.xml.org/admin .. and 
>filter on all messages, you'll see a large number of PHP errors .. this 
>doesn't seem right .. these errors are being generated many times per second.
>
>...scott
>
>
>
>
>
>
>---------------------------------------------------------------------
>This publicly archived list is provided by OASIS for the use of the Editorial
>Board of DITA XML.org. Subscription and posting privileges are reserved for
>members of the Editorial Board; others should contact
>communications@oasis-open.org for assistance.
>
>[Un]Subscribe: dita-fa-edboard-[un]subscribe@lists.xml.org
>List archives: http://lists.xml.org/archives/dita-fa-edboard/
>XML.org DITA Focus Area: http://dita.xml.org
>Committee homepage: http://www.oasis-open.org/committees/dita
>List Guidelines: http://www.oasis-open.org/maillists/guidelines.php
>



---------------------------------------------------------------------
This publicly archived list is provided by OASIS for the use of the Editorial
Board of DITA XML.org. Subscription and posting privileges are reserved for
members of the Editorial Board; others should contact
communications@oasis-open.org for assistance.

[Un]Subscribe: dita-fa-edboard-[un]subscribe@lists.xml.org
List archives: http://lists.xml.org/archives/dita-fa-edboard/
XML.org DITA Focus Area: http://dita.xml.org
Committee homepage: http://www.oasis-open.org/committees/dita
List Guidelines: http://www.oasis-open.org/maillists/guidelines.php