*F--- F---*

In article <[email protected]>, Duane
<[email protected]> wrote:

> How do you "killfile" a domain?

In my newsreader I just set up a filter on "from contains .ru"

djb

--
Is it time to change my sig line yet?

In article <[email protected]>, Larry Jaques
<novalidaddress@di\/ersify.com> wrote:

> Yabbut, most people don't use Thoth, Dave.

Not my fault...

;-)

djb

--
Is it time to change my sig line yet?

In article <[email protected]>,
Robert Bonomi <[email protected]> wrote:

> Don't blame Dave, He might have been stationed at the far-northern
> military airfield in Newfoundland. It's common there -- 'thoth for
> the Gander', or so they thay.

GROAN...

I've never been to Newf, unfortunately, but we're in a blizzard here so
conditions are similar.

djb

--
Is it time to change my sig line yet?

Frank Shute wrote:

> downloading the trash (assuming you use `fetch'). BTW, the filter file
> is documented in leafnode's README. Filtering has been in existence
> since version 1.8 :

I have one already, but thanks for making suggestions for strings I should
add to it. It needs attention.

>> switch to slrn, but I KNode better.
>
> I've used slrn for years and wild horses wouldn't get me to use that
> gui-fied stuff - if it doesn't run in a terminal then it stinks ;)

I grew up with rn and elm, then I moved from a dial-in shell account to a
SLIP account on Windoze. I started using Eudora and Free Agent, then
eventually just Agent, and I got used to the GUI-fied way of doing things.
When I moved to Linux, I found my old "friends" right there, but they were
somehow no longer very alluring. slrn is a lot better than rn was, but
I'll still take KNode 50 times over.

Put it all in a computer made out of wood and it becomes on-topic again. :)

--
Michael McIntyre ---- Silvan <[email protected]>
Linux fanatic, and certified Geek; registered Linux user #243621
http://www.geocities.com/Paris/Rue/5407/

Frank Shute wrote:

>> A slrn man I see, and a Free BSD man too. Well, there's no accounting
>> for
>> taste. :)
>
> Yeah, and a leafnode user like yourself I believe.

Good man.

>> You're not part of the slrn mafia are you?
>
> Just a user not part of any mafia.....but I have to confess to being a
> fully paid-up Linux refuge ;)

It's an alt.os.linux.mandrake thing from way back. They tried everything,
including a crowbar to the back of the knee, to get me to switch to slrn,
but I KNode better.

--
Michael McIntyre ---- Silvan <[email protected]>
Linux fanatic, and certified Geek; registered Linux user #243621
http://www.geocities.com/Paris/Rue/5407/

Robert Bonomi wrote:
> ALGX has been notified. with circa 90 articles sent as 'supporting evidnece'.
> As has Wplus.
> I expect this acount will be toast ins short order.

Then between you and me, they're probably sick of hearing about him.
Toast indeed. To bad there's now street addy.
Dave in Fairfax
--
reply-to doesn't work
use:
daveldr at att dot net
American Association of Woodturners
http://www.woodturner.org
Capital Area Woodturners
http://www.capwoodturners.org/

Doug Miller wrote:
> Here's the header from one of the offensive posts (cleaned up a bit). Look for
> "NNTP-Posting-Host".

Ya know, despite this not having anything to do with WWing, other thatn
the blockheads, at least people are learning how to read headers and do
lookups. Not a total loss. Maybe we should spin off
rec.report.trolls.howto, just a thought.
Dave in Fairfax
--
reply-to doesn't work
use:
daveldr at att dot net
American Association of Woodturners
http://www.woodturner.org
Capital Area Woodturners
http://www.capwoodturners.org/

On Wed, 11 Feb 2004 01:40:25 -0500, Silvan wrote:
>
> Frank Shute wrote:
>
>> I just grepped my news spool and got some times for the abusive
>> postings:
>
> A slrn man I see, and a Free BSD man too. Well, there's no accounting for
> taste. :)

Yeah, and a leafnode user like yourself I believe.

>
> You're not part of the slrn mafia are you?

Just a user not part of any mafia.....but I have to confess to being a
fully paid-up Linux refuge ;)


--

Frank

http://www.freebsd.org/

On Wed, 11 Feb 2004 02:27:33 GMT, Tom Kohlman wrote:
>
> Could be he/she stays on-line and does this stuff. Our company remote
> network access will continually change the IP address while connected in
> just about the same time frames noted below (or so they tell me. They keep
> promising "roll-out" but like everything else with our IT group, alot of
> promises, very little action).

I noticed that he was sending blocks of posts, a few minutes delay,
then the IP address would change and another block of filth would spew
forth which suggests he composes his bon mots offline and then
reconnects via a dial-up and flushes his queue via the Russian news
server.

>
> I can't figure out how anybody got "Algx.net" out of this. All I saw was
> the Russian link (and BTW actually got a robotreply which tells me they care
> or alternatively are "harvesting".

Algx comes from the NNTP posting host in the headers. I've got a
feeling that the Russian server resolves back to the posters IP and
sticks the resolved name in the header - unfortunately for the troll
:)

>
> I've got the SPAM abuse reporting down to about 5sec each but am new to NG
> abuse reporting and any hints would be appreciated.

What I've done is sorted out all the times and headers of his posts
chronologically and posted off the results to algx as I didn't get any
response from the commies.

It should be a trivial matter for algx to go through their logs and
identify the troll and terminate his account.

If it's a kid he'll get his arse thrashed by his parents. My guess is
that he's a lonely guy in his 50/60's with a few psychosexual problems
and he'll probably be back once he's signed up with another ISP.

I don't know whether JOAT can get algx to disclose his name and
address so that he can take legal action against him. Or even better
post it to this ng so that people with baseball bats and some time to
spare can go pay him a visit ... that should cure any psychosexual
problem ;)

--

Frank

http://www.freebsd.org/

In article <[email protected]>,
Larry Jaques <novalidaddress@di\/ersify.com> wrote:
>On Mon, 09 Feb 2004 14:45:33 -0600, Dave Balderstone
><dave@N_O_T_T_H_I_S.balderstone.ca> brought forth from the murky
>depths:
>
>>In article <[email protected]>, Duane
>><[email protected]> wrote:
>>
>>> How do you "killfile" a domain?
>>
>>In my newsreader I just set up a filter on "from contains .ru"
>
>Yabbut, most people don't use Thoth, Dave. ;)

Don't blame Dave, He might have been stationed at the far-northern
military airfield in Newfoundland. It's common there -- 'thoth for
the Gander', or so they thay. <snicker>

In article <[email protected]>,
John McCoy <[email protected]> wrote:
>[email protected] (Robert Bonomi) wrote in
>news:[email protected]:
>
>> In article <[email protected]>,
>> John McCoy <[email protected]> wrote:
>
>> Looks like a dial-up customer. Oddly enough, in the NYC vicinity.
>> The _same_ area where the the slanderous posts about JOAT were
>> originating last year.
>>
>>>That probably means some clueless moron with proxy software,
>>>which is open to everyone; or possibly someone with a trojan.
>>>Or it might actually be the abuser. There's no way to tell.
>>
>> *darn*likely* it _is_ the abuser.
>
>If it is a dialup, then you're undoubtably correct. A not very
>bright abuser, since tracing a dialup back to a specific user is
>trivial for a concientious ISP.

Circa 90 posts, over the space of a couple of hours, originating from:
216-99-245-3-ny-01.cvx.algx.net
216-99-245-7-ny-01.cvx.algx.net
216-99-245-12-ny-01.cvx.algx.net
216-99-245-21-ny-01.cvx.algx.net
216-99-245-26-ny-01.cvx.algx.net
216-99-245-27-ny-01.cvx.algx.net
216-99-245-29-ny-01.cvx.algx.net
216-99-245-34-ny-01.cvx.algx.net
216-99-245-37-ny-01.cvx.algx.net
216-99-245-40-ny-01.cvx.algx.net
216-99-245-41-ny-01.cvx.algx.net
216-99-245-42-ny-01.cvx.algx.net
216-99-245-45-ny-01.cvx.algx.net
216-99-245-54-ny-01.cvx.algx.net
216-99-245-61-ny-01.cvx.algx.net

Either he's got at least 15 machines, on a dedicated T-1 or better, or
it's 15 separate dial-in sessions.

I know where I'd put _my_ money, if i were a betting man. <grin>

In article <[email protected]>, "Len Dye" <[email protected]> wrote:
>Well we know that this is comeing from [email protected]
>
>What can be done about this, Shame to let a few ruin it for the masses.
>
Killfile him and move on.

Or read David Eisan's "mini-faq" for instructions on filtering out the
garbage.

--
Doug Miller (alphageek at milmac dot com)

How come we choose from just two people to run for president and 50 for Miss America?

"Len Dye" <[email protected]> wrote in news:0MQVb.21061$uM2.12810
@newsread1.news.pas.earthlink.net:

> Well we know that this is comeing from [email protected]

Actually, you don't know that.

The posts are being posted thru Wplus.net. They appear to be an
ISP in Russia, who appear to have screwed up the configuration of
their newsserver, which so it allows anyone to post.

Where they're actually coming from is an account with Algx.net,
specifically from 216.99.245.42, which appears to be a DSL line.
That probably means some clueless moron with proxy software,
which is open to everyone; or possibly someone with a trojan.
Or it might actually be the abuser. There's no way to tell.

> What can be done about this, Shame to let a few ruin it for the masses.

Well, not much if you can't accurately determine where it's coming
from. Based on the above, I'd suggest complaining to [email protected]
for their user, who is either abusive or clueless; and to
[email protected] for their misconfigured newsserver.

Or, you could just ignore it.

John

"Tom Kohlman" <[email protected]> wrote in
news:[email protected]:

> If you really want to see the whole path, here it is (as delivered to
> me)...read from right to left.

The path to me was, not surprisingly different, but began at wplus.net.
There were hints in it which made it pretty certain that wplus was, in
fact, the source (it's not very hard to make a misleading path, so
you don't want to rely on it).

John

[email protected] (Robert Bonomi) wrote in
news:[email protected]:

> In article <[email protected]>,
> John McCoy <[email protected]> wrote:

> Looks like a dial-up customer. Oddly enough, in the NYC vicinity.
> The _same_ area where the the slanderous posts about JOAT were
> originating last year.
>
>>That probably means some clueless moron with proxy software,
>>which is open to everyone; or possibly someone with a trojan.
>>Or it might actually be the abuser. There's no way to tell.
>
> *darn*likely* it _is_ the abuser.

If it is a dialup, then you're undoubtably correct. A not very
bright abuser, since tracing a dialup back to a specific user is
trivial for a concientious ISP.

John

[email protected] (Frank Shute) wrote in news:ji3of1-
[email protected]:

> I've sent the above off plus some headers to: [email protected]
> (he's posting to their news server but seems to be using another
> company for 'net access) and told them to do something about it or I
> take it up on:
>
> news.admin.net-abuse.*

news.admin.net-abuse.policy would be the one you want (it's moderated
and has peculiar and pointless posting rules, so look for the FAQ).
nana.usenet is, unfortunately, defunct.

John

I use outlook express rules to stop it, seems to have worked.

--

http://users.adelphia.net/~kyhighland


"Len Dye" <[email protected]> wrote in message
news:[email protected]...
> Well we know that this is comeing from [email protected]
>
> What can be done about this, Shame to let a few ruin it for the masses.
>
>

Dave Balderstone wrote:

>> How do you "killfile" a domain?
>
> In my newsreader I just set up a filter on "from contains .ru"

I get it at the source, in my news spool. I just added

\.ru>$

to my killfile, and then I ran

for f in `grep -l '\.ru\>$' /var/spool/rec/woodworking/*`;do rm -f $f;done

to wipe out the articles that were already there.

I love Linux. :)

That reminds me... Charlie? You never did answer any of several emails I
sent discussing what we were going to do to set you up with a Linux box. I
sent the last couple with an address that hasn't yet let me down, so I
should have been able to get your replies. I presume you didn't send any,
and I scared you away with all this command line stuff or something.

If not, pipe up.

--
Michael McIntyre ---- Silvan <[email protected]>
Linux fanatic, and certified Geek; registered Linux user #243621
http://www.geocities.com/Paris/Rue/5407/

Hi, Robert,

Never been on the "Gander", but I've spent many happy months on the "Goose"
(Goose Bay, Labrador). If anyone from Happy Valley is reading this, have a
Labatt's at the Canadian Legion for me.

Cheers,

Frank



"Robert Bonomi" <[email protected]> wrote in message
news:[email protected]...
> In article <[email protected]>,
> Larry Jaques <novalidaddress@di\/ersify.com> wrote:
> >On Mon, 09 Feb 2004 14:45:33 -0600, Dave Balderstone
> ><dave@N_O_T_T_H_I_S.balderstone.ca> brought forth from the murky
> >depths:
> >
> >>In article <[email protected]>, Duane
> >><[email protected]> wrote:
> >>
> >>> How do you "killfile" a domain?
> >>
> >>In my newsreader I just set up a filter on "from contains .ru"
> >
> >Yabbut, most people don't use Thoth, Dave. ;)
>
> Don't blame Dave, He might have been stationed at the far-northern
> military airfield in Newfoundland. It's common there -- 'thoth for
> the Gander', or so they thay. <snicker>
>
>
>
>

On Mon, 09 Feb 2004 14:45:33 -0600, Dave Balderstone
<dave@N_O_T_T_H_I_S.balderstone.ca> brought forth from the murky
depths:

>In article <[email protected]>, Duane
><[email protected]> wrote:
>
>> How do you "killfile" a domain?
>
>In my newsreader I just set up a filter on "from contains .ru"

Yabbut, most people don't use Thoth, Dave. ;)


--
Impeach 'em ALL!
----------------------------------------------------
http://diversify.com Website Application Programming

In article <[email protected]>,
John McCoy <[email protected]> wrote:
>"Len Dye" <[email protected]> wrote in news:0MQVb.21061$uM2.12810
>@newsread1.news.pas.earthlink.net:
>
>> Well we know that this is comeing from [email protected]
>
>Actually, you don't know that.
>
>The posts are being posted thru Wplus.net. They appear to be an
>ISP in Russia, who appear to have screwed up the configuration of
>their newsserver, which so it allows anyone to post.
>
>Where they're actually coming from is an account with Algx.net,
>specifically from 216.99.245.42, which appears to be a DSL line.

ALGX does -not- offer DSL. I talked to their support dept.
Only T-1 and above, and dial-up.

The cr*p is coming from _several_ IP addresses in the 216.99.245.* range.

Looks like a dial-up customer. Oddly enough, in the NYC vicinity. The _same_
area where the the slanderous posts about JOAT were originating last year.

>That probably means some clueless moron with proxy software,
>which is open to everyone; or possibly someone with a trojan.
>Or it might actually be the abuser. There's no way to tell.

*darn*likely* it _is_ the abuser.

ALGX has been notified. with circa 90 articles sent as 'supporting evidnece'.
As has Wplus.

I expect this acount will be toast ins short order.

On Tue, 10 Feb 2004 18:41:47 +0000, Robert Bonomi wrote:
> In article <[email protected]>,
> John McCoy <[email protected]> wrote:
>>[email protected] (Robert Bonomi) wrote in
>>news:[email protected]:
>>
>>> In article <[email protected]>,
>>> John McCoy <[email protected]> wrote:
>>
>>> Looks like a dial-up customer. Oddly enough, in the NYC vicinity.
>>> The _same_ area where the the slanderous posts about JOAT were
>>> originating last year.
>>>
>>>>That probably means some clueless moron with proxy software,
>>>>which is open to everyone; or possibly someone with a trojan.
>>>>Or it might actually be the abuser. There's no way to tell.
>>>
>>> *darn*likely* it _is_ the abuser.
>>
>>If it is a dialup, then you're undoubtably correct. A not very
>>bright abuser, since tracing a dialup back to a specific user is
>>trivial for a concientious ISP.
>
> Circa 90 posts, over the space of a couple of hours, originating from:
> 216-99-245-3-ny-01.cvx.algx.net
> 216-99-245-7-ny-01.cvx.algx.net
> 216-99-245-12-ny-01.cvx.algx.net
> 216-99-245-21-ny-01.cvx.algx.net
> 216-99-245-26-ny-01.cvx.algx.net
> 216-99-245-27-ny-01.cvx.algx.net
> 216-99-245-29-ny-01.cvx.algx.net
> 216-99-245-34-ny-01.cvx.algx.net
> 216-99-245-37-ny-01.cvx.algx.net
> 216-99-245-40-ny-01.cvx.algx.net
> 216-99-245-41-ny-01.cvx.algx.net
> 216-99-245-42-ny-01.cvx.algx.net
> 216-99-245-45-ny-01.cvx.algx.net
> 216-99-245-54-ny-01.cvx.algx.net
> 216-99-245-61-ny-01.cvx.algx.net
>
> Either he's got at least 15 machines, on a dedicated T-1 or better, or
> it's 15 separate dial-in sessions.
>
> I know where I'd put _my_ money, if i were a betting man. <grin>

Where's Norm Nowrecki when you need him!

I just grepped my news spool and got some times for the abusive
postings:


> Date: Mon, 9 Feb 2004 12:53:45 +0000 (UTC)
> Date: Mon, 9 Feb 2004 12:53:49 +0000 (UTC)
> Date: Mon, 9 Feb 2004 12:53:52 +0000 (UTC)
> Date: Mon, 9 Feb 2004 12:53:55 +0000 (UTC)
> Date: Mon, 9 Feb 2004 12:53:59 +0000 (UTC)
> Date: Mon, 9 Feb 2004 13:00:20 +0000 (UTC)
> Date: Mon, 9 Feb 2004 13:00:24 +0000 (UTC)
> Date: Mon, 9 Feb 2004 13:00:32 +0000 (UTC)
> Date: Mon, 9 Feb 2004 13:00:42 +0000 (UTC)
> Date: Mon, 9 Feb 2004 13:01:04 +0000 (UTC)
> Date: Mon, 9 Feb 2004 13:03:35 +0000 (UTC)
> Date: Mon, 9 Feb 2004 13:03:38 +0000 (UTC)
> Date: Mon, 9 Feb 2004 13:03:42 +0000 (UTC)
> Date: Mon, 9 Feb 2004 13:03:45 +0000 (UTC)
> Date: Mon, 9 Feb 2004 13:03:51 +0000 (UTC)
> Date: Mon, 9 Feb 2004 13:03:56 +0000 (UTC)
> Date: Mon, 9 Feb 2004 13:12:11 +0000 (UTC)
> Date: Mon, 9 Feb 2004 13:12:25 +0000 (UTC)
> Date: Mon, 9 Feb 2004 13:12:28 +0000 (UTC)
> Date: Mon, 9 Feb 2004 13:15:15 +0000 (UTC)
> Date: Mon, 9 Feb 2004 13:15:22 +0000 (UTC)
> Date: Mon, 9 Feb 2004 13:18:03 +0000 (UTC)
> Date: Mon, 9 Feb 2004 13:18:09 +0000 (UTC)
> Date: Mon, 9 Feb 2004 13:18:19 +0000 (UTC)
> Date: Mon, 9 Feb 2004 13:26:28 +0000 (UTC)
> Date: Mon, 9 Feb 2004 13:26:42 +0000 (UTC)
> Date: Mon, 9 Feb 2004 13:30:19 +0000 (UTC)
> Date: Mon, 9 Feb 2004 13:30:27 +0000 (UTC)
> Date: Mon, 9 Feb 2004 13:30:32 +0000 (UTC)
> Date: Mon, 9 Feb 2004 13:30:35 +0000 (UTC)
> Date: Mon, 9 Feb 2004 13:30:40 +0000 (UTC)
> Date: Mon, 9 Feb 2004 13:36:23 +0000 (UTC)
> Date: Mon, 9 Feb 2004 13:36:31 +0000 (UTC)
> Date: Mon, 9 Feb 2004 13:36:41 +0000 (UTC)
> Date: Mon, 9 Feb 2004 13:37:04 +0000 (UTC)
> Date: Mon, 9 Feb 2004 13:39:44 +0000 (UTC)
> Date: Mon, 9 Feb 2004 13:39:50 +0000 (UTC)
> Date: Mon, 9 Feb 2004 13:39:53 +0000 (UTC)
> Date: Mon, 9 Feb 2004 13:40:00 +0000 (UTC)
> Date: Mon, 9 Feb 2004 13:40:17 +0000 (UTC)
> Date: Mon, 9 Feb 2004 13:43:50 +0000 (UTC)
> Date: Mon, 9 Feb 2004 13:43:55 +0000 (UTC)
> Date: Mon, 9 Feb 2004 13:44:00 +0000 (UTC)
> Date: Mon, 9 Feb 2004 13:44:03 +0000 (UTC)
> Date: Mon, 9 Feb 2004 13:44:06 +0000 (UTC)
> Date: Mon, 9 Feb 2004 13:44:10 +0000 (UTC)
> Date: Mon, 9 Feb 2004 13:44:28 +0000 (UTC)
> Date: Mon, 9 Feb 2004 13:46:59 +0000 (UTC)
> Date: Mon, 9 Feb 2004 13:47:03 +0000 (UTC)
> Date: Mon, 9 Feb 2004 13:47:06 +0000 (UTC)
> Date: Mon, 9 Feb 2004 13:47:14 +0000 (UTC)
> Date: Mon, 9 Feb 2004 13:47:18 +0000 (UTC)
> Date: Mon, 9 Feb 2004 13:47:35 +0000 (UTC)
> Date: Mon, 9 Feb 2004 13:51:21 +0000 (UTC)
> Date: Mon, 9 Feb 2004 13:51:25 +0000 (UTC)
> Date: Mon, 9 Feb 2004 13:51:29 +0000 (UTC)
> Date: Mon, 9 Feb 2004 13:58:14 +0000 (UTC)
> Date: Mon, 9 Feb 2004 14:00:28 +0000 (UTC)
> Date: Mon, 9 Feb 2004 14:00:33 +0000 (UTC)
> Date: Mon, 9 Feb 2004 14:00:45 +0000 (UTC)
> Date: Mon, 9 Feb 2004 14:01:02 +0000 (UTC)

A busy little troll :)

He's using a dial-up as you say and reconnects every few minutes to
send off a batch of postings.

I've sent the above off plus some headers to: [email protected]
(he's posting to their news server but seems to be using another
company for 'net access) and told them to do something about it or I
take it up on:

news.admin.net-abuse.*

With a bit of luck the news server people will take it up with the ISP
he's using and get his connection terminated. I don't know if the
police over there would be interested, is he commiting a criminal
offence? Over here I think he would just be commiting libel which
AFAIK is a civil matter.

I'd like to see him get locked up; by the time he's been gangraped a
few times he would have got all the hairy balls he's ever dreamed of
;)

In fact, prison would be too good for him....

--

Frank

http://www.freebsd.org/

On Wed, 11 Feb 2004 15:56:14 +0000 (UTC), John McCoy wrote:
>
> [email protected] (Frank Shute) wrote in news:ji3of1-
> [email protected]:
>
>> I've sent the above off plus some headers to: [email protected]
>> (he's posting to their news server but seems to be using another
>> company for 'net access) and told them to do something about it or I
>> take it up on:
>>
>> news.admin.net-abuse.*
>
> news.admin.net-abuse.policy would be the one you want (it's moderated
> and has peculiar and pointless posting rules, so look for the FAQ).
> nana.usenet is, unfortunately, defunct.

I'll see what action (if any) the Russians or Algx take first. I'm
pretty sure algx will do something about it unless they wan't to earn
themselves a `reputation'.

--

Frank

http://www.freebsd.org/

How do you "killfile" a domain?

Duane

In article <[email protected]>, "Tom Kohlman" <[email protected]> wrote:
>I can't figure out how anybody got "Algx.net" out of this.

Here's the header from one of the offensive posts (cleaned up a bit). Look for
"NNTP-Posting-Host".

Path:
newssvr26.news.prodigy.com!newscon03.news.prodigy.com!newsmst01.news.prodigy.
com!prodigy.com!news-FFM2.ecrc.net!oleane.net!nnx.oleane.
net!oleane!freenix!newsfeed.rt.ru!news.wplus.net!newsfeed.wplus.
net!not-for-mail
From: P*** <[email protected]>
Newsgroups: rec.woodworking
Subject: [deleted]
Date: Mon, 9 Feb 2004 12:53:49 +0000 (UTC)
Organization: WOOHAA
Lines: 1
Message-ID: <[email protected]>
NNTP-Posting-Host: 216-99-245-41-ny-01.cvx.algx.net
X-Trace: news.wplus.net 1076331229 27764 216.99.245.41 (9 Feb 2004 12:53:49
GMT)
X-Complaints-To: [email protected]
NNTP-Posting-Date: Mon, 9 Feb 2004 12:53:49 +0000 (UTC)
User-Agent: Xnews/5.04.25
Xref: newsmst01.news.prodigy.com rec.woodworking:1007885
Status: N

--
Doug Miller (alphageek at milmac dot com)

How come we choose from just two people to run for president and 50 for Miss America?

Frank Shute wrote:

> I just grepped my news spool and got some times for the abusive
> postings:

A slrn man I see, and a Free BSD man too. Well, there's no accounting for
taste. :)

You're not part of the slrn mafia are you?

--
Michael McIntyre ---- Silvan <[email protected]>
Linux fanatic, and certified Geek; registered Linux user #243621
http://www.geocities.com/Paris/Rue/5407/

Could be he/she stays on-line and does this stuff. Our company remote
network access will continually change the IP address while connected in
just about the same time frames noted below (or so they tell me. They keep
promising "roll-out" but like everything else with our IT group, alot of
promises, very little action).

I can't figure out how anybody got "Algx.net" out of this. All I saw was
the Russian link (and BTW actually got a robotreply which tells me they care
or alternatively are "harvesting".

I've got the SPAM abuse reporting down to about 5sec each but am new to NG
abuse reporting and any hints would be appreciated.

"Frank Shute" <[email protected]> wrote in message
news:[email protected]...
> On Tue, 10 Feb 2004 18:41:47 +0000, Robert Bonomi wrote:
> > In article <[email protected]>,
> > John McCoy <[email protected]> wrote:
> >>[email protected] (Robert Bonomi) wrote in
> >>news:[email protected]:
> >>
> >>> In article <[email protected]>,
> >>> John McCoy <[email protected]> wrote:
> >>
> >>> Looks like a dial-up customer. Oddly enough, in the NYC vicinity.
> >>> The _same_ area where the the slanderous posts about JOAT were
> >>> originating last year.
> >>>
> >>>>That probably means some clueless moron with proxy software,
> >>>>which is open to everyone; or possibly someone with a trojan.
> >>>>Or it might actually be the abuser. There's no way to tell.
> >>>
> >>> *darn*likely* it _is_ the abuser.
> >>
> >>If it is a dialup, then you're undoubtably correct. A not very
> >>bright abuser, since tracing a dialup back to a specific user is
> >>trivial for a concientious ISP.
> >
> > Circa 90 posts, over the space of a couple of hours, originating from:
> > 216-99-245-3-ny-01.cvx.algx.net
> > 216-99-245-7-ny-01.cvx.algx.net
> > 216-99-245-12-ny-01.cvx.algx.net
> > 216-99-245-21-ny-01.cvx.algx.net
> > 216-99-245-26-ny-01.cvx.algx.net
> > 216-99-245-27-ny-01.cvx.algx.net
> > 216-99-245-29-ny-01.cvx.algx.net
> > 216-99-245-34-ny-01.cvx.algx.net
> > 216-99-245-37-ny-01.cvx.algx.net
> > 216-99-245-40-ny-01.cvx.algx.net
> > 216-99-245-41-ny-01.cvx.algx.net
> > 216-99-245-42-ny-01.cvx.algx.net
> > 216-99-245-45-ny-01.cvx.algx.net
> > 216-99-245-54-ny-01.cvx.algx.net
> > 216-99-245-61-ny-01.cvx.algx.net
> >
> > Either he's got at least 15 machines, on a dedicated T-1 or better, or
> > it's 15 separate dial-in sessions.
> >
> > I know where I'd put _my_ money, if i were a betting man. <grin>
>
> Where's Norm Nowrecki when you need him!
>
> I just grepped my news spool and got some times for the abusive
> postings:
>
>
> > Date: Mon, 9 Feb 2004 12:53:45 +0000 (UTC)
> > Date: Mon, 9 Feb 2004 12:53:49 +0000 (UTC)
> > Date: Mon, 9 Feb 2004 12:53:52 +0000 (UTC)
> > Date: Mon, 9 Feb 2004 12:53:55 +0000 (UTC)
> > Date: Mon, 9 Feb 2004 12:53:59 +0000 (UTC)
> > Date: Mon, 9 Feb 2004 13:00:20 +0000 (UTC)
> > Date: Mon, 9 Feb 2004 13:00:24 +0000 (UTC)
> > Date: Mon, 9 Feb 2004 13:00:32 +0000 (UTC)
> > Date: Mon, 9 Feb 2004 13:00:42 +0000 (UTC)
> > Date: Mon, 9 Feb 2004 13:01:04 +0000 (UTC)
> > Date: Mon, 9 Feb 2004 13:03:35 +0000 (UTC)
> > Date: Mon, 9 Feb 2004 13:03:38 +0000 (UTC)
> > Date: Mon, 9 Feb 2004 13:03:42 +0000 (UTC)
> > Date: Mon, 9 Feb 2004 13:03:45 +0000 (UTC)
> > Date: Mon, 9 Feb 2004 13:03:51 +0000 (UTC)
> > Date: Mon, 9 Feb 2004 13:03:56 +0000 (UTC)
> > Date: Mon, 9 Feb 2004 13:12:11 +0000 (UTC)
> > Date: Mon, 9 Feb 2004 13:12:25 +0000 (UTC)
> > Date: Mon, 9 Feb 2004 13:12:28 +0000 (UTC)
> > Date: Mon, 9 Feb 2004 13:15:15 +0000 (UTC)
> > Date: Mon, 9 Feb 2004 13:15:22 +0000 (UTC)
> > Date: Mon, 9 Feb 2004 13:18:03 +0000 (UTC)
> > Date: Mon, 9 Feb 2004 13:18:09 +0000 (UTC)
> > Date: Mon, 9 Feb 2004 13:18:19 +0000 (UTC)
> > Date: Mon, 9 Feb 2004 13:26:28 +0000 (UTC)
> > Date: Mon, 9 Feb 2004 13:26:42 +0000 (UTC)
> > Date: Mon, 9 Feb 2004 13:30:19 +0000 (UTC)
> > Date: Mon, 9 Feb 2004 13:30:27 +0000 (UTC)
> > Date: Mon, 9 Feb 2004 13:30:32 +0000 (UTC)
> > Date: Mon, 9 Feb 2004 13:30:35 +0000 (UTC)
> > Date: Mon, 9 Feb 2004 13:30:40 +0000 (UTC)
> > Date: Mon, 9 Feb 2004 13:36:23 +0000 (UTC)
> > Date: Mon, 9 Feb 2004 13:36:31 +0000 (UTC)
> > Date: Mon, 9 Feb 2004 13:36:41 +0000 (UTC)
> > Date: Mon, 9 Feb 2004 13:37:04 +0000 (UTC)
> > Date: Mon, 9 Feb 2004 13:39:44 +0000 (UTC)
> > Date: Mon, 9 Feb 2004 13:39:50 +0000 (UTC)
> > Date: Mon, 9 Feb 2004 13:39:53 +0000 (UTC)
> > Date: Mon, 9 Feb 2004 13:40:00 +0000 (UTC)
> > Date: Mon, 9 Feb 2004 13:40:17 +0000 (UTC)
> > Date: Mon, 9 Feb 2004 13:43:50 +0000 (UTC)
> > Date: Mon, 9 Feb 2004 13:43:55 +0000 (UTC)
> > Date: Mon, 9 Feb 2004 13:44:00 +0000 (UTC)
> > Date: Mon, 9 Feb 2004 13:44:03 +0000 (UTC)
> > Date: Mon, 9 Feb 2004 13:44:06 +0000 (UTC)
> > Date: Mon, 9 Feb 2004 13:44:10 +0000 (UTC)
> > Date: Mon, 9 Feb 2004 13:44:28 +0000 (UTC)
> > Date: Mon, 9 Feb 2004 13:46:59 +0000 (UTC)
> > Date: Mon, 9 Feb 2004 13:47:03 +0000 (UTC)
> > Date: Mon, 9 Feb 2004 13:47:06 +0000 (UTC)
> > Date: Mon, 9 Feb 2004 13:47:14 +0000 (UTC)
> > Date: Mon, 9 Feb 2004 13:47:18 +0000 (UTC)
> > Date: Mon, 9 Feb 2004 13:47:35 +0000 (UTC)
> > Date: Mon, 9 Feb 2004 13:51:21 +0000 (UTC)
> > Date: Mon, 9 Feb 2004 13:51:25 +0000 (UTC)
> > Date: Mon, 9 Feb 2004 13:51:29 +0000 (UTC)
> > Date: Mon, 9 Feb 2004 13:58:14 +0000 (UTC)
> > Date: Mon, 9 Feb 2004 14:00:28 +0000 (UTC)
> > Date: Mon, 9 Feb 2004 14:00:33 +0000 (UTC)
> > Date: Mon, 9 Feb 2004 14:00:45 +0000 (UTC)
> > Date: Mon, 9 Feb 2004 14:01:02 +0000 (UTC)
>
> A busy little troll :)
>
> He's using a dial-up as you say and reconnects every few minutes to
> send off a batch of postings.
>
> I've sent the above off plus some headers to: [email protected]
> (he's posting to their news server but seems to be using another
> company for 'net access) and told them to do something about it or I
> take it up on:
>
> news.admin.net-abuse.*
>
> With a bit of luck the news server people will take it up with the ISP
> he's using and get his connection terminated. I don't know if the
> police over there would be interested, is he commiting a criminal
> offence? Over here I think he would just be commiting libel which
> AFAIK is a civil matter.
>
> I'd like to see him get locked up; by the time he's been gangraped a
> few times he would have got all the hairy balls he's ever dreamed of
> ;)
>
> In fact, prison would be too good for him....
>
> --
>
> Frank
>
> http://www.freebsd.org/
>

On Wed, 11 Feb 2004 23:07:31 -0500, Silvan wrote:
>
> Frank Shute wrote:
>
>>> A slrn man I see, and a Free BSD man too. Well, there's no accounting
>>> for
>>> taste. :)
>>
>> Yeah, and a leafnode user like yourself I believe.
>
> Good man.

Here's the contents of my filter file for leafnode which will save you
downloading the trash (assuming you use `fetch'). BTW, the filter file
is documented in leafnode's README. Filtering has been in existence
since version 1.8 :


^Newsgroups:.*[, ]alt.religion.*$
^Newsgroups:.*[, ]alt.religion.*,
^Newsgroups:.*[, ]us.politics.*$
^Newsgroups:.*[, ]us.politics.*,
^Newsgroups:.*[, ]alt.politics.*$
^Newsgroups:.*[, ]alt.politics.*,
^Newsgroups:.*[, ]rec.photo.*$
^Newsgroups:.*[, ]rec.photo.*,
^Newsgroups:.*[, ]sci.med.dentistry*,
^Subject:.*CUM.*
^Subject:.*FUCK.*
^Subject:.*ASSHOLE.*
^Subject:.*LOVE.*
^Subject:.*COCK.*
^Subject:.*LICK.*
^Subject:.*SUCK.*
^Subject:.*BALLS.*
^Subject:.*PENIS.*
^Message-ID:.*@195.131.52.135.*
^Message-ID:.*@cypherpunks.to.*
^Organization:.*WOOHAA.*

Any other contributions gratefully received, although that seems to
have caught the last batch OK.


>
>>> You're not part of the slrn mafia are you?
>>
>> Just a user not part of any mafia.....but I have to confess to being a
>> fully paid-up Linux refuge ;)
>
> It's an alt.os.linux.mandrake thing from way back. They tried everything,
> including a crowbar to the back of the knee, to get me to switch to slrn,
> but I KNode better.

I've used slrn for years and wild horses wouldn't get me to use that
gui-fied stuff - if it doesn't run in a terminal then it stinks ;)


--

Frank

http://www.freebsd.org/

If you really want to see the whole path, here it is (as delivered to
me)...read from right to left. You can try to complain to the
"X-Complaints" address shown but doubt you'll get anywhere. Just for fun I
sent a complaint and can probably expect 85 zillion spams to hit in the next
36 hours but spamcop is waiting and ready to deal with it.

Path:
news4.srv.hcvlny.cv.net!news3.optonline.net!cyclone.rdc-nyc.rr.com!news.maxw
ell.syr.edu!news.moat.net!news.moat.net!news.wplus.net!newsfeed.wplus.net!no
t-for-mail

From: Fuck Face <[email protected]>
Newsgroups: rec.woodworking
Subject: TIT FUCK my MOM and CUM on her TITS
Date: Mon, 9 Feb 2004 14:01:02 +0000 (UTC)
Organization: WOOHAA
Lines: 1
Message-ID: <[email protected]>
NNTP-Posting-Host: 216-99-245-26-ny-01.cvx.algx.net
X-Trace: news.wplus.net 1076335262 37944 216.99.245.26 (9 Feb 2004 14:01:02
GMT)
X-Complaints-To: [email protected]
NNTP-Posting-Date: Mon, 9 Feb 2004 14:01:02 +0000 (UTC)
User-Agent: Xnews/5.04.25
Xref: news3.optonline.net rec.woodworking:801903

"John McCoy" <[email protected]> wrote in message
news:[email protected]...
> "Len Dye" <[email protected]> wrote in news:0MQVb.21061$uM2.12810
> @newsread1.news.pas.earthlink.net:
>
> > Well we know that this is comeing from [email protected]
>
> Actually, you don't know that.
>
> The posts are being posted thru Wplus.net. They appear to be an
> ISP in Russia, who appear to have screwed up the configuration of
> their newsserver, which so it allows anyone to post.
>
> Where they're actually coming from is an account with Algx.net,
> specifically from 216.99.245.42, which appears to be a DSL line.
> That probably means some clueless moron with proxy software,
> which is open to everyone; or possibly someone with a trojan.
> Or it might actually be the abuser. There's no way to tell.
>
> > What can be done about this, Shame to let a few ruin it for the masses.

>
> Well, not much if you can't accurately determine where it's coming
> from. Based on the above, I'd suggest complaining to [email protected]
> for their user, who is either abusive or clueless; and to
> [email protected] for their misconfigured newsserver.
>
> Or, you could just ignore it.
>
> John