Can anything be done about this Psi.net spam?

waybackN...@excite.com

unread,

Jun 2, 2000, 3:00:00 AM6/2/00

to

Quoted below is an example of spam which has been flooding
many of the adult newsgroups recently. The messages appear
to originate at PSI-net's InterRamp sevice. I've sent email
to ab...@psi.net twice and got nothing beyond the typical
automated response. And the flood continues. In the groups
afflicted, these messages often constitute a majority of the
message traffic in the group, sometimes virtually the entire
volume. There are often hundreds of messages per day per
newsgroup.

Each of these messages is 5 lines long. Each has a
different From name and bogus email address. And each
Subject is different. But on any given day, all of them
come from the same IP number (always one of psinet's).

It appears that psinet doesn't want to do anything about
this, or doesn't consider this stuff to be spam, or
whatever. And the problem is that there's no way to filter
this spam, except possibly on the number of Lines (always
exactly 5). Also, I assume that because so much of the
header is faked to make it appear that these are separate
postings, the messages don't even show up on the automated
posting volume lists you guys keep.

So, the question is whether anything can be done about this.
The volume is just incredible. I tried to get my ISP
(Worldnet) to contact psinet directly about this, but they
declined. It's too bad everybody on Usenet is paying to
process this crap every day, day after day.

> Path: gtnsc05-news.ops.worldnet.att.net!wnmasters3!wn3feed
!worldnet.att.net!205.252.116.205!howland.erols.net
!peerfeed.news.psi.net!psinr!interramp!not-for-mail
> From: sim...@acsfw.ru (Simone Superman)
> Sender: simone
> Newsgroups: alt.sex.stories.hetero
> x-no-archive: yes
> X-Newsreader: Microsoft Outlook Express 4.72.2106.4
> X-MimeOLE: Produced By Microsoft MimeOLE V4.72.2106.4
> Keyword: straight
> Reply-to: sim...@acsfw.ru - (Simone Superman)
> Subject: These are the absolute nastiest straight pics!
> Message-ID: <k9b...@acsfw.ru>
> Organization: simone, Inc
> X-Forwarded: by - (/6.1.9)
> Lines: 5
> Date: 31 May 2000 04:08:18 GMT
> NNTP-Posting-Host: 38.29.61.59
> X-Trace: interramp 959771268 38.29.61.59 (Wed, 31 May 2000 07:07:48 EDT)
> NNTP-Posting-Date: Wed, 31 May 2000 07:07:48 EDT

> It's free give it a chance!. For hardcore porn lovers you must see this it's
> totally new!. Go to http://1087375298/bigtitsandass/ and check it out!. Do
> you want straight pictures this is the place for you!. Forget the other porn
> sites, ours is the best!.

Pekka Ala-Mäyry

unread,

Jun 2, 2000, 3:00:00 AM6/2/00

to

waybackN...@excite.com wrote:
>
> It appears that psinet doesn't want to do anything about
> this, or doesn't consider this stuff to be spam, or
> whatever. And the problem is that there's no way to filter
> this spam, except possibly on the number of Lines (always
> exactly 5). Also, I assume that because so much of the
> header is faked to make it appear that these are separate
> postings, the messages don't even show up on the automated
> posting volume lists you guys keep.
>
> So, the question is whether anything can be done about this.
> The volume is just incredible. I tried to get my ISP
> (Worldnet) to contact psinet directly about this, but they
> declined. It's too bad everybody on Usenet is paying to
> process this crap every day, day after day.

I got also interested about this spammer. My guess is that
the spam comes from a some kind of automatic spam generator.

The faked headers are generated like this:
Forename, Surename is selected from a list or entered manually.
Network address is entered from keyboard as the keyed sequencies
are adjacent keys fron QWERTY keyboard. For example 12qwaszx,
45rtfgvb, qw132w, etc. The doimain is selected from list:
ca, com, edu, ja, net, ru, uk, us, us.ca
Organization is <name>, Inc
========================= Example Begins ======================
>From: che...@fhdg274.edu (Cheryl Cloony)
>Sender: cheryl
>Newsgroups: alt.binaries.pictures.erotica.fetish.latex
>Keyword: suits
>Reply-To: che...@fhdg274.edu - (Cheryl Cloony)
>Subject: Drop everything in your hands if you like suits !!
>Organization: cheryl, Inc
>Lines: 5
>Date: 1 Jun 2000 23:03:52 GMT
>NNTP-Posting-Host: 38.29.61.46
>X-Trace: interramp 959927089 38.29.61.46 (Fri, 02 Jun 2000 02:24:49 EDT)
>NNTP-Posting-Date: Fri, 02 Jun 2000 02:24:49 EDT
========================= Example Ends ======================

This spamming is advertising porno sites 64.208.7.150 to 64.208.7.252

Traceroute to these sites gives:
...
17 pos10-1-0-cr1.PHX.gblx.net (206.132.117.82) 80.214 ms 79.835 ms
18 VisionVideography.s12-1-0-9-0.cr1.PHX.gblx.net (64.208.17.30)
91.863 ms 85.462 ms
19 64.208.7.252 (64.208.7.252) 85.655 ms 85.209 ms

Only info about Vision Videography I found on Net was:
Production Company Vision Videography [Video].....(602) 375-0518

The search with this phone number gave:
The Arizona Online Film Production Directory, Arizona Video Assist
Operators
Gil Benson, (602) 375-0518, (602) 863-1190 (Cellular),
pbe...@primenet.com

Chances are that he has nothing to do with this spamming.

--
pam

Pekka Ala-Mäyry

unread,

Jun 2, 2000, 3:00:00 AM6/2/00

to

Pekka Ala-Mäyry wrote:
>
> I got also interested about this spammer. My guess is that
> the spam comes from a some kind of automatic spam generator.

The generator forms each message of six sentences one of which
contains the <site>. Messages may contain <keyword> which is
associated to the newsgroup to be spammed. Examples are diapers,
rubber, or suits. The <keyword> is the same used at the
"Keyword: " field of the message.

Here are 13 most frequent sentences (out of total 185 I found):
So we been told the girls on here are totally hot!
Horny Sluts showing off there pink slits, wanting you to cum!
Free porn is at <site> go check it out!
Exclusive free <keyword> photos!
Hvaing it all hardcore for you to see!
Go to <site> you wont be sorry!
FREE FREE FREE thats right it's all free for all!
Can't get any nastyer then this!
You don't want to miss out on this deal off a life time!
What else can you look for it's all free here!
To see all the amazing free porn, go to <site>
My dog saw this site and he started humping everything!
It took forever, but its finally finished!
...

--
pam

SEAL Team 6 World Trade Center Serbian Cocaine [Hello to all my fans
in domestic surveillance] cracking KGB nuclear arrangements CIA
counter-intelligence smuggle fissionable ammunition SDI

David Ritz

unread,

Jun 2, 2000, 3:00:00 AM6/2/00

to

-----BEGIN PGP SIGNED MESSAGE-----

On Fri, 2 Jun 2000 11:59:56 GMT, "PAM" == Pekka Ala-Mayry <pekka.ala-mayry@ota_pois.nokia.com> wrote:

PAM> waybackN...@excite.com wrote:

PAM> I got also interested about this spammer. My guess is that
PAM> the spam comes from a some kind of automatic spam generator.

PAM> The faked headers are generated like this:
PAM> Forename, Surename is selected from a list or entered manually.
PAM> Network address is entered from keyboard as the keyed sequencies
PAM> are adjacent keys fron QWERTY keyboard. For example 12qwaszx,
PAM> 45rtfgvb, qw132w, etc. The doimain is selected from list:
PAM> ca, com, edu, ja, net, ru, uk, us, us.ca
PAM> Organization is <name>, Inc

>> ========================= Example Begins ======================
>>From: che...@fhdg274.edu (Cheryl Cloony)
>>Sender: cheryl
>>Newsgroups: alt.binaries.pictures.erotica.fetish.latex
>>Keyword: suits
>>Reply-To: che...@fhdg274.edu - (Cheryl Cloony)
>>Subject: Drop everything in your hands if you like suits !!
>>Organization: cheryl, Inc
>>Lines: 5
>>Date: 1 Jun 2000 23:03:52 GMT
>>NNTP-Posting-Host: 38.29.61.46
>>X-Trace: interramp 959927089 38.29.61.46 (Fri, 02 Jun 2000 02:24:49 EDT)
>>NNTP-Posting-Date: Fri, 02 Jun 2000 02:24:49 EDT
>> ========================= Example Ends ======================

PAM> This spamming is advertising porno sites 64.208.7.150 to
PAM> 64.208.7.252

PAM> Traceroute to these sites gives:
PAM> ...
PAM> 17 pos10-1-0-cr1.PHX.gblx.net (206.132.117.82) 80.214 ms 79.835 ms
PAM> 18 VisionVideography.s12-1-0-9-0.cr1.PHX.gblx.net (64.208.17.30)
PAM> 91.863 ms 85.462 ms
PAM> 19 64.208.7.252 (64.208.7.252) 85.655 ms 85.209 ms

PAM> Only info about Vision Videography I found on Net was:
PAM> Production Company Vision Videography [Video].....(602) 375-0518

PAM> The search with this phone number gave:
PAM> The Arizona Online Film Production Directory, Arizona Video Assist
PAM> Operators
PAM> Gil Benson, (602) 375-0518, (602) 863-1190 (Cellular),
PAM> pbe...@primenet.com

PAM> Chances are that he has nothing to do with this spamming.

I wouldn't rule him out, though. Here's why.

This year, one of the top volume spam sources centers around
the operation run by one Leigh Benson, of Phoenix, AZ.

All of the spammed URLs are redirects to other sites. When this
same spammer was operating over the weekend, two weeks ago, at
least one of those sites was in Leigh Benson's GraphX net-block.

<http://www.deja.com/getdoc.xp?AN=626025210&fmt=text>
} Newsgroups: news.admin.net-abuse.sightings
} Date: Mon, 22 May 2000 14:40:23 -0700
} From: David Ritz <dr...@primenet.com>
} Reply-To: David Ritz <dr...@primenet.com>
} To: postm...@interramp.com, PSINet Internet Abuse Monitor <ab...@psi.com>
} cc: ad...@shellhost.com, ro...@shellhost.com, ab...@maxim.net,
} WinStar Network Abuse Center <ab...@winstar.net>, fanta...@NTCOR.COM,
} dnsm...@sog.net, abuse...@uu.net
} bcc: webm...@ibill.com, webm...@xxxcounter.com, webm...@sextracker.com,
} webm...@clubpix.com
} Subject: [usenet] Attn. Jennifer: EMP: BI=42826.0000; Shellhost.com, GraphX/Nontoxic, Voice Media; InterRamp/PSINet
} Message-ID: <Pine.BSI.3.96.100052...@usr01.primenet.com>
} Followup-To: news.admin.net-abuse.usenet

[snip]

} ]traceroute to show-me-da-money.com (199.249.188.62)
} <...>
} ]12 las-vegas.phoenix.good.net (209.141.189.1) <hostm...@good.net>
} ]13 vvg101.phoenix.winstar.net (209.141.90.66) <dom...@goodnet.com>
} ]14 show-me-da-money.com (199.249.188.62) <hostm...@nontoxic.org>
}
} ]usr01# soa show-me-da-money.com
} ]Server: dns2.phx.globalcenter.net
} ]Address: 206.165.6.12
} ]
} ]show-me-da-money.com
} ] origin = ns.nontoxic.org
} ] mail addr = hostmaster.nontoxic.org
} ] serial = 2000030904
} ] refresh = 7200 (2 hours)
} ] retry = 1800 (30 mins)
} ] expire = 3600000 (41 days 16 hours)
} ] minimum ttl = 7200 (2 hours)
} ]show-me-da-money.com nameserver = ns.nontoxic.org
} ]show-me-da-money.com nameserver = ns3.nontoxic.org
} ]ns.nontoxic.org internet address = 199.249.188.5
} ]ns3.nontoxic.org internet address = 209.112.60.58
}
} |usr01# arin 199.249.188.62
} |GraphX (NET-GRAPHX)
} | 930 E. Colter
} | Phoenix, AZ 85014
} | US
} |
} | Netname: GRAPHX
} | Netnumber: 199.249.188.0
} |
} | Coordinator:
} | Benson, Leigh (LB67-ARIN) gra...@AMUG.ORG
} | (602)-200-8850
} |
} | Domain System inverse mapping provided by:
} |
} | NS.NONTOXIC.ORG 199.249.188.5
} | NS3.NONTOXIC.ORG 24.1.226.235
} | NS.FASTQ.COM 204.62.193.3
} |
} | Record last updated on 15-Mar-1999.
} | Database last updated on 22-May-2000 05:43:03 EDT.
}
} |usr01# whois show-me-da-money.com
} |Juan Carlos Alcantar (template COCO-173592) CORE-1
} | 250 Munich St.
} | San Francisco, CALIFORNIA 94112 UNITED STATES
} |
} | Domain Name: show-me-da-money.com
} | Status: production
} |
} | Admin Contact, Technical Contact, Zone Contact:
} | Juan Carlos Alcantar (COCO-173593) car...@race.com
} | +1415 585-3738
} |
} | CORE Registrar: CORE-1
} |
} | Record last modified: 2000-04-12 22:17:42 MET by CORE-1
} | Record created: 2000-02-11 00:42:12 MET by CORE-1
} |
} | Domain servers in listed order:
} |
} | ns1.dalounge.com 207.20.142.50
} | ns.nontoxic.org 199.249.188.5
} |
} | Database last updated on 2000-05-22 22:31:20 MET
}

This week the redirects are going somewhere else. I haven't
had a chance to do a full analysis, but here are a few
examples.

<http://64.208.7.150/hairylegs> redirects to <http://64.208.7.158/>.
<http://64.208.7.175/nicelegs/> redirects to <http://64.208.7.158/>.
<http://64.208.7.238/fuckhotpussy> redirects to <http://64.208.7.243/>.
(Many others redirect to <http://64.208.7.243/>.)

References in http://64.208.7.158/

1. javascript:document.links.submit()
<...>
54. javascript:document.links.submit()

Javascript points to <http://www.sexcamlive.com/?ref=8485>

<http://64.208.7.211/big> redirects to
<http://www.pet-sex.com/index.html?revid=dalounge>.

References in http://www.pet-sex.com/index.html?revid=dalounge

1. http://www.pet-sex.com/main.html?revid=dalounge
2. http://www.pet-sex.com/hidden1.html
3. http://www.pet-sex.com/main.html

<http://64.208.7.187/freesex/> redirects to
<http://www.barnyardbitches.com/index.html?revid=dalounge>.

References in http://www.barnyardbitches.com/index.html?revid=dalounge

1. http://www.barnyardbitches.com/main.html?revid=dalounge
2. http://www.barnyardbitches.com/hidden1.html
3. http://www.barnyardbitches.com/main.html

<http://64.208.7.150/hairylegs> redirects to <http://64.208.7.158/>.
<http://64.208.7.175/nicelegs/> redirects to <http://64.208.7.158/>.
<http://64.208.7.238/fuckhotpussy> redirects to <http://64.208.7.243/>.
(Many others redirect to <http://64.208.7.243/>.)

References in http://64.208.7.158/

1. javascript:document.links.submit()
<...>
54. javascript:document.links.submit()

Javascript points to <http://www.sexcamlive.com/?ref=8485>

==========================================================================

]traceroute to pet-sex.com (200.38.128.29)
<...>
]12 customer-38-200-39.uninet.net.mx (200.38.200.39) <dns...@uninet.net.mx>
]13 customer-9.telmex.net.mx (200.36.40.9) <dns...@uninet.net.mx>
]14 * 200.38.128.25 (200.38.128.25) <ro...@dolphin.cabonet.net.mx>

]usr01# soa pet-sex.com
]Server: dns2.phx.globalcenter.net
]Address: 206.165.6.12
]
]pet-sex.com
] origin = ns1.farrmsexx.com
] mail addr = root.ns1.farrmsexx.com
] serial = 2000041418
] refresh = 7200 (2 hours)
] retry = 1800 (30 mins)
] expire = 2592000 (30 days)
] minimum ttl = 8600 (2 hours 23 mins 20 secs)
]pet-sex.com nameserver = ns1.farrmsexx.com
]pet-sex.com nameserver = ns2.farrmsexx.com
]ns1.farrmsexx.com internet address = 200.38.128.26
]ns2.farrmsexx.com internet address = 200.38.128.27

|usr01# arin 200.38.128.25
|Network Information Center Mexico (NETBLK-NETBLK-NIC-MEXICO-3) NETBLK-NIC-MEXICO-3
| 200.38.0.0 - 200.39.255.255
|UniNet S.A. de C.V. (NETBLK-UNINET-NETBLK7) UNINET-NETBLK7
| 200.38.128.0 - 200.38.159.255
|Uninet S. A. de C.V. (NETBLK-IDP-NEXTENGO12) IDP-NEXTENGO12
| 200.38.128.0 - 200.38.128.255

|usr01# whois server NSO180-HST
|FarrmSexx.Com (FARRMSEXX-DOM) FARRMSEXX.COM
|Ster, Regi (PETSEXXX-DOM) PETSEXXX.COM
|barnyardbitches.com (BARNYARDBITCHES-DOM) BARNYARDBITCHES.COM
|hardcorescat.com (HARDCORESCAT-DOM) HARDCORESCAT.COM
|pet-sex.com (PET-SEX-DOM) PET-SEX.COM
|pooshooters.com (POOSHOOTERS-DOM) POOSHOOTERS.COM

==========================================================================

]traceroute to sexcamlive.com (207.240.12.202)
<...>
]11 128.11.199.75 (128.11.199.75) <dns-...@bbnplanet.com>
]12 fa5-0-0.phxcolo-border2.bbnplanet.net (207.240.1.116) <dns-...@bbnplanet.com>
]13 207.240.12.202 (207.240.12.202) <hostm...@cwie.net>

]usr01# soa sexcamlive.com
]Server: dns2.phx.globalcenter.net
]Address: 206.165.6.12
]
]sexcamlive.com
] origin = ns1.redmark.com
] mail addr = hostmaster.redmark.com
] serial = 2000052300
] refresh = 10800 (3 hours)
] retry = 3600 (1 hour)
] expire = 604800 (7 days)
] minimum ttl = 86400 (1 day)
]sexcamlive.com nameserver = ns1.redmark.com
]sexcamlive.com nameserver = ns2.redmark.com

|usr01# arin 207.240.12.202
|Genuity, Inc. (NETBLK-NETBLK-GENUITY-2) NETBLK-GENUITY-2
| 207.240.0.0 - 207.240.255.255
|CWIE, LLC (NETBLK-CWIEA-11-01) CWIEA-11-01 207.240.11.0 - 207.240.12.255

|usr01# whois server NSV1451-HST
|Aborting search 50 records found .....
|AION IDEA GROUP, L.L.C (AIG7-DOM) AIG4.COM
|Aion Idea Group, L.L.C (TRUECONVERTERS2-DOM) TRUECONVERTERS.COM
|Aion Idea Group, L.L.C (AMATEURPLAYGROUND2-DOM) AMATEURPLAYGROUND.COM
|Aion Idea Group, L.L.C (SEXCAMLIVE-DOM) SEXCAMLIVE.COM
|Aion Idea Group, L.L.C (TRUECASH-DOM) TRUECASH.COM
|Aion Idea Group, L.L.C (STUDCAFE2-DOM) STUDCAFE.COM
|Aion Idea Group, L.L.C (WIN100BUCKS-DOM) WIN100BUCKS.COM
|Aion Idea Group, L.L.C (REDMARK2-DOM) REDMARK.COM
|Aion Idea Group, L.L.C (FSPOT-DOM) FSPOT.COM
|CHRISTOPHER SHEPHERD (WONDERACTIVE-DOM) WONDERACTIVE.COM
|Cyber Visionairies, Inc (MAGICPORN-DOM) MAGICPORN.COM
|Red Mark Productions, Inc (AMATEURSEXCAM-DOM) AMATEURSEXCAM.COM
|Red Mark Productions, Inc (AMATURESPLAYGROUND-DOM) AMATURESPLAYGROUND.COM
|Red Mark Productions, Inc (YOUNGAMERICANGIRLS-DOM) YOUNGAMERICANGIRLS.COM
|Red Mark Productions, Inc (FREEADULTMAIL2-DOM) FREEADULTMAIL.COM
|Red Mark Productions, Inc (AMATEURCINEMA-DOM) AMATEURCINEMA.COM
|Red Mark Productions, Inc (TEENSEXCAM-DOM) TEENSEXCAM.COM
|Red Mark Productions, Inc (SPORTGIRLS2-DOM) SPORTGIRLS.COM
|Red Mark Productions, Inc (FREELIVESEXCAM-DOM) FREELIVESEXCAM.COM
|Red Mark Productions, Inc (JAPEROTICA-DOM) JAPEROTICA.COM
|Red Mark Productions, Inc (RAUNCHOMATIC-DOM) RAUNCHOMATIC.COM
|Red Mark Productions, Inc (CHEERLEADERPICS2-DOM) CHEERLEADERPICS.COM
|Red Mark Productions, Inc (RATETHEBABES-DOM) RATETHEBABES.COM
|Red Mark Productions, Inc. (VOYEURHOTEL-DOM) VOYEURHOTEL.COM
|Web Workx International Inc (ASIASFINEST-DOM) ASIASFINEST.COM
|Web Workx International Inc (POWERGIRLS-DOM) POWERGIRLS.COM
|Web Workx International Inc (DOTHEHUSTLE-DOM) DOTHEHUSTLE.COM
|Web Workx International Inc (LONELYHOUSEWIVES2-DOM) LONELYHOUSEWIVES.COM
|Web Workx International Inc (DILDOPARTY-DOM) DILDOPARTY.COM
|Web Workx International Inc (PUMPTHERUMP-DOM) PUMPTHERUMP.COM
|Web Workx International Inc (FREEYOUNGCHICKS-DOM) FREEYOUNGCHICKS.COM
|Web Workx International Inc (BITCHESINBONDAGE-DOM) BITCHESINBONDAGE.COM
|Web Workx International Inc (LOADTIME-DOM) LOADTIME.COM
|Web Workx International Inc (TEENORAMA3-DOM) TEENORAMA.COM
|Web Workx International Inc (PORNOGOGO-DOM) PORNOGOGO.COM
|Web Workx International Inc (PUREASIANS-DOM) PUREASIANS.COM
|Web Workx International Inc (ELECTRICLOVE-DOM) ELECTRICLOVE.COM
|Web Workx International Inc (ALLFREEAMATEURS-DOM) ALLFREEAMATEURS.COM
|Web Workx International Inc (AMATEURHOUSE2-DOM) AMATEURHOUSE.COM
|Web Workx International Inc (NASTYLOVE-DOM) NASTYLOVE.COM
|Web Workx International Inc (CLUBBANANA-DOM) CLUBBANANA.COM
|Web Workx International Inc (MONKEYLOVE-DOM) MONKEYLOVE.COM
|Web Workx International Inc (BUTTFEST-DOM) BUTTFEST.COM
|Web Workx International, Inc (GENTLEMENSWORLD-DOM) GENTLEMENSWORLD.COM
|Web Workx International, Inc (DAILYDOWNLOADS-DOM) DAILYDOWNLOADS.COM
|Web Workx International, Inc (SMUTKINGDOM-DOM) SMUTKINGDOM.COM
|Web Workx International, Inc (PORNINPRIVATE-DOM) PORNINPRIVATE.COM
|Web Workx International, Inc (PORNPLAYGROUND-DOM) PORNPLAYGROUND.COM
|Web Workx International, Inc. (XXXNEWS2-DOM) XXXNEWS.COM
|WebmasterIQ.com (WEBMASTERIQ3-DOM) WEBMASTERIQ.COM

==========================================================================

While I've already requested that GlobalCenter slap router
block on the address which are being spammed directly, the real
targets are Ross Jeffries sites being hosted in Mexico and the
Redmark site.

Since both of these operations are paying for hits. Simply
requesting that this spammer be permanently removed from their
account roles and webmasters' programs, may be sufficient. If
you don't get a quick response, it will be time to direct your
request to their bandwidth providers.

BTW, the "dalounge" click-through account name was used last week,
too.

I don't believe in coincidences.

- --
David Ritz <dr...@primenet.com>
"There are three kinds of lies: lies, damned lies and statistics."
- Benjamin Disraeli (1804-81)

-----BEGIN PGP SIGNATURE-----
Version: PGP Personal Privacy 6.5.2
Comment: Finger:dr...@primenet.com for public keys

iQCVAwUBOTfhXNzLrWGabIhRAQGYPwQAqzwm6529gjCFb7CRdIQAetkcrhDGKl7e
e1o3PBJMVR23ywBEjpkVXZAvgEDqqKL/sYX/nUu9tcukPDFx4rMj46EAfl+kPfuQ
jmBb/D/hRcr1q6WdtCu4+5S/DyAgMg4G2yFEBt0ThQHNyYlUbpn92o0ufLj6kv+Y
cI3SVsmO3tM=
=wQp8
-----END PGP SIGNATURE-----

waybackN...@excite.com

unread,

Jun 2, 2000, 3:00:00 AM6/2/00

to

>So, the question is whether anything can be done about this.
>The volume is just incredible. I tried to get my ISP
>(Worldnet) to contact psinet directly about this, but they
>declined. It's too bad everybody on Usenet is paying to
>process this crap every day, day after day.

I'm a total novice at all this, so, having read through the first
responses to my original message, I'm left with the sense that I
didn't get a prognosis on this case - whether it's possible to shut
this guy down or not. Is there something I need to do specifically
to accomplish that? Are there internet gods out there somewhere who
know what to do? How do we actually get this done?

Howard 'Not a HipClone' Knight

unread,

Jun 3, 2000, 3:00:00 AM6/3/00

to

David Ritz (dr...@primenet.com) writes:

: PAM> The search with this phone number gave:

: PAM> The Arizona Online Film Production Directory, Arizona Video Assist
: PAM> Operators
: PAM> Gil Benson, (602) 375-0518, (602) 863-1190 (Cellular),
: PAM> pbe...@primenet.com
:
: PAM> Chances are that he has nothing to do with this spamming.
:
: I wouldn't rule him out, though. Here's why.
:
: This year, one of the top volume spam sources centers around
: the operation run by one Leigh Benson, of Phoenix, AZ.
:
: |Benson, Leigh (LB6) postm...@AMUG.ORG
: | 4131 N. 24th street suite A120
: | Phoenix, AZ 85016
: | (602)553-8966

Hmm. Back in march when Lee and crew almost single handedly got @Home
UDPed, I noticed that one of his goons had a username of
"g...@nontoxic.org":

Login: gil Name:
Directory: /data2/home/gil Shell: /bin/bash
Never logged in.
Mail last read Tue Feb 22 10:27 2000 (MST)
No Plan.

Gil Benson perhaps? Lee's Brother? Unfortunately, my "Benson" file is
archived and I can't get to it right now. But I do know this: Leigh
Benson has left a significant mark on the history of Usenet.

Indeed, Leigh Benson wrote the first spamware program (aka spambot).
As Lysander Spooner would say, "I'm not making this shit up!" Canter &
Seigel hired Benson to write their spambot. After the scandal broke out,
Benson would tell the press that he had broken ties with Canter & Seigal,
and would not condone behavior that, "hurts the net".

Since then, Benson has turned to the "Dark Side". He recruits goons
from IRC to flood the newsgroups with tens of thousands of posts per
day. For you IRC savey people, his nick is Sbizz, and he hangs out
on Efnet in a channel called #nontoxic.

Even after his nontoxic.org network became defunct because of spamming,
he couldn't resist the urge to spam. I caught up with him back in
March on IRC. I've attached a transcript of our conversation. I've
also attached a snippet of what Benson was telling his friends publicly
in #nontoxic during our conversation.

Last but not least, Mr. Benson is also the proud president of
"SPALLPENIS.ORG": <http://www.smallpenis.org/bio.html>.

Enjoy!

Howard

------------------------------------------------------------------------
Session Start: Thu Mar 09 21:06:25 2000
<HowardK> lee, there?
<SbizZ> yo
<HowardK> do you know who I am?
<SbizZ> not a clue
<SbizZ> u a freind of CJ or Bill?
<HowardK> I guess you don't visit the news.admin.net-abuse.usenet
newsgroup then. Anyway, my cancel bot found five of your pink
turd spam droppings in the newsgroups today. You're not gonna
start that shit up again, are you?
<HowardK> no, I don't know cj or bill
<HowardK> I know @Home and Road Runner though.
<HowardK> :_)
<HowardK> oops
<HowardK> :-)
<SbizZ> must be old shit i tossed the customer that was doing it
<HowardK> Leigh, don't insult my intellegence
<HowardK> Does "Canter & Seigel" mean any thing to you?
<SbizZ> not to me
<HowardK> So far, I haven't told anyone about you. But if you start
spamming again, I'll make you a public specitcle.
<HowardK> There was a time when you spoke out against spam because it
"hurts the net". What happened to you man?
<SbizZ> heh its been done before
<SbizZ> well i grew up had kids and figgured out that the more spam on
the usenet sex groups the less shit my kids are gonna find
<SbizZ> i do agree with the resource issue...
<SbizZ> and do we know each other?
<SbizZ> cause u seem to know a lot about me...
<HowardK> Well, I'm one of the people who was going to participate in
the @Home UDP
<SbizZ> not that its verry hard to find out....i am a verry open guy
<HowardK> you did hear about that didn't you?
<SbizZ> heh yea
<HowardK> 20,000 to 30,000 post a day? You really "agree with the
resource issue"?
<HowardK> hehe
<HowardK> I'm one of the high volume spam cancelers. That's how I know
you.
<SbizZ> well u have to take the good with the bad...i mean the spam to
post ratio on thoes groups is for shit anyway
<HowardK> although, I've never corrisponded with you before tonight.
<SbizZ> well lets work out something here.....i dont want to cause
trouble....i
<HowardK> sure, let's work something out.
<SbizZ> i just want to make money.....can u help me out with maby like
abreakdown of shit.....
<SbizZ> so we could clean up things....
<HowardK> what kind of breakdown?
<SbizZ> so we make shure we are not continusly sending crapt to groups
who bitch about it.....or totaly improper groups
<HowardK> what do you mena, a breakdown of shit? lol
<SbizZ> i mean there is a lot of money in the news groups.....we can get
away with some cant we?
<SbizZ> heh so i am famous for the green card thing eh:)
<HowardK> lee, you know how the game works. Spam has nothing to do with
the groups or the content. Spam has everything to do with the
voluem.
<SbizZ> to tell you the truth i havent touched usenet personally since
then
<SbizZ> ok
<HowardK> SbizZ, lol. Well, famous or infamous. So far, your
reputation hasn't been damaged by it. But this spamming
thing...could be bad for you.
<SbizZ> so like if we get 3 posts into like say 500 groups thats not
excessive?
<HowardK> Listen, I have to run.
<HowardK> my email is how...@primenet.com
Session Close: Thu Mar 09 22:07:51 2000

---------------------------#Nontoxic chat-------------------------------
[21:52] <SbizZ> hahahaha
[21:52] <SbizZ> thats it no more usenet spamming for me:)
[21:53] <Hustler1> ehhh
[21:53] <Hustler1> ?
[21:53] <Hustler1> what happen
[21:53] <SbizZ> seems i have a rep
[21:53] <Hustler1> uh huh
[21:53] <Hustler1> and
[21:54] <ntropy007> a rap?
[21:55] <SbizZ> they think i am doing it....personally. and they know who
i am from the original spam heard round the world
[21:56] <SbizZ> [HowardK(how...@207-218-50-19.nas1.bur.primenet.com)] lee,
you know how the game works. Spam has nothing
[21:56] <SbizZ> to do with the groups or
the content. Spam has everything to do with the
[21:56] <SbizZ> voluem.
[21:57] <SbizZ> [HowardK(how...@207-218-50-19.nas1.bur.primenet.com)]
20,000 to 30,000 post a day? You really "agree with
[21:57] <SbizZ> the resource issue"?
[21:57] <SbizZ> [HowardK(how...@207-218-50-19.nas1.bur.primenet.com)]
hehe
[21:57] <SbizZ> [HowardK(how...@207-218-50-19.nas1.bur.primenet.com)]
I'm one of the high volume spam cancelers. That's
[21:57] <SbizZ> how I know you.
[21:57] <ntropy007> no way.
[21:57] <SbizZ> he also said we were mostly responsible for the @home UDP
[21:58] <ntropy007> shit. you are like a spam king.
[21:58] <SbizZ> i think our little spam guys when nutz
[21:58] <SbizZ> THE spam king from what this guy was saying
[21:58] <ntropy007> so, you had some ppl doing it for ya?
[21:59] <ntropy007> damn. time to make ammends.
[21:59] <SbizZ> shit yea
[21:59] <Hustler1> haha
[21:59] <Hustler1> ok
[21:59] <Hustler1> ntr
[21:59] <Hustler1> u need to get codeing
[21:59] <Hustler1> your ass on the hosting thing
[22:00] <Hustler1> if we cant spam
[22:00] <ntropy007> he
[22:00] <ntropy007> thats what spring break is for ;)
[22:00] <Hustler1> when is it
[22:00] <Hustler1> ?
[22:00] <SbizZ> i mean this guy could go public with this and he has
enough ammo to make it verry ugly for s
[22:00] <Gnea> hm
[22:01] <Hustler1> is this howardk guy an oper
[22:01] <Gnea> and i ALMOST finished writing that script too ;)
[22:01] <SbizZ> news admin

Andrew Gierth {not a hipclone}

unread,

Jun 3, 2000, 3:00:00 AM6/3/00

to

>>>>> "Howard" == Howard 'Not a HipClone' Knight <how...@primenet.com> writes:

Howard> Even after his nontoxic.org network became defunct because of
Howard> spamming, he couldn't resist the urge to spam. I caught up
Howard> with him back in March on IRC. I've attached a transcript of
Howard> our conversation. I've also attached a snippet of what
Howard> Benson was telling his friends publicly in #nontoxic during
Howard> our conversation.
[snip IRC logs]

*snork*

hehehe.

--
Andrew.

"I believe we've been over this before. There isn't need for any sort
of security feature unless some asshole wants to make a nuisance of
himself." Matt (ARPAVAX:glickman) in net.rumor, Dec 1981

David Ritz

unread,

Jun 3, 2000, 3:00:00 AM6/3/00

to

-----BEGIN PGP SIGNED MESSAGE-----

On Fri, 2 Jun 2000 20:55:28 GMT, in article <4bVZ4.270$Gb7....@bgtnsc05-news.ops.worldnet.att.net>, "WB" == waybackN...@excite.com wrote:

>> So, the question is whether anything can be done about this.
>> The volume is just incredible. I tried to get my ISP
>> (Worldnet) to contact psinet directly about this, but they
>> declined. It's too bad everybody on Usenet is paying to
>> process this crap every day, day after day.

WB> I'm a total novice at all this, so, having read through the
WB> first responses to my original message, I'm left with the sense
WB> that I didn't get a prognosis on this case - whether it's
WB> possible to shut this guy down or not. Is there something I
WB> need to do specifically to accomplish that? Are there internet
WB> gods out there somewhere who know what to do? How do we actually
WB> get this done?

You really shouldn't feel that you've been ignored or left out in
the cold. While the responses you received might not be quite
what you were expecting, I'd hope you got the feeling that others
were very aware of what was happening.

What can you do? What you're already doing: Report the problem to
<ab...@psi.com>. You don't need to send them a complaint for each
of the hundreds of articles appearing in whatever newsgroup you're
reading. A couple of sample articles with full headers really is
enough.

When you receive an auto-ack from PSINet, you'll get a tracking
ticket number. If you send in additional reports, perhaps on
those rare occasions when this spammer changes dialup sessions,
include that tracking number in the subject line of your follow
ups.

So far as stopping this flood cold, I told PSINet on 01 June
exactly how to shut it down instantly and completely. Thus far,
they've ignored my advice and the flood continues.

AFAIKT, PSINet believes that shutting down one or two spam accounts
is going to solve the problem. This, however, does not even
begin to approach treating the symptom, let alone excising the
disease.

Message-ID: <a8L...@egwuf7.ru>
X-Trace: interramp 959870792 38.29.61.46 (Thu, 01 Jun 2000 10:46:32 EDT)
{
Message-ID: <dLf...@78uijknm.edu>
X-Trace: interramp 959964094 38.29.61.46 (Fri, 02 Jun 2000 12:41:34 EDT)

=> Notice of Action Taken: Fri, 2 Jun 2000 13:16:04 -0400 (EDT)

Message-ID: <mm8...@be7f.us.ca>
X-Trace: interramp 959971886 38.29.61.236 (Fri, 02 Jun 2000 14:51:26 EDT)
{
Message-ID: <ppB...@nmhkjl.ru>
X-Trace: interramp 959995698 38.29.61.236 (Fri, 02 Jun 2000 21:28:18 EDT)

Message-ID: <aPB...@nmasig.uk>
X-Trace: interramp 959996581 38.29.61.107 (Fri, 02 Jun 2000 21:43:01 EDT)
{
Message-ID: <kOc...@ghty56.edu>
X-Trace: interramp 960008408 38.29.61.107 (Sat, 03 Jun 2000 01:00:08 EDT)

Between 02 June 2000 00:00:00 -0500 and 02 June 2000 23:59:59,
54,098 posts in this series arrived at one specific monitoring
site. When I ran a similar query for 03 June through 14:34:10
-0500, the results indicate that an additional 24,854 items
arrived at the monitoring site.

Message-ID: <LMf...@j4f73.com>
X-Trace: interramp 960018698 38.29.61.107 (Sat, 03 Jun 2000 03:51:38 EDT)

Message-ID: <5Mf...@4vser3.com>
X-Trace: interramp 960021141 38.11.190.118 (Sat, 03 Jun 2000 04:32:21 EDT)
{
Message-ID: <46K...@vwer142.ca>
X-Trace: interramp 960059706 38.11.190.118 (Sat, 03 Jun 2000 15:15:06 EDT)
=> (ongoing)

One would hope that PSINet will not only take action to slag the
individual dialup accounts of the spammer, but will take the
necessary steps to stop this spammer completely. This may take a
combination of both technical and social fixes.

The social fixes might include seeking legal remedy against the
frauds and thieves who misappropriate PSINet's equipment. Here,
again, I made a suggestion of a way this might be made to work,
under current and existing laws. I hope proposal is receiving
proper consideration.

==========================================================================

I don't know how Worldnet treats news. If you are currently
looking at all of this spam, they neither filter spam nor process
cyberspam cancels. You may want to consider moving to a provider
who feels you're paying to read news, rather than paying for the
privilege of wading through tens of thousands of mind-numbingly
repetitive posts. Another option to consider is keeping your
current account and subscribing to a premium news service you know
offers filtered news on spool, such as Supernews/RemarQ or
Newsguy.

HTH.

- --
David Ritz <dr...@primenet.com>

"The Zen nature of a spammer resembles a cockroach,
except that the cockroach is higher up on the evolutionary chain."
- Peter Olson, Delphi Information Engineer; 27-AUG-1998

-----BEGIN PGP SIGNATURE-----
Version: PGP Personal Privacy 6.5.2
Comment: Finger:dr...@primenet.com for public keys

iQCVAwUBOTlz0NzLrWGabIhRAQGMVQQAlWeX9Es85mukr827Rg2itlkVRGjlybEG
pLJNVwi+946268oDzrYsCnxSvzEwK1umKAPRW0/B8xOR1601Mq/Bec7DxMJjoFlO
Dy3YCb/9+majzslWriDEnrncpDNZX7oGKqfBbhhek/uaBwCfMc1f0ejsUlz/ng8f
l7TmO4g/mLs=
=0wBi
-----END PGP SIGNATURE-----

Peabody

unread,

Jun 4, 2000, 3:00:00 AM6/4/00

to

In article <tkrijsc9351q31oka...@wheels.wheels>,
spayan...@mailandnews.com says...

>Stop reading those nasty adult news groups, you pervert.

Damn! You promised you wouldn't tell!

Peabody

unread,

Jun 4, 2000, 3:00:00 AM6/4/00

to

In article <Pine.BSI.3.96.1000603123630.21782A-100000@usr01
.primenet.com>, dr...@primenet.com says...

WB> I'm a total novice at all this, so, having read

WB> through the first responses to my original message,
WB> I'm left with the sense that I didn't get a prognosis
WB> on this case - whether it's possible to shut this guy
WB> down or not. Is there something I need to do
WB> specifically to accomplish that? Are there internet

WB> gods out there somewhere who know what to do? How do

WB> we actually get this done?

> You really shouldn't feel that you've been ignored or
> left out in the cold. While the responses you received
> might not be quite what you were expecting, I'd hope you
> got the feeling that others were very aware of what was
> happening.

Yes, but I guess I was hoping I would find a magic bullet. I
see now that it doesn't work that way. But thanks for
responding. You said what I needed to hear. A couple
specifics:

> You don't need to send them a complaint for each of the
> hundreds of articles appearing in whatever newsgroup
> you're reading. A couple of sample articles with full
> headers really is enough.

And if I were to forward copies of a few hundred of them to
psi, just to get their attention, would that be considered
abuse?

> I don't know how Worldnet treats news. If you are
> currently looking at all of this spam, they neither
> filter spam nor process cyberspam cancels. You may want
> to consider moving to a provider who feels you're paying
> to read news, rather than paying for the privilege of
> wading through tens of thousands of mind-numbingly
> repetitive posts. Another option to consider is keeping
> your current account and subscribing to a premium news
> service you know offers filtered news on spool, such as
> Supernews/RemarQ or Newsguy.

Worldnet DOES process cancels, or at least they say they do.
To your knowledge is this spam being cancelled now by some
bot? If so, is there some information about that that I
could pass on to the Worldnet people?

Thanks again for your reply.

David Ritz

unread,

Jun 4, 2000, 3:00:00 AM6/4/00

to

-----BEGIN PGP SIGNED MESSAGE-----

On Sun, 4 Jun 2000 16:59:30 GMT, in article <SVv_4.2836$2b4.2...@bgtnsc06-news.ops.worldnet.att.net>, "Peabody" == Peabody <waybackN...@excite.com> wrote:

Peabody> In article <Pine.BSI.3.96.1000603123630.21782A-100000@usr01
Peabody> .primenet.com>, dr...@primenet.com says...

>> You really shouldn't feel that you've been ignored or left out
>> in the cold. While the responses you received might not be
>> quite what you were expecting, I'd hope you got the feeling
>> that others were very aware of what was happening.

Peabody> Yes, but I guess I was hoping I would find a magic bullet.

We're all looking for magic bullets (or silver bullets or wooden
stakes).

Peabody> I see now that it doesn't work that way. But thanks for
Peabody> responding. You said what I needed to hear. A couple
Peabody> specifics:

>> You don't need to send them a complaint for each of the
>> hundreds of articles appearing in whatever newsgroup you're
>> reading. A couple of sample articles with full headers really
>> is enough.

Peabody> And if I were to forward copies of a few hundred of them to
Peabody> psi, just to get their attention, would that be considered
Peabody> abuse?

Not only would it be abusive, it would be counter productive, as
its going to additionally swamp an abuse desk that's already
overwhelmed and under staffed. By flooding complaints, its only
going to slow down PSINet's ability to properly research the
situation and take action.

Yes, what's going on is egregious and should demand top priority,
but its going to be handled just as any other abuse incident. They
all get attended to, though its never fast enough to meet one's
desire.

>> I don't know how Worldnet treats news. If you are currently
>> looking at all of this spam, they neither filter spam nor
>> process cyberspam cancels.

Peabody> Worldnet DOES process cancels, or at least they say they do.
Peabody> To your knowledge is this spam being cancelled now by some
Peabody> bot? If so, is there some information about that that I
Peabody> could pass on to the Worldnet people?

On Wednesday, 31 May 2000, when I first noticed what was happening,
very little of this spew was being nailed by the spam cancellers.
The following statistics come from Andrew Gierth's daily
"Cancelled Spam Statistics", which you can find in
news.admin.net-abuse.bulletins.

Spam Cancel Statistics for 31 May 2000
Top Spam Sources by Path Tail: (total 80133)
3982 psinr!interramp!*

Spam Cancel Statistics for 01 Jun 2000
Top Spam Sources by Path Tail: (total 84084)
6477 psinr!interramp!*

At this point, targetting seems to have improved, considerably.

Spam Cancel Statistics for 02 Jun 2000
Top Spam Sources by Path Tail: (total 94478)
20185 psinr!interramp!*

Spam Cancel Statistics for 03 Jun 2000
Top Spam Sources by Path Tail: (total 90457)
31666 psinr!interramp!*

It looks to me as though some of these putrid pink pork patties are
still getting out under the radar, but the percentage has dropped
dramatically. On 03 June 2000, 43,459 of these items were
received at the monitoring site, indicating that at least 73% of
them have cyberspam cancels issued against them.

The cancel statistics cover only alt.* and the Big-8. I haven't
tried doing a breakdown by newsgroup, to see how many items are
being posted outside monitored hierarchies.

Some of these differences may be attributed to where the monitoring
is taking place. Here are the stats from the "Top 100 Sites
identified by Ultra/Spam Hippo Despam", which also appear in
nana.bulletins.

}Ultra Hippo - Top 100 Spam News Sites - 5/31/2000
}These listings are hyperlinked for spam detail at http://www.spamhippo.com
} Total Spam %Spam KBytes
} 1 interramp 22285 14145 63 14854

}Ultra Hippo - Top 100 Spam News Sites - 6/1/2000
}These listings are hyperlinked for spam detail at http://www.spamhippo.com
} Total Spam %Spam KBytes
} 1 interramp 24404 24160 99 25091

}Ultra Hippo - Top 100 Spam News Sites - 6/2/2000
}These listings are hyperlinked for spam detail at http://www.spamhippo.com
} Total Spam %Spam KBytes
} 1 interramp 16349 16121 99 17205

}Ultra Hippo - Top 100 Spam News Sites - 6/3/2000
}These listings are hyperlinked for spam detail at http://www.spamhippo.com
} Total Spam %Spam KBytes
} 1 interramp 23439 23151 99 24883

As to your question about who is tagging this particular spam, most
of it seems as though its being picked up by Howard Knight and
Andrew Gierth's Annihilator.

} Path: ...!feedwest.news.agis.net!agis!newsfeed.direct.ca!news.noc.caba
+ l.int!cyberspam!not-for-mail
} From: how...@primenet.com
} Organization: Nuke a Spammer for Doug Mackall
} Newsgroups: alt.binaries.pictures.erotic.centerfolds
} Subject: cmsg cancel <L4k...@hjyu76.ja>
} Date: 3 Jun 2000 20:57:10 GMT
} Control: cancel <L4k...@hjyu76.ja>
} Message-ID: <cancel....@hjyu76.ja>
} Sender: paige
} X-Cancelled-By: how...@primenet.com
} X-No-Archive: Yes
} Approved: y
} X-Original-Path: colby.direct.ca!newsfeed.direct.ca!europa.netcrusader
+ .net!208.184.7.66!newsfeed.skycache.com!Cidera!152.163.239.131!portc
+ 03.blue.aol.com!peerfeed.news.psi.net!psinr!interramp!not-for-mail
} X-Original-NNTP-Posting-Host: 38.11.190.118
} X-Original-Subject: the teacher and the models
} X-Original-Date: 3 Jun 2000 13:48:48 GMT
} X-Original-From: pa...@hjyu76.ja (Paige Vilaggio)
} X-Original-X-Trace: interramp 960065176 38.11.190.118 (Sat, 03 Jun 200
+ 0 16:46:16 EDT)
} X-Cancel-ID: =Q>]K"Y!Y1R<(M'JL,,C,*='[=Q><15,S%(!&N#S4V#7=QT,CJ%%?/R"
} X-Spammer-Code: benson
} Lines: 1
}
} Spam cancelled. Autocancel spam type: benson

} Path: ...!su-news-hub1.bbnplanet.com!news.gtei.net!logbridge.uoregon.e
+ du!news-in.riddles.org.uk!news.noc.cabal.int!news-out.riddles.org.uk
+ !annihilator!cyberspam!not-for-mail
} Newsgroups: alt.binaries.pictures.erotic.centerfolds
} Subject: cmsg cancel <ONo...@67yuhjnm.us.ca> ignore no reply
} Control: cancel <ONo...@67yuhjnm.us.ca>
} Message-ID: <cancel....@67yuhjnm.us.ca>
} Date: Sun, 04 Jun 2000 20:23:21 +0000
} Sender: kelly
} From: and...@erlenstar.demon.co.uk
} Organization: Annihilator v0.3
} Approved: y
} X-Cancelled-By: and...@erlenstar.demon.co.uk
} X-No-Archive: yes
} X-Original-Path: ...!hermes.visi.com!news-out.visi.com!europa.netcrusa
+ der.net!152.163.239.131!portc03.blue.aol.com!peerfeed.news.psi.net!p
+ sinr!interramp!not-for-mail
} X-Original-From: ke...@67yuhjnm.us.ca (Kelly Ranger)
} X-Original-NNTP-Posting-Host: 38.11.190.56
} X-Original-Subject: Hidden camera pics of the hot next door!
} X-Original-Date: 4 Jun 2000 13:19:55 GMT
} X-Original-X-Trace: interramp 960149945 38.11.190.56 (Sun, 04 Jun 2000
+ 16:19:05 EDT)
} X-Original-NNTP-Posting-Date: Sun, 04 Jun 2000 16:19:05 EDT
} X-Cancel-ID: 8_VI,<O>:@B"#NG>/5`72),MV6'[#IHXLCX9#FV`1WC#70F1*S[*:.)N
} Lines: 1
}
} Spam (EMP) cancelled - type=KWBOT2
}
} Cancel ID: 8_VI,<O>:@B"#NG>/5`72),MV6'[#IHXLCX9#FV`1WC#70F1*S[*:.)N

Peabody> Thanks again for your reply.

No worries, mate.

So far as your being a novice is concerned, we all start out that
way.

Thanks for asking a question pertaining to net-abuse. Its gotten
to be far too rare an occurrence in these parts.

- --
David Ritz <dr...@primenet.com>

"My life has been one long descent into respectability."
- Mandy Rice-Davies (b. 1944)

-----BEGIN PGP SIGNATURE-----
Version: PGP Personal Privacy 6.5.2
Comment: Finger:dr...@primenet.com for public keys

iQCVAwUBOTsB0NzLrWGabIhRAQFQMAP+J+r3/tcIrGLFVQVocPGEqb+k8P7pG/TN
+V6lL1y0a5/oOAiJzsSoPI4DT1bcRmys5kIsm5QUh+SRsrPCH4FTb6EzgawLwYfb
o4uUnJ78d9768pn2VMFh4a1m+WZeJ2Ypmtq72V4KHoPwM4uy3OaVk2qClT2ubEDa
qZlJVugvIlA=
=Lr3Z
-----END PGP SIGNATURE-----

Anon

unread,

Jun 4, 2000, 3:00:00 AM6/4/00

to

skynet.be!nntp.primenet.com!nntp.gctr.net!news.primenet.com!usr01.primenet.com!dritz

EVERYONE KNOWS DAVID RITZ IS BEING SUED FOR BEING
A NET STALKER AND CHRONICALLY OBCESSIVE HARASSMENT.
IMHO DAVID RITZ IS A MARXIST MONKEY LOAD

YOU CAN HAVE YOUR OWN CANCELBOT AND ENJOY CENSORSHIP
CABAL MEMBERS ENJOY. YOU ARE GUARANTEED TO THE RIGHT
TO POST TO USENET WITH IT. CABALITES CAN CANCEL YOU
ONLY TO HAVE YOUR POST RESURRECTED SECONDS LATER.

YOU MAY SELECT YOUR OWN NEWSGROUPS AND PLACE ANY CABAL
MEMBER ON 24/7 AUTOCANCEL. OR CHOOSE SUPERCEDE AND WATCH
THEM JUMP UP AND DOWN ABOUT THE INTERNET THEY DO NOT OWN.

Go to: http://www.howardknight.net/hipcrime
or: http://www.howardknight.net/hipcrime

Howard 'Not a HipClone' Knight

unread,

Jun 6, 2000, 3:00:00 AM6/6/00

to

Sorry to follow up to my own post here, but I was finally able to find
my "benson" email folder. Here are two particularly interesting URLs
regarding Benson's dealings with Canter & Seigel:

<http://www.antipope.org/charlie/nonfiction/journalism/spam.html>
<http://www.kkc.net/cs/benson.txt>

Benson, the hypocritical little weasel, and crew are pumping out 20,000
to 30,000 post per day from PSI/Interramp! Time to UDP Interramp?

Howard

Howard 'Not a HipClone' Knight (how...@primenet.com) writes:

Edward A. Falk

unread,

Jun 23, 2000, 3:00:00 AM6/23/00

to

In article <8hah05$buj$1...@nnrp02.primenet.com>,

Howard 'Not a HipClone' Knight <how...@primenet.com> wrote:
>
>Indeed, Leigh Benson wrote the first spamware program (aka spambot).
>As Lysander Spooner would say, "I'm not making this shit up!" Canter &
>Seigel hired Benson to write their spambot. After the scandal broke out,
>Benson would tell the press that he had broken ties with Canter & Seigal,
>and would not condone behavior that, "hurts the net".

Rule #1. Classic first-stage chickenboner -- "Who, little ol' me?"

--
-ed falk, fa...@falconer.vip.best.com. See *********************#*************#*
http://www.rahul.net/falk/whatToDo.html #**************F******!******!*!!****
and read 12 Simple Things You Can Do ******!***************************#**
to Save the Internet **#******#*********!**WW*W**WW****