[Dxspider-support] Problems with command " dx by "
Robert Chalmas
rchalmas at users.ch
Mon Dec 29 12:53:40 GMT 2003
Hi everybody,
> The past day 25th of December, somebody connected to my
> cluster, ED7ZAB-5, and sent a few spots with the command
> "dx by" as shows the log:
[...]
> May I ask for this command "dx by" or "dx/by" to be removed
> in future releases of DX cluster softwares ? ....
>
> It is in my opinion a dangerous command which could create
> some situations of compromise in hands of " bad people " like
> in the one shown uplines.
I fully agree with Angel. This command is a door open to any misuser.
But removing this command will have no effect as long as everybody
can connect over telnet to most cluster nodes with full provileges
without any authentification !
As cluster sysops, we are responsible to check that only amateur radio
operators may connect to our nodes with full (=read/write) privileges.
Althought is seems that non ham connexions are not a common problem,
enabling a user authentication would also solve the problem of people
connecting with somebody else's callsign.
In DXspider, this can be done easily by adding this line in
/spider/scripts/startup:
set/var $main::reqreg = 1
Everybody can still connect to the server, but with read-only privileges.
Only registered users, who received a password after having their
identity checked, receive write privileges.
With my best wishes for 2004,
Robert - HB9BZA, sysop of HB9IAC-8 (www.iapc.ch:8000)
--
Robert CHALMAS, PO Box 1225, CH-1227 Carouge/GE, SWITZERLAND
email: rchalmas at users.ch AX-25: HB9BZA @ HB9IAP
homepage: http://rchalmas.users.ch
More information about the Dxspider-support
mailing list