Re: Newsgroup abuse trough linuxaa.com [was: xfs to ext3 conversion]

From: Michael Heiming (michael+USENET_at_www.heiming.de)
Date: 08/01/05 

Date: Mon, 1 Aug 2005 22:54:08 +0200

In alt.os.linux kp <test@test.com>:
> "Richard Polhill" wrote
>>
>> > Have they been hacked or are they total fucking arseholes?
>> >
>>
>> They're hacked of course. They're using phpBB and somebody has added
>> linux/windows in a word censor. Might be through the admin panel or
> perhaps
>> the MySQL backend.
>>
>> Changing the subject somewhat, I had no idea you could link PHPBB to
> usenet
>> like they have.
>>
>> Emailed the admin just in case they don't already know.

[ most newsreader can be configure to automatically snip .sig on
reply, makes things look better ]

> Many thanks for telling me the problem, Rich.

> I'm terribly sorry for this trouble. The forum was hacked and three
> malicious word censors were added, it's not me messing around, which doesn't
> make any sense. Like any other admins, security is my primary concern of my
> server.

Sounds like some pretty old version of "phpBB.com".

> The forum synchronizes the newsgroup posts on a regular basis with a
> third party script on phpBB.com, I have a small script to delete the spams
> and repetitive posts (FAQ, stats), As someone mentioned that the stats were

The FAQ is a community afford to help people new to the newsgroup
to get them going, it doesn't really matter if they are accessing
the group through some www forum or via nntp.

The stats are just for the fun of having them, nothing serious.

Anyone should have the freedom to decide on its own which
post/poster he wants to kill-file and which not.

> deleted before he posted, that's just my daily maintenance work, I didn't
> realized the problem yet at that time. I don't want the users to know the
> forum is connected to newsgroups, that's because I don't want the spammers
> to abuse the forum.

Would be pretty easy deleting/canceling spam (if any) posted
through your forum and closing those accounts in a second during
your daily "maintenance work".

> Any serious members can discover it after reading a
> couple of posts, but the spammers only scan the homepage. Why I setup the

Never saw real spammer abusing some www forum, you can't even
cross-post, a serious flaw for any spammer. Sorry, don't buy into
your story.

> forum? I have no definite answer, maybe for fun, or I like Linux, or help
> people, or earn money, but definitely not to piss off the Linux community.

Ah see, found the important part of Sybren's brilliant post:
<slrnc9642i.5sk.sybrenUSE@sybren.thirdtower.com>

"
- Put the "Linuxforums.com" banner below a signature delimiter
  ("-- ") so it is automatically removed from replies.
- Put the subscriber's signature there too.
- Prevent the users from editing posts that were posted to a
  Usenet group. It can't be edited once it's posted to Usenet.
  Maybe you could post it with a delay, so that people can
  edit it until 20 minutes after posting. The forum system
  could then send it to Usenet after those 20 minutes.
- Let people reply in a threaded way, like replying to a specific
  post more than replying to the thread as a whole.
- Make it clear to your users that they are posting to Usenet,
  and perhaps offer a document about how to use Usenet directly -
  it has it's advantages.
"

The last point is pretty important and only fair usage in my
eyes. 

-- 
Michael Heiming (X-PGP-Sig > GPG-Key ID: EDD27B94)
mail: echo zvpunry@urvzvat.qr | perl -pe 'y/a-z/n-za-m/'
#bofh excuse 273: The cord jumped over and hit the power switch.