Storing the MD5 values of subdomains/domains and emails would be good. It would keep the data private, but also at the same time allow searches, etc.
Actually, I think we should, it wouldn't be that hard either, you know how everyone has a hundred accounts on there server that look like they will never be used, registered with some dodgy email address and a non-sense subdomain of your tld ..... well that's not really on, it pisses me off that people think it's alright to signup for a hundred accounts and use one, there's nothing wrong with it persee, but how are the owners of the servers supposed to know when to stop selling or buy a new server when they have no idea if a load of the accounts will ever be used .....
WHM comes with some hooks, so then when an account is created or suspended or modified in some way these hooks are executed, like vbulletin and ipb's hooks for plugins and mods
Most of those are useless for this purpose however some could be very very powerful tools in the fight against abuse .....Originally Posted by http://www.cpanel.net/support/docs/hooks.htm
How about some of the programmers that are wasting their lives on these forums get together and write some snippets you can insert into some of those hooks so as to connect to a central database ( with publically available data, or using keys whatever, I'll do that bit ) and pull information on new signups and insert information on suspensions etc ... second to that, we could write a signup system ( and standalone one too, for hostees themselves to use on windows or browser or whatever ) that references the information in the database to decide wether to let a new client signup or not, this could be very configurable indeed....
I could do all of that by myself, but I really don't want too, I'd like to get some help with it, and some ideas - ideas aren't my strong point really, so if you have input, or think it'll be a total waste of time even, then please do say so ...
(\__/) Joe Watkins
(='.'=) Software Architect
(")_(") http://pthreads.org
Copy and paste bunny into your sig, help him gain world domination.
Storing the MD5 values of subdomains/domains and emails would be good. It would keep the data private, but also at the same time allow searches, etc.
good idea, any more ideas ??
(\__/) Joe Watkins
(='.'=) Software Architect
(")_(") http://pthreads.org
Copy and paste bunny into your sig, help him gain world domination.
Other than it would not be that hard to add to the /scripts/postwwwacct. Not really.
We could write an installer and uninstaller in a bash script, how does an xml backend sound ?? that way the data would be available to a wide range of other applications not just php ... js even ....
Here's some suggestions from me ....
/scripts/postwwwacct - should insert a new record into the records table, hashes of all information will be kept instead of plain text as Richard suggested ..
Information collected should be/scripts/postsuspendacct - should insert a record in the suspensions table identified by the (sub)domain and containing
- wether the account is free or paid
- the (sub)domain they are using
- the email address they used
- the address of the server that made the request
- constant contact for manual record control ( eventual or not )
- the reason for the suspension, nonpayment, abuse, illegal activity, whatever ...
- time of the suspension
- constant contact for manual record blah blah
/scripts/postunsuspendacct - this should delete the record corresponding to that subdomain in the suspensions table
/scripts/postkillacct - should delete the record in the records table corresponding to that account ....
Just these quite basic things would enable signup scripts ( and or /scripts/postwwwacct ) to check several things and take several actions based on its findings, on account creation you could; check if that domain is hosted elsewhere, check how many servers that domain is hosted on, wether the other accounts are paid for or not, you can check if this user has ever been involved in illegal activity, you can see if the user has this domain in suspension on any other servers and why, all of the findings can enable you to make immediate contact and or suspend or terminate that account ..... I'm out ....
Richard, your thoughts ?? anyone else ??
(\__/) Joe Watkins
(='.'=) Software Architect
(")_(") http://pthreads.org
Copy and paste bunny into your sig, help him gain world domination.
Quite hard to tell on an automatic system. You have to remember, without a large setup of packages (EG: custom adding of resellers packages as well as your own if they are free or paid), and then having to edit something each time you change a plan.wether the account is free or paid
I think it should be stuck to free hosting.
good point, I haven't really thought out the practicalities of each suggestion just yet, but I suppose it wont really work that one ... so yeah free only then ....
So then richard, if this information were available and the code to utilize it will you employ it on your server(s) ?
(\__/) Joe Watkins
(='.'=) Software Architect
(")_(") http://pthreads.org
Copy and paste bunny into your sig, help him gain world domination.
I sure would. I have 2 cPanel servers and 1 DirectAdmin server dedicated for free hosting, it would be a great plus to me.
One problem is - What actually happens if it detects a problem? Stopping the setup of the account could be a problem, but how about it sends an email to the admin/owner of the server with the information it collected from other servers? (EG: How many other accounts the user has)
Not a problem, you're already in the scripts directory and running as the correct user to execute /scripts/killact along with all the account information, you can suspend or delete the account immediately, and or contact the server owner and or user with the action taken and reasons why .... you could have variable levels of "strict" too ....
EDIT : also, having thought about it a little more, hashes aren't really suitable because they are one way, so the data that gets to the server will be nonsense, and we'll need it to be plain text to take action, so instead, when a host signs up to get the api code, it will include an api key, sent with every request to authenticate them along with their username and password, and then the data they send will be deciphered xor with that key, a 128 bit key will do I reckon ..... so long as the key is kept private we should be okay and no plain text will be sent ..... I think that's better because then we can use the account information in actions/communications ...
Last edited by krakjoe; August 30th, 2007 at 16:56.
(\__/) Joe Watkins
(='.'=) Software Architect
(")_(") http://pthreads.org
Copy and paste bunny into your sig, help him gain world domination.
Hey Joe - I can't help much with the programming but i do like the idea. If you want to make a project out of this script - then you can use freehostnet.info if youd like (and if i can still remember my optinom password).
|| Hugo Firth hebfirth@gmail.com
|| Visit : The Byte Vine 'Web Technology News - just a notch above mildly disinteresting. Hopefuly.'
Thanks, but I registered "hostinquest.com" earlier today ....
Host - noun. A computer containing data or programs that another computer can access by means of a network or modem.
Inquest - noun. A seeking of knowledge, data, or the truth about something.
So I guess that gives the project a name, "Host Inquest" .... I'm gonna get on and write some of the basics for the site today, I do however need lots and lots of help, I don't have the time to start and finish entirely on my own, and I know lots of you out there can program and you really should, it's for a good cause .... if you think you'd like to work with me on this then please get in touch or post here and I'll send you some stuff to do ....
Last edited by krakjoe; August 31st, 2007 at 02:28.
(\__/) Joe Watkins
(='.'=) Software Architect
(")_(") http://pthreads.org
Copy and paste bunny into your sig, help him gain world domination.
That an offer ??
(\__/) Joe Watkins
(='.'=) Software Architect
(")_(") http://pthreads.org
Copy and paste bunny into your sig, help him gain world domination.
Joe... I went and got my laptop powercord... let me know what needs to be done.. i ran out of vodka and need something to do with the rest of the nite... i downed 3 mtn dews.
I own: FreeResellers.com
For Sale: thefreewebhost.net PR 3. Make an offer via PM. <- Still for sale.
|-I am currently listening to "I can only Imagine"
Great, what do you wanna do, frontend or backend ??
(\__/) Joe Watkins
(='.'=) Software Architect
(")_(") http://pthreads.org
Copy and paste bunny into your sig, help him gain world domination.
Posting Permissions
Bookmarks