Newsletter - September 2002

Welcome to the first edition of the Community Managers newsletter. For this edition only, it has also been sent as an announcement to the entire group, so firstly apologies to those who get it twice. If you wish to continue receiving our newsletter please sign up HERE Each month our newsletter will contain a quick look at what's changed in the site over the past month and a main article aimed at helping you improve your group.

We will keep back issues available online in case you lose your copy. The Articles will be incorporated into tutorials in CM but no sooner than 1 month after the newsletter.

I would like to thank all of those who have joined our mailing list in the past month. It's nice to know such a large number of people visit our site on a regular basis, even if they don't post.

What's New at CM

This month at CM there has been some major changes, those of you who visit often will notice we have a totally new look, as well as many new features. But this month our star attraction is CM Tools, a collection of web based tools aimed at helping you through tedious chores in managing your group, as well as help you pull off those fancy tricks you just cant seem to manage. We aim at expanding our tools section further so please feel free to use our suggestions form HERE to inform us of anything you would like added.

Making your group secure

As an MSN group manager sooner or later you will encounter a disgruntled member or jealous manager of another group, trying to disrupt your group. A favourite tactic employed is to "plant" material that breaks the COC within your group, and then report you to MSN. The aim of this article is to help you keep your group and passport as secure as possible.

Secure your passport
The first task in securing any group is to ensure all passports with Managerial status are as secure as possible. The first stage in passport security is to keep your passport address private. Ideally any contact email address's given to your group should not be in any way attached to a management passport. If it already is I suggest getting a new manager passport. You must hide your email address in your email settings, as armed with the email address alone it is possible for someone with malicious intent to post on your message board under your name! I suggest you pass this article on to any co-managers and assistant managers. There's no point securing your passport if someone else's is wide open. No doubt you have a hard to guess password, but what about your secret question, this is a highly exploited back door. Ensure your secret question is not about personal information, those who get to know you may well figure out the answer. Instead use something like this Question "Monitor" Answer "Samtron56E" the answer being the make & model of your monitor, or the serial number. Ask a question that doesn't give away what the full question is. It's far harder to guess if you can't figure out what's being asked.

With this changed your passport should now be secure, no one knows the address, no one can guess the password, no-one can guess the secret question. After ensuring all passports with managerial status are secure you can move onto the next step.

Site Lock Down
The default settings in a group allow anyone to upload a photo, file or add a recommendation and add edit/delete list entries. If members do not need this kind of access then your leaving doors and windows open for someone to exploit.

Photo Albums
Photo albums are the most often used exploit in "planting" illegal content on a site. If your members do not need to upload photos then use the following steps to stop them from adding to albums

Some groups such as "personals" sites and photography sites need the members to be able to upload their own pictures. To narrow down which albums you need to check for illegal pictures make only the albums that member are allowed to upload to are unlocked, but lock the rest. It's also a good idea to ensure members cannot make new albums.

A method used in a friends site that worked well was to have a single album members posted their pictures to, the manager the saved the picture and uploaded it to the correct album, putting in the correct description, and then deleting the original. This meant that only a single album had to be watched and was emptied out on a regular basis.

Documents Folder
There should not really be any reason for a member to need to use the documents folder. Lock this so that only managers can upload files. If a member needs to share a file they can attach it to a message board post.

List Pages
Many groups have found that upset members have gone through a deleted everything from their list pages. Make sure you have yours set that members can only delete/edit their own entries.
Or so that only managers can do so

Protect Your Message boards
It's come to light that armed with only the email address showing in someone's profile its possible to post to the message board under that persons name. It's highly recommended that you urge members to hide their email address in the email settings page and to use a different email address that no-one knows for receiving their group emails.

This should cover your group from as many angles of attack as possible, although is not guaranteed to stop everything it does limit the vulnerabilities within a group. If you have any comments/suggestions or regarding this article or we missed something please contribute to this [url] discussion on our message board.

Thank you for being part of our group and we hope our first newsletter was of interest to you. If you wish to suggest anything for the content of our next newsletter use the suggestions form on our Contact Us page.

Community Managers.