That can be/is a possibility but the good mitigating factor to
that is that group aliases are not available in free groups so it
would mean someone would have to pay $220 for a year (or monthly)
in order to be able to do that "DNS parking", which lowers the
probability it could happen.
But you are right, it can. However,
5 is too low IMO; regardless of retro-application of it or not, you would be handicapping certain types of groups which use the aliases for what they are useful over here, search keywords for finding the group***, and also prevent "competitors" from causing unnecessary group-related headaches. For example, see attached, this printer hardware user group of mine, it covers the whole MicroDry (MD) line of ALPS printers plus re-branded ones. As such, you can tell the aim/intent in my alias names, and by virtue of the whole model line +, it has to be big. I'm sure there are other types of similar-purpose/function groups that do this, not just me or my type of group only. I've also done a similar setup on another group which is a Special Interest Group which builds airliner model kits exclusively.
*** (I do know about the group description "hidden-text" trick but many don't)
But I have a relatively simple and easy suggestion to alleviate the concern without altering anything on current group aliases' functionality. Here's the thing; alias creation/editing is an infrequent task, it may spike after (and a bit after) group creation, but after that, it should be relatively quiet; or the corollary, it may not happen until some time in the group's future and then go quiet again, same end result. The point is, for all groups, any generated auditing data related to alias editing is not really going to be a large amount, therefore impact should be minimal/very-small on that end. So,
- Create a "new"* table/place, GroupAlias_ActivityLog or whatever. (* "new" could be a literally-new one or use an existing table like the ActivityLog if it can support this)
- Add a few lines of code to the group-alias-deletion part, so it saves the pertinent info to the GroupAlias_ActivityLog, at the very least date & time, GroupID of where the alias was deleted from, OwnerID of that group, UserID & IsMod/IsOwner status of the person who did the deletion, and the alias text/pointer/whatnot; plus anything else that can be of use for this.
That's it, for now. This would create the infrastructure needed and would start logging deletions. Then we figure out how to get the warning light to blink. My suggestion would be to create a reporting/trend-analysis script/job that at some specified interval depending on how quickly Mark would want to be given a heads-up. It would compare all the group names that have been newly-created during that interval against the name of any GroupAlias_ActivityLog deletions during that same interval. Also do a second same comparison but since-beginning-of-auditing-data this time.
1. If the count of matches (interval-only or since-beginning-of-log-data) is 0 all is kosher.
2. Otherwise break down the distribution of that count data based on the combinations of who did what and when, both for just the interval and since-beginning-of-log-data. For example, how many new groups were created during the two timeframes:
- by the same owner, and the owner was the one who did the alias deletion. (more-or-less OK I'd think)And so on, you get the idea, whatever we may think could/would be suspicious. For example, if the same group owner/mod seems to be consistently deleting aliases only for those to show up as new group names (at any point in time now or later on), by consistently totally unrelated people (i.e. they are not in a group the owner/mod are in), that would definitively be worth IMO having a look at, even if a cursory one at the very least. It could be innocent (as me for example releasing and giving gratis one of the aliases in my example above to a "competitor" if I wanted to), but it could also be something more sinister afoot, including Bruce's concern, in which case some setup like this should help alert and eventually catch the perpetrator(s).