[Imc] IMC Website Abuse policy
Paul Riismandel
p-riism at uiuc.edu
Thu Dec 20 05:40:30 UTC 2001
This is the policy as presented and passed at last Sunday's steering
meeting, along with some term definitions as requested by Pauline.
If there are no objections, this will be posted to the website by the next
features update (Monday).
IMC Website Abuse Abatement Policy
Drafted by Mike Lehman, Paul Riismandel, Ellen Knutson and Brian Hagy
Approved by IMC Steering Dec. 17, 2001
As a means of insuring the privacy of U-C IMC website users, the IMC does
not regularly log the IPs of website users. On rare occasions specific
types of abuse of the IMC website may require temporary logging of IP
address information in order to identify abusers and take steps to end the
abuse. These procedures define specifically how this is to be done.
Definition and explanation of terms:
ISP Internet Service Provider. This is anyone who provides Internet
service to consumers, businesses or any user.
IP number refers to the Internet Protocol address, which is a unique
number assigned to every computer connected to the Internet. A computer's
IP number may be static and unchanging or may be assigned dynamically,
changing every time that computer connects to the Internet. Most dial-up
Internet connections and many broadband connectionssuch as cable or DSLare
dynamic. When a computer receives a dynamic IP address it is typically one
of a bank or range of addresses used by that computer's ISP. Therefore even
if a user has a different IP every time s/he accesses a website, the users
ISP can be identified if they're within a certain range. The ISP can often
then identify the user from this address.
IP Logging to Address Direct Threats
1. Direct threats are as defined in the IMC's Website Appropriate Use
Policy: These constitute direct threats on specific people or small, easily
identifiable groups of people.
2. The IMC Steering Group can begin logging IP numbers of website
users only in the case that a direct threat to an IMC member, user or
community member is posted to the IMC website's Newswire. The purpose of
logging IP numbers is to identify the threatening poster in the event that
s/he posts again using the same name or alias.
3. Perceived instances of direct threats are to be brought to the
Steering Group, which will decide during a regular meeting if they warrant
a response under this policy.
4. Notice of the impending discussion of the issue will be given to
the IMC membership via the IMC e-mail list at least five days in advance of
the meeting where the discussion is scheduled.
IP Logging to Address Attacks on the IMC's Server(s)
1. In a case where the IMC's system administrator(s) believe that a
denial of service (DoS) attack or other malicious hacking is being done
against the IMC's Internet servers such that there is a substantial risk
that the IMC's website and other Internet services will be made unavailable
to users, the administrator(s) or IMC Tech Group may make an emergency
determination to identify the source of the attack, so long as notice is
posted to the IMC e-mail list. The Steering Group will review this action
at its next scheduled meeting.
IP Logging Procedures
1. Website user IPs may only be logged for a maximum of 14 days or
after the threatening poster has made three additional posts to the IMC
website, whichever occurs first.
2. IP logs will be purged automatically in a 6-8 hour cycle, requiring
that a system administrator or IMC Tech Group member decide to keep a log
if the threatening poster appears on the IMC website.
3. The purpose of logging IPs is to establish a pattern of access of
the threatening poster, so as to determine if s/he is using a static IP
address, a dynamic address within a range of IPs or an utterly dynamic
address with no obvious pattern.
4. Information obtained about a threatening poster will be preserved
in a confidential and secure manner until the Steering Group authorizes the
release or use of the information. Only threatening posters specifically
identified by the Steering Group may have information gathered about them.
5. As a threatening poster's IP information is gathered, all other IP
log information outside of a threatening poster's IP must be purged
immediately.
6. Information obtained from logging of IPs may be used as directed by
the Steering Group. This may include contacting ISPs regarding possible
violations of their terms of service by the threatening posters; contacting
the owner of a computer identified as the source of the posts; or any such
other measures as may resolve the abuse as authorized by the Steering Group
following established IMC decision making procedures.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.chambana.net/pipermail/imc/attachments/20011219/59d2b903/attachment.html>
More information about the IMC
mailing list