1993-01-13 - Re: bbs

Header Data

From: nowhere@bsu-cs.bsu.edu (Chael Hall)
To: cypherpunks@toad.com
Message Hash: 2a9d302347ec77494ff369b712d30ee563e90cc9d213da2fb9c42c0d02ad5a2a
Message ID: <9301132133.AA22203@bsu-cs.bsu.edu>
Reply To: N/A
UTC Datetime: 1993-01-13 21:36:56 UTC
Raw Date: Wed, 13 Jan 93 13:36:56 PST

Raw message

From: nowhere@bsu-cs.bsu.edu (Chael Hall)
Date: Wed, 13 Jan 93 13:36:56 PST
To: cypherpunks@toad.com
Subject: Re: bbs
Message-ID: <9301132133.AA22203@bsu-cs.bsu.edu>
MIME-Version: 1.0
Content-Type: text/plain


>So they are using a whole bunch of accounts in an effort to conceal their
>identity? And they hope that one of the accounts will be approved 
>for full access to adult material, without the sysop really knowing 
>who they are?

     Yes, the intention is to get one approved without the SYSOP really
knowing who he approves.

>Do you always check the phone number supplied as part of the registration
>process or wait until the user abuses the BBS? It seems that someone
>could simply start taking names out of the phone book if he wanted to 
>conceal who he really is... 

     I used to check phone numbers, now I only check those of users with
strange names or wait until they abuse the system.  The first thing I check
when someone abuses my system is their identity.  If it's fraudulent, I put
the account in the system kill file and they can no longer login.  I use a
pretty good method for allowing access to adult areas.  A consent form must
be filled out and signed.  Then it is mailed to me with a photocopy of the
same person's driver's license (SSN can be blacked out, I'm not concerned
with it).  I file it away and give them access if it looks correct.

     Generally, I detect system abuse pretty soon after it occurs.  Then,
I handle the situation as quickly and efficiently as possible.  The same
user rarely tries it again.  I did voice validate all of my users, but that
got to be tedious, so I just check when something happens.  Many BBS's
require that they be able to call a user back directly before granting
full access.  This would not work over the Internet, a University modem
pool like many were using here, or long distance for the cheap SYSOP.
There are, however, a flurry of programs that perform "automatic call-back
telephone number verification."

Chael Hall

--
Chael Hall
nowhere@bsu-cs.bsu.edu, 00CCHALL@LEO.BSUVC.BSU.EDU, CHALL@CLSV.Charon.BSU.Edu
(317) 285-3648 after 3 pm EST





Thread