>>Maybe one can learn a bit from all of this!!!!
>>> before dubiously ban someone out, just ask what he is doing
>
> Banning first and asking later is safer! Also, I'm not sure we have got
> a general way for a site to contact a user, you have to go via the VO
> administrator and that could take a while.
This was not just an abuse of the batch system or some other
ill-mannered job behaviour. It was an attempt to create an ssh backdoor.
The suspicious deeds were done with a valid user's certificate. If his
userid had been compromised, getting an email response from that user
might not be from the real user. So asking first (which is what we did)
could be overly naive.
The message to be learned here is to ask a site manager before playing
with security-related procedures on his site. We are right to be uptight
about security.
Cheers,
Lorne
|