From: NoMonthly Customer Support <[email protected]>
[Note: this is the ISP that hosts the hv-nm.com domain that a lot of troll
posts came from last week]
Thank you for reporting this abuse to us. We have used the message Id
from the email headers you have provided and were able to find the abuser.
The spammer was coming in from the web and most obviously found an
insecure .php script that one of our clients was using ignorant of its
vulnerability.
Checking the acces logs by using the time stamp on the maillogs when the
offense took place wit found and incredible amount of connections made to the
server in question and infact we also
found an innumerable amount of POSTs that were made to a .php script
(sendthispage_submit.php)
We have removed the insecure script and have set up a block for
intruder's IP address in our server as well. We also contacted our client and
let him know of the facts.
Please let us know if we can further assist you.
--
Regards,
Doug Miller (alphageek-at-milmac-dot-com)
For a copy of my TrollFilter for NewsProxy/Nfilter,
send email to autoresponder at filterinfo-at-milmac-dot-com
When did latest round show up? I'm not seeing any of it, and it's not
being trapped by my filters.
I have 31 killed out of 833 posts, and those are 27 in an OT thread I
killed, and Luigi got caught for using a zillion exclamation marks in
his subject, but that's all...
djb
--
Is it time to change my sig line yet?
In article <8UQ%[email protected]>, Doug
Miller <[email protected]> wrote:
> There was a batch on the 20th, and another on the 23rd. Haven't seen
> him/her/it since.
Ah. Those I saw.
So why are people still snarking about it a week later? Sheesh.
djb
--
Is it time to change my sig line yet?
In article <hSR%[email protected]>, Tom
Kohlman <[email protected]> wrote:
> Filters didn't work too well because "it" was good
> at modifying subject and sender with each post.
Filtering on sender and subject is relatively ineffective.
djb
--
Is it time to change my sig line yet?
Dave Balderstone notes:
>> Filters didn't work too well because "it" was good
>> at modifying subject and sender with each post.
>
>Filtering on sender and subject is relatively ineffective.
But AOL offers domain filtering. Works like a charm. It's usually not too great
an idea, but with this particular domain, it's a really, really great idea.
Charlie Self
I don't approve of political jokes. I've seen too many of them get elected.
http://hometown.aol.com/charliediy/myhomepage/business.html
"Tom Kohlman" <[email protected]> wrote in message
news:edT%[email protected]...
> Charlie
>
> But as on offset people would have to keep an AOL account alive...
That would be the cutting the nose and face thing....ewwww
AOL, thats where the senior management for Time Warner communications sit around
every day and say "... AOL stock, I can't believe we agreed to take AOL stock..."
<rant>
And all the AOL workers have meeting discussing their missing heads.
(They were not in their assigned positions...)
Where the AOL deadheads morning chant is: We are not an ISP, we are a internet service and
content provider.
(We hate Bill, all hail Bill, We hate Bill, all hail Bill, We hate Bill, all hail Bill, We
hate Bill, all hail Bill...)
Attention Netscrape users. We will be removing the last functioning feature and adding a
new way to use
AOL instant messager in the next release. Netscrape will no longer act as a web browser.
It will now effieiently
display AOL proprietary content...
</rant>
Myx
Charlie
AOL's domain filtering in this case would seem to be a pretty safe
bet...doubt you would ever get any important or legitimate correspondence
from "nym.alias".
But as on offset people would have to keep an AOL account alive which is
nothing other than a Spam "in-box" since they sold their membership list to
the spammers to get some cash. I think they have since stopped that
practice but for those of us stupid enough to keep our old accounts, we get
more junk than treasure. Personally think it's easier to deal with it
outside of AOL.
"Charlie Self" <[email protected]> wrote in message
news:[email protected]...
> Dave Balderstone notes:
>
> >> Filters didn't work too well because "it" was good
> >> at modifying subject and sender with each post.
> >
> >Filtering on sender and subject is relatively ineffective.
>
> But AOL offers domain filtering. Works like a charm. It's usually not too
great
> an idea, but with this particular domain, it's a really, really great
idea.
>
> Charlie Self
> I don't approve of political jokes. I've seen too many of them get
elected.
>
> http://hometown.aol.com/charliediy/myhomepage/business.html
In article <ywS%[email protected]>, Doug
Miller <[email protected]> wrote:
> I just got that email from abuse@nomonthly five minutes before I posted it.
> Not my fault they were slow getting back to me. Just thought folks might like
> to see that complaining does work sometimes.
No offence meant, Doug.
I've been wondering over the last week or so why people were
complaining about posts that simply weren't showing up on my news
server (supernews.com) and wondering if they had developed some majik
filter or something.
djb
--
Is it time to change my sig line yet?
In article <MzS%[email protected]>, Tom
Kohlman <[email protected]> wrote:
> Suggestions?
Abandon Windoze?
I don't use the stuff, myself, but I hear wreckers espousing the
virtues of Agent Pro if you *must* stay on the Dark Side.
djb
--
Is it time to change my sig line yet?
In article <[email protected]>, Luigi Zanasi
<[email protected]> wrote:
> But then, I almost missed one of
> Tom Watson's threads 'cause he used a potty-mouth word in the subject
> heading.
I don't filter on cuss words. Use 'em myself from time to time. Again
yesterday big time... rakinfrakin car.
djb
--
Is it time to change my sig line yet?
Doug Miller wrote:
snip of poorly spelled response with excellent results.
Thanks for taking the time to Whack the Troll. Too bad a home
address wasn't included. Now that coulda been fun.
Dave in Fairfax
--
reply-to doesn't work
use:
daveldr at att dot net
American Association of Woodturners
http://www.woodturner.org
Capital Area Woodturners
http://www.capwoodturners.org/
Doug Miller wrote:
> From: NoMonthly Customer Support <[email protected]>
> [Note: this is the ISP that hosts the hv-nm.com domain that a lot of troll
> posts came from last week]
>
> Thank you for reporting this abuse to us. We have used the message Id
> from the email headers you have provided and were able to find the abuser.
>
> The spammer was coming in from the web and most obviously found an
> insecure .php script that one of our clients was using ignorant of its
> vulnerability.
>
> Checking the acces logs by using the time stamp on the maillogs when the
> offense took place wit found and incredible amount of connections made to the
> server in question and infact we also
> found an innumerable amount of POSTs that were made to a .php script
> (sendthispage_submit.php)
>
> We have removed the insecure script and have set up a block for
> intruder's IP address in our server as well. We also contacted our client and
> let him know of the facts.
> Please let us know if we can further assist you.
>
Many of the troll posts I examined (with impossible return addresses)
were the product of an anonymous remailing service. A user of such a
service can post to usenet via an email sent to the service. They are
generally hosted in other countries which allow such services. Those
services have a place in that they can enable someone to post
information without threat of retribution ( ie whistle blowers, critics
of certain vengeful religious groups, etc).
A$$h0les also use these services. Much to the dismay of millions.
--
Mark Wollschlager
markwoll at his dot com
remove the x in his to reply
"Doug Miller" <[email protected]> wrote in message
news:pgz%[email protected]...
>
Nice job.
One door closed, 17,431,423,985,432,234 more to go.
This was a door they closed. No wrist got slapped. No mommy got informed.
One less door may be a good thing, (pardon me Martha), but it's a drop in the ocean.
There are more youthful knotheads in administrator positions than yearly post counts for
BAD.
Most systems have all the security necessary to avoid spending any real money
or getting sued for negligence. (The standard is low so not much security is really
necessary.)
Filtering is still the only real option. We really wouldn't like it any other way either.
I use OE to read news and the fltering works well. (Considering it's microsnot crap).
No need for heroic measures to block the zipperheads.
Go on and enjoy the hunt. It is the fun of hunting and not satisfaction of finding and
stopping
that keeps people "whacking the trolls". Why is that? Because as long as people get
lathered into
a snit over nothing more than trollers with potty mouths, there will be and endless supply
of trollers.
There are those that enjoy being on the other side of the hunt too. (Seeing people respond
to or whine and cry
about what the troller's are doing is one measure of trolling success.)
Tally ho!
Myx
>
On Fri, 27 Feb 2004 16:45:43 -0600, Dave Balderstone
<dave@N_O_T_T_H_I_S.balderstone.ca> scribbled:
>When did latest round show up? I'm not seeing any of it, and it's not
>being trapped by my filters.
>
>I have 31 killed out of 833 posts, and those are 27 in an OT thread I
>killed, and Luigi got caught for using a zillion exclamation marks in
>his subject, but that's all...
Oops! Forgot about all the filters. But then, I almost missed one of
Tom Watson's threads 'cause he used a potty-mouth word in the subject
heading.
Luigi
Replace "nonet" with "yukonomics" for real email address
www.yukonomics.ca/wooddorking/antifaq.html
www.yukonomics.ca/wooddorking/humour.html
In article <270220041645436487%dave@N_O_T_T_H_I_S.balderstone.ca>, dave@N_O_T_T_H_I_S.balderstone.ca wrote:
>When did latest round show up? I'm not seeing any of it, and it's not
>being trapped by my filters.
>
There was a batch on the 20th, and another on the 23rd. Haven't seen
him/her/it since.
--
Regards,
Doug Miller (alphageek-at-milmac-dot-com)
For a copy of my TrollFilter for NewsProxy/Nfilter,
send email to autoresponder at filterinfo-at-milmac-dot-com
In article <270220042007081616%dave@N_O_T_T_H_I_S.balderstone.ca>, dave@N_O_T_T_H_I_S.balderstone.ca wrote:
>In article <MzS%[email protected]>, Tom
>Kohlman <[email protected]> wrote:
>
>> Suggestions?
>
>Abandon Windoze?
Probably unproductive. Whether or not one sees the offensive posts is a
function of the type and quality of filtering software one uses, not the
platform on which it runs -- and I suspect that there is probably a wider
range of filtering software available for M$ platforms than for the others.
Abandoning Outhouse Express, though -- that's another story.
I'm using NewsXpress with Nfilter, and hardly ever see the garbage now.
--
Regards,
Doug Miller (alphageek-at-milmac-dot-com)
For a copy of my TrollFilter for NewsProxy/Nfilter,
send email to autoresponder at filterinfo-at-milmac-dot-com
I know that Dave, but using OE as the newsreader (Billy Gates' curse on
those that use the "real" Outlook for mail) doesn't allow much more than
that. Suspect I'm not alone in that.
Suggestions?
"Dave Balderstone" <dave@N_O_T_T_H_I_S.balderstone.ca> wrote in message
news:270220041942594646%dave@N_O_T_T_H_I_S.balderstone.ca...
> In article <hSR%[email protected]>, Tom
> Kohlman <[email protected]> wrote:
>
> > Filters didn't work too well because "it" was good
> > at modifying subject and sender with each post.
>
> Filtering on sender and subject is relatively ineffective.
>
> djb
>
> --
> Is it time to change my sig line yet?
In article <270220041942594646%dave@N_O_T_T_H_I_S.balderstone.ca>, dave@N_O_T_T_H_I_S.balderstone.ca wrote:
>In article <hSR%[email protected]>, Tom
>Kohlman <[email protected]> wrote:
>
>> Filters didn't work too well because "it" was good
>> at modifying subject and sender with each post.
>
>Filtering on sender and subject is relatively ineffective.
>
I disagree. My filters have been remarkably effective, particularly in the
latest batches. Only one post got through. And I immediately patched the
filters to make sure that *that* particular little trick won't work again.
--
Regards,
Doug Miller (alphageek-at-milmac-dot-com)
For a copy of my TrollFilter for NewsProxy/Nfilter,
send email to autoresponder at filterinfo-at-milmac-dot-com
In article <MzS%[email protected]>, "Tom Kohlman" <[email protected]> wrote:
>I know that Dave, but using OE as the newsreader (Billy Gates' curse on
>those that use the "real" Outlook for mail) doesn't allow much more than
>that. Suspect I'm not alone in that.
>
>Suggestions?
>
Sure -- just look at my sig. :-)
--
Regards,
Doug Miller (alphageek-at-milmac-dot-com)
For a copy of my TrollFilter for NewsProxy/Nfilter,
send email to autoresponder at filterinfo-at-milmac-dot-com
In article <ywS%[email protected]>,
[email protected] says...
> I just got that email from abuse@nomonthly five minutes before I posted it.
> Not my fault they were slow getting back to me. Just thought folks might like
> to see that complaining does work sometimes.
>
I sent them a thank you. Can't hurt.
--
Where ARE those Iraqi WMDs?
You Mean IT!
Tony D.
"Doug Miller" <[email protected]> wrote in message
news:8UQ%[email protected]...
> In article <270220041645436487%dave@N_O_T_T_H_I_S.balderstone.ca>,
dave@N_O_T_T_H_I_S.balderstone.ca wrote:
> >When did latest round show up? I'm not seeing any of it, and it's not
> >being trapped by my filters.
> >
> There was a batch on the 20th, and another on the 23rd. Haven't seen
> him/her/it since.
>
> --
> Regards,
> Doug Miller (alphageek-at-milmac-dot-com)
>
> For a copy of my TrollFilter for NewsProxy/Nfilter,
> send email to autoresponder at filterinfo-at-milmac-dot-com
>
>
Good example of not turning the other cheek and hoping they'll go away....
taking action does work.
Bob S.
"Doug Miller" <[email protected]> wrote in message
news:pgz%[email protected]...
>
> From: NoMonthly Customer Support <[email protected]>
> [Note: this is the ISP that hosts the hv-nm.com domain that a lot of troll
> posts came from last week]
>
> Thank you for reporting this abuse to us. We have used the message Id
> from the email headers you have provided and were able to find the abuser.
>
> The spammer was coming in from the web and most obviously found an
> insecure .php script that one of our clients was using ignorant of its
> vulnerability.
>
> Checking the acces logs by using the time stamp on the maillogs when
the
> offense took place wit found and incredible amount of connections made to
the
> server in question and infact we also
> found an innumerable amount of POSTs that were made to a .php script
> (sendthispage_submit.php)
>
> We have removed the insecure script and have set up a block for
> intruder's IP address in our server as well. We also contacted our client
and
> let him know of the facts.
> Please let us know if we can further assist you.
>
> --
> Regards,
> Doug Miller (alphageek-at-milmac-dot-com)
>
> For a copy of my TrollFilter for NewsProxy/Nfilter,
> send email to autoresponder at filterinfo-at-milmac-dot-com
>
>
In article <270220042005366051%dave@N_O_T_T_H_I_S.balderstone.ca>,
Dave Balderstone <dave@N_O_T_T_H_I_S.balderstone.ca> wrote:
>In article <ywS%[email protected]>, Doug
>Miller <[email protected]> wrote:
>
>> I just got that email from abuse@nomonthly five minutes before I posted it.
>> Not my fault they were slow getting back to me. Just thought folks might like
>> to see that complaining does work sometimes.
>
>No offence meant, Doug.
>
>I've been wondering over the last week or so why people were
>complaining about posts that simply weren't showing up on my news
>server (supernews.com) and wondering if they had developed some majik
>filter or something.
The answer to that is 'yes'.
Supernews has *very* good anti-junk filters. About the only thing
that makes it through those filters is stuff that hits one group only,
or one 'set' of groups via single cross-posted messages. They do -not-
run filters that react to 'key words' subject, source, or content -- the
filters do not look at _which_ newsgroup something is posted to, and one
can find forums where any given language _is_ acceptable.
I think they've got the injection point of the last batch pre-emptively
blocked across the board.
...snarking because this particular little "it" was persistent and capable
of flooding this group. Filters didn't work too well because "it" was good
at modifying subject and sender with each post. "It" seems to have taken a
break but I suspect "it" will be back. Just for info they were all coming
from nym.alias which hubs into MIT.edu. After some digging I did find an
AUP for the latter and "it" was clearly in violation, even for that loose
group.
Now back to sawdust
"Dave Balderstone" <dave@N_O_T_T_H_I_S.balderstone.ca> wrote in message
news:270220041853296481%dave@N_O_T_T_H_I_S.balderstone.ca...
> In article <8UQ%[email protected]>, Doug
> Miller <[email protected]> wrote:
>
> > There was a batch on the 20th, and another on the 23rd. Haven't seen
> > him/her/it since.
>
> Ah. Those I saw.
>
> So why are people still snarking about it a week later? Sheesh.
>
> djb
>
> --
> Is it time to change my sig line yet?
"dave in fairfax" wrote in message
> Doug Miller wrote:
> snip of poorly spelled response with excellent results.
> Thanks for taking the time to Whack the Troll.
Ditto.
Also, it's good to see a sysadmin responding to "abuse" and doing something
about it. Seems like most of ISP's these days have canned responses claiming
that "..trolling UseNet is not abuse" and telling you "..to get a filter",
if they even ack your complaint to abuse@.
The latest crop of corporate sysadmins are laughable compared to the one's
who ran the smaller shops "in the beginning".
--
www.e-woodshop.net
Last update: 2/26/04
Doug Miller wrote:
> We have removed the insecure script and have set up a block for
> intruder's IP address in our server as well. We also contacted our client
> and let him know of the facts.
> Please let us know if we can further assist you.
Cool! Now if only they could go whack him in the head with a tuba fore or
something.
--
Michael McIntyre ---- Silvan <[email protected]>
Linux fanatic, and certified Geek; registered Linux user #243621
http://www.geocities.com/Paris/Rue/5407/
In article <[email protected]>,
Mark Wollschlager <[email protected]> wrote:
< snip ... on anonymous remailers ...>
> Those
> services have a place in that they can enable someone to post
> information without threat of retribution ( ie whistle blowers, critics
> of certain vengeful religious groups, etc).
> A$$h0les also use these services. Much to the dismay of millions.
Ahh...the problem with enabling free speech: Turns out most people don't
have anything to say, a bunch like to chat, a few have things to say
which are just idiotic (our friend), a few are just plain hateful, nasty
bastards and a very very few have something important to say. Even
though our friend was starting to bug me, the importance of the last
group is still enough for me to approve of anonymous remailers. But the
administrators do need to police them some (too many idiots for complete
policing and the hateful bastards gotta right to free speech too. But
not the idiots, f**k em).
In article <270220041853296481%dave@N_O_T_T_H_I_S.balderstone.ca>, dave@N_O_T_T_H_I_S.balderstone.ca wrote:
>In article <8UQ%[email protected]>, Doug
>Miller <[email protected]> wrote:
>
>> There was a batch on the 20th, and another on the 23rd. Haven't seen
>> him/her/it since.
>
>Ah. Those I saw.
>
>So why are people still snarking about it a week later? Sheesh.
>
I just got that email from abuse@nomonthly five minutes before I posted it.
Not my fault they were slow getting back to me. Just thought folks might like
to see that complaining does work sometimes.
--
Regards,
Doug Miller (alphageek-at-milmac-dot-com)
For a copy of my TrollFilter for NewsProxy/Nfilter,
send email to autoresponder at filterinfo-at-milmac-dot-com