He's back, posting as "JD," from another throwaway google account,
through icg. It's not hard to get him thrown off of Google, and it
usually takes him a week to get another throwaway account. Set your
newsreader to display "all headers." Send mail to
[email protected], and [email protected]. Copy four or five or
more of JD's postings into the mail and request respectfully that his
account be terminated. Enough complaints and he'll be gone.
DON'T REPLY to his spewage, he's a sick man, and that just encourages
him.
--
In article <291020031545122537%[email protected]>, Nobody
<[email protected]> wrote:
> He's back, posting as "JD," from another throwaway google account,
> through icg. It's not hard to get him thrown off of Google, and it
> usually takes him a week to get another throwaway account. Set your
> newsreader to display "all headers." Send mail to
> [email protected], and [email protected]. Copy four or five or
> more of JD's postings into the mail and request respectfully that his
> account be terminated. Enough complaints and he'll be gone.
>
> DON'T REPLY to his spewage, he's a sick man, and that just encourages
> him.
From [email protected] Wed Oct 29 19:25:00 2003
To: XXXXX
Subject: Re: [#4649937] Usenet spammer/troll is back please nuke
MIME-Version: 1.0
User-Agent: Neotonic Trakken/2.7.6
Hi,
The Google Groups account you reported for Usenet abuse has been
suspended. We appreciate your aid in keeping the newsgroups as abuse
free
as possible..
Sincerely,
The Google Groups Team
--
Nobody wrote:
> From [email protected] Wed Oct 29 19:25:00 2003
> To: XXXXX
> Subject: Re: [#4649937] Usenet spammer/troll is back please nuke
> MIME-Version: 1.0
> User-Agent: Neotonic Trakken/2.7.6
>
> Hi,
>
> The Google Groups account you reported for Usenet abuse has been
> suspended. We appreciate your aid in keeping the newsgroups as abuse
> free
> as possible..
>
> Sincerely,
>
> The Google Groups Team
>
> --
Something to think about:
If he wasn't reported he wouldn't have to open another account.
If he didn't open another account he wouldn't change is email address.
If he kept the same email address my filters would still be working.
Reporting him hasn't stopped him yet.
--
Jack Novak
Buffalo, NY - USA
(Remove "SPAM" from email address to reply)
On Wed, 29 Oct 2003 15:45:12 -0700, Nobody <[email protected]>
wrote:
>
>He's back, posting as "JD,"
JD was whacked this morning. Now he's back as [email protected]
and is x-posting to some different groups (country & western and
wrestling). It shows his usual mid-America location and is following
his usual pattern of one vague troll in the mid-afternoon, then a dump
of them in the evening. They'll be along in a few hours.
--
Die Gotterspammerung - Junkmail of the Gods
[email protected] wrote:
> I have automation in place that:
> a) saves to a disk file
> and then
> b) marks as 'read' (so I don't see 'em)
>
> all messages that:
> 1) originate from the 206.216.{48-63}.{anything} netblock
> 2) originate from the 205.184.{128-191}.{anything} netblock
> 3) are cross-posted to 4 or more newsgroups
Maybe there's an opportunity here...
I know I can figure out all this stuff. My experience includes looking at
Ethernet packets and writing MS DOS 1.0 TSR. Given enough time, I have the
fighter-pilot's confidence in my abilities.
It's the *enough* *time* that's the issue...
So, I just had this cranial flatus episode. How about *you* do the
filtering, put the results on a server, & I pay you a buck or two a month
to get the results?
-- Mark
In article <[email protected]>,
Larry Blanchard <[email protected]> wrote:
>
>
>In article <[email protected]>,
>[email protected] says...
>> If you filter by IP address range in the NNTP-Posting-Host header,
>> it *DOESN'T*MATTER* what email address he uses.
>>
>>
>Are you saying there are no legitimate posters from his ISP?
Not drawing any conclusions about any ISP -- as a whole. Some posters
always originate from the _same_ IP address, and blocking that -one-
address will nail them. Others show up from multiple addresses, but
within a 'limited' range -- they're on some sort of 'dynamic address
assignment' set-up from their provider; maybe cable-modem, or DSL, or
even 'dial-up'. by identifying that 'range', one can narrow the filters
to only that group of addresses, leaving anything -else- that _that_
provider uses unaffected.
The primary 'problem child' posts from ICG, and always from the NYC area.
_EVERY_ IP address he has used is in one of two address-blocks that
ICG uses for what appears to be "New York Island", and/or "Newark"
areas. The two address-blocks in question contain roughly 4000, and 16,000
IP addresses.
I have automation in place that:
a) saves to a disk file
and then
b) marks as 'read' (so I don't see 'em)
all messages that:
1) originate from the 206.216.{48-63}.{anything} netblock
2) originate from the 205.184.{128-191}.{anything} netblock
3) are cross-posted to 4 or more newsgroups
As the automation _does_ capture copies of the 'ignored' messages,
I _can_ check for 'false positives'.
In the last month-plus, the *only* messages caught by rules 1), and 2),
above have been 'noise'. *ZERO* "legitimate posts" have been trapped/discarded
in error.
Cursory examination of the captured messages indicates a probable
upper limit of _three_ posters from ICG in the NYC area. *NONE* of
whom have anything 'constructive' to the rec.woodworking group.
The primary 'problem child' has posted under a number of usernames.
"LeicaAddict", and "hairyhole" *may* be two additional people. Or may not.
For rule 3), I have 'historical data' going back to early July (2760 posts
caught and filtered -- about 200 of which came from ICG space). Looking
*only* at the subject lines, It looks like there may have been as many as
_three_ legitimate posts trapped. Two of the three are suspect, as they
are 'follow-ups', but the -original- message was not crossposted to the
'threshold' number of groups.
I think I can stand missing *one* legitimate post every 4 months. <grin>
For those interested, the Nfilter 'equivalents' of what I actually use
(I'm running UNIX boxes, radically different tools available) are:
[[ MUST have 'enable regular expressions' set in the config screen ]]
rec.woodworking drop nntp-posting-host:.*206\.216\.[456]
rec.woodworking drop nntp-posting-host:.*205\.184\.1[23456789]
and either
rec.woodworking drop newsgroups:.*,.*,.*,
-or-
rec.woodworking drop xref:.+:.+:.+:.+:
In article <[email protected]>,
Nova <[email protected]> wrote:
>
>
>Nobody wrote:
>
>> From [email protected] Wed Oct 29 19:25:00 2003
>> To: XXXXX
>> Subject: Re: [#4649937] Usenet spammer/troll is back please nuke
>> MIME-Version: 1.0
>> User-Agent: Neotonic Trakken/2.7.6
>>
>> Hi,
>>
>> The Google Groups account you reported for Usenet abuse has been
>> suspended. We appreciate your aid in keeping the newsgroups as abuse
>> free
>> as possible..
>>
>> Sincerely,
>>
>> The Google Groups Team
>>
>> --
>
>Something to think about:
something *more* to think about....
>
>If he wasn't reported he wouldn't have to open another account.
>If he didn't open another account he wouldn't change is email address.
>If he kept the same email address my filters would still be working.
If you filter by IP address range in the NNTP-Posting-Host header,
it *DOESN'T*MATTER* what email address he uses.
*Three* lines of filter rules in a quality newsreader, or
for Nfilter/NewsProxy, eliminates virtually *all* of the
'noise', and requires essentially _zero_ maintainence.
Nova <[email protected]> said:
> Something to think about:
>
> If he wasn't reported he wouldn't have to open another account.
> If he didn't open another account he wouldn't change is email
> address. If he kept the same email address my filters would
> still be working.
>
> Reporting him hasn't stopped him yet.
I argued this months ago... lots of bluster from people who claimed
they had 'connections' and it was only a matter of time and they
would hunt him down... blah, blah, blah. The troll is still posting
and all the attention is just egging him on.
--
McQualude
In article <[email protected]>,
[email protected] says...
> If you filter by IP address range in the NNTP-Posting-Host header,
> it *DOESN'T*MATTER* what email address he uses.
>
>
Are you saying there are no legitimate posters from his ISP?
--
Where ARE those Iraqi WMDs?