i’ve seen one for sure spam, and think i just saw a maybe second…
while we all know it is impossible to keep it all out (and it is not
a problem, so far), i think it just a matter of time before the Filth
of the Earth (aka: spammers) find the nntp way in…and, i suggest
before they do TPTB set the nntp server to use an ID/password for entry…
–
DenverD (Linux Counter 282315) via NNTP, Thunderbird 2.0.0.14, KDE
3.5.7, SUSE Linux 10.3, 2.6.22.18-0.2-default #1 SMP i686 athlon
For almost 10 years, Novell has now been running their support forums on
NNTP servers without password requirement and so far, spammers were never
a big problem that couldn’t be handled. The situation would be different
if Novell’s news server were linked to other public news servers.
Requiring login for NNTP access has 2 disadvanatges:
It may put off users from using the forums. I agree this is actually a
week argument for forums where most users use the web and the web
requiring authentication anyway.
Password security
Now this is a bigger issue. By default, the nntp protocol transmits the
password in cleartext and thus malicious people could sniff the password.
This is particularly an issue as you would typically want the nntp
password to be the same as the web password. However the web password is
the Novell customer password for all Novell web sites including for
example license management for the products a customer may have purchased.
As such, it is not a good idea to send such a password in clear over the
internet. There would be 3 potential worarounds to this problem:
–
Marcel Cox
hmmmmmm…as per usual, my ‘bright ideas’ are much harder to
implement than to ‘dream up’!
to me, now, it seems best to revisit the idea IF spam (via nntp)
becomes a problem…
–
DenverD (Linux Counter 282315) via NNTP, Thunderbird 2.0.0.14, KDE
3.5.7, SUSE Linux 10.3, 2.6.22.18-0.2-default #1 SMP i686 athlon
We have had persistent & prolific spammers in the past and I suspect we’ll run into them in the future. Be assured the forum staff have tools available to deal with such things once they happen. As Marcel pointed out, the way we have things set up (Novell login on the web, not feeding outside servers on NNTP, etc. etc. ) we’ve minimized our vulnerability to spam as much as we can in an open system and the staff will just jump on spam when we get it. We can also take measures to block spammers once we know who they are. My advice: don’t lose any sleep over it. 
Thanks for being concerned enough to discuss it.
> Thanks for being concerned enough to discuss it.
yep, i’ve seen it pretty bad…
i wonder if the best way to report spam is by replying to it (as i
did yesterday, and soon a mod banned the spammer) OR use the
“Contact Us” at the bottom of each page…
and, wonder if it is also
DenverD (Linux Counter 282315) via NNTP, Thunderbird 2.0.0.14, KDE
3.5.7, SUSE Linux 10.3, 2.6.22.18-0.2-default #1 SMP i686 athlon
quicker if you use the report post button, or just p.m. a mod/admin pointing to the offending post. to see which mod/admin is available click on view forum leaders link at the foot of the page
Andy
good advice…thx.
–
DenverD (Linux Counter 282315) via NNTP, Thunderbird 2.0.0.14, KDE
3.5.7, SUSE Linux 10.3, 2.6.22.18-0.2-default #1 SMP i686 athlon
> quicker if you use the report post button, or just p.m. a mod/admin
> pointing to the offending post. to see which mod/admin is available
> click on view forum leaders link at the foot of the page
Agreed. Denver, if a moderator is online, pinging them is probably
quickest. If nobody is currently online, the report-a-post button emails
all the moderators AND posts it in a private forum where mods hang out.
FWIW.