Re: UGH, TOO MUCH SPAM

On Mon, 28 Jan 2008, in the Usenet newsgroup comp.os.linux.misc, in article
<icejc1zoox.fsf@xxxxxxxxxxxxxxxx>, Dan Espen wrote:

ibuprofin@xxxxxxxxxxxxxxxxxxxxxx (Moe Trin) writes:

Dan Espen wrote:

If your news reader supports it,
filter on the nntp-posting-host.

I don't _like_ to do that, as such scoring is "expensive" (the news
reader has to ask the server for that header on every post, which
slows things down substantially).

Yes, it slows things down but I didn't see anything else that
would help.

There are some things in the XOVER headers (From:, Subject:, References:,
Date:, Bytes:, Lines:, Message-ID: and Xref:) that become apparent when
you list them. I have my own spool via a downloading tool (slrnpull, but
leafnode does similar), and using 'cut' to look at individual headers in
the .xover file may be enlightening.

Upthread, you showed a list of 31 'NNTP-Posting-Host:' headers which I
understand to be sources of sporge runs. Looking at those with IP
addresses,

207.172.248.72 65.184.50.97 69.115.198.4 74.77.70.141 81.220.188.22
208.123.0.236 65.32.175.224 69.116.176.8 75.84.83.86 82.158.125.233
24.163.14.102 66.182.211.134 69.201.209.30 76.168.219.69 85.69.236.97
24.168.139.56 66.68.81.203 71.68.210.225 76.190.180.110 87.12.177.23
24.185.232.83 68.195.34.167 71.71.101.34 80.192.11.216 97.100.198.116
24.93.111.200 68.205.84.148 71.79.213.171 81.106.3.182 97.96.146.26

many of those (17 of 31) are Road Runner residential addresses - because
rr.com has no reliable controls on their server, and such a residential
network is where you can find Eleventy-Zillion windoze boxes waiting to
be zombied (if they aren't already on 'Open Proxy" lists). Actually,
all but two of your list are obvious broadband residential IPs. Because
there are so many readily exploitable boxes on the Internet, the chance
of a single host being re-used to spam/spew after the incident that
caused you to note the address is extremely low.

Old guy
.

Relevant Pages

  • Re: Problem Updating New Messages from NTTP News Server OE
    ... > as far as I know and he doesn't have a server in his setup. ... download the answer to a problem he had posted in the Outlook group and I had seen the answer almost immediately on July 1. ... sure how taking the check out of the download headers boxes would have helped. ... pane 3) Get headers at a time 4) No check in mark all messages as read when exiting newsgroup ...
    (microsoft.public.windows.inetexplorer.ie6_outlookexpress)
  • RE: Three Errors on Server 2003 SB Any idea?
    ... occurring on your SBS 2K3 Server: ... expand the Recipients object -> Offline ... Address Lists. ... Ensure a valid Public Folder Store is set for the Offline Address ...
    (microsoft.public.windows.server.sbs)
  • Re: redhat-list Digest, Vol 2, Issue 1
    ... end-of-life of Red Hat Linux 9.0.... ... In this case, if this is an important server, then it may as well be ... The problem with mailing lists like this one is that the from ...
    (RedHat)
  • Re: DNS poisoning block list?
    ... I have checked lists, and as an individual user they are really so far ... site for DNS poisoning, I don't know why I shouldn't try to explicitly ... that I was served from a poisoning DNS server like this that I had taken ...
    (comp.os.linux.security)
  • Re: fedora-list Digest, Vol 46, Issue 104
    ... server can't probe the monitor (but this isn't the real ... F8 Network Woe ... bridge-wlan0: enabling the bridge ... Most other lists I follow have this feature and it help a lot when trying ...
    (Fedora)