info
Google Groups no longer supports new Usenet posts or subscriptions. Historical content remains viewable.
Dismiss
Thanks neodome
18 views
Skip to first unread message
Adam H. Kerman
Mar 30, 2021, 10:27:11 PM3/30/21
to
We're in the midst of a hipclone attack through your server. I've seen
1000 articles thus far, and it's still ongoing.
Could you LART this shithead?
1000 articles thus far, and it's still ongoing.
Could you LART this shithead?
Anton Shepelev
Mar 31, 2021, 10:24:56 AM3/31/21
to
Adam H. Kerman:
Shall we assume you have already reported this at the
address ab...@neodome.net, as specified on
http://neodome.net/ ?
--
() ascii ribbon campaign - against html e-mail
/\ http://preview.tinyurl.com/qcy6mjc [archived]
address ab...@neodome.net, as specified on
http://neodome.net/ ?
--
() ascii ribbon campaign - against html e-mail
/\ http://preview.tinyurl.com/qcy6mjc [archived]
Adam H. Kerman
Mar 31, 2021, 11:42:46 AM3/31/21
to
Anton Shepelev <anton.txt@g{oogle}mail.com> wrote:
>Adam H. Kerman:
>>We're in the midst of a hipclone attack through your
>>server. I've seen 1000 articles thus far, and it's still
>>ongoing.
>>Could you LART this shithead?
>Shall we assume you have already reported this at the
>address ab...@neodome.net, as specified on
>http://neodome.net/ ?
What's the point? You think the News administrator of Neodome doesn't
>Adam H. Kerman:
>>We're in the midst of a hipclone attack through your
>>server. I've seen 1000 articles thus far, and it's still
>>ongoing.
>>Could you LART this shithead?
>Shall we assume you have already reported this at the
>address ab...@neodome.net, as specified on
>http://neodome.net/ ?
check his logs regularly?
I'm just expressing frustration here.
Anton Shepelev
Mar 31, 2021, 12:08:43 PM3/31/21
to
Adam Kerman:
> Anton Shepelev:
why they provde a special address for abuse reports. In my
experice with several other servers, abuse reports are
quickly acted upon.
> Anton Shepelev:
>
> > Shall we assume you have already reported this at the
> > address ab...@neodome.net, as specified on
> > http://neodome.net/ ?
>
> What's the point? You think the News administrator of
> Neodome doesn't check his logs regularly?
No, he may not be reading them from cover to cover, which is
> > Shall we assume you have already reported this at the
> > address ab...@neodome.net, as specified on
> > http://neodome.net/ ?
>
> What's the point? You think the News administrator of
> Neodome doesn't check his logs regularly?
why they provde a special address for abuse reports. In my
experice with several other servers, abuse reports are
quickly acted upon.
The Doctor
Mar 31, 2021, 12:49:34 PM3/31/21
to
so we can drop this cretin!
--
Member - Liberal International This is doctor@@nl2k.ab.ca Ici doctor@@nl2k.ab.ca
Yahweh, Queen & country!Never Satan President Republic!Beware AntiChrist rising!
Look at Psalms 14 and 53 on Atheism https://www.empire.kred/ROOTNK?t=94a1f39b
We cannot change human failings by ridding ourselves of machines. -unknown
Adam H. Kerman
Mar 31, 2021, 2:38:14 PM3/31/21
to
Anton Shepelev <anton.txt@g{oogle}mail.com> wrote:
>Adam Kerman:
>>Anton Shepelev:
>>>Shall we assume you have already reported this at the
>>>address ab...@neodome.net, as specified on
>>>http://neodome.net/ ?
>>What's the point? You think the News administrator of
>>Neodome doesn't check his logs regularly?
>No, he may not be reading them from cover to cover,
Without introducing exaggeration into this discussion:
>>Anton Shepelev:
>>>Shall we assume you have already reported this at the
>>>address ab...@neodome.net, as specified on
>>>http://neodome.net/ ?
>>What's the point? You think the News administrator of
>>Neodome doesn't check his logs regularly?
>No, he may not be reading them from cover to cover,
A quick glance at the server logs without reading cover-to-cover will
provide evidence of Neodome being used as a relay for the attack.
Eric@
Mar 31, 2021, 3:51:50 PM3/31/21
to
Adam H. Kerman wrote...
Does anyone actually know who/where the Neodome admin is? BTW I haven't had
any response to previous (recent) complaints to their abuse email addy.
any response to previous (recent) complaints to their abuse email addy.
David Ritz
Mar 31, 2021, 4:52:00 PM3/31/21
to
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
On Wednesday, 31 March 2021 02:27 -0000,
in article <s40mlt$qe0$2...@dont-email.me>,
propagating from neodome.net, they are running a wide open NNTP
server, which is specifically designed to accept connections via Tor
and I2P anonymous networks. What could possibly go wrong?
> Could you LART this shithead?
Judging by the handful of messages I've seem, in news.software.*, from
Neodome Admin <ad...@neodome.net>, they're quite pleased with their
intentionally designed for net-abuse facilitation service.
Spot checks show a few upstream feeds. If you are not getting any
traction via the channel provided, <ab...@neodome.net>, contacting
their feeds would seem appropriate.
So far as filtering, those reading from servers running INN should be
able to filter based any consistent header provided, as this software
allows pattern matching on any header. In this instance, the
Injection-Info header appears to be static, although it was not in the
past. Even so, the beginning of the header has remained consistent.
$ telnet news.mixmin.net nntp
Trying 144.76.182.167...
Connected to news.mixmin.net.
Escape character is '^]'.
200 news.mixmin.net InterNetNews NNRP server INN 2.7.0 (20200329 prerelease) ready (posting ok)
GROUP or.politics
211 13236 621506 644664 or.politics
XPAT INJECTION-INFO 644600-644664 neodome.net;*
221 Header information for INJECTION-INFO follows (from articles)
644601 neodome.net; mail-complaints-to="ab...@neodome.net"
644604 neodome.net; mail-complaints-to="ab...@neodome.net"
644632 neodome.net; mail-complaints-to="ab...@neodome.net"
644635 neodome.net; mail-complaints-to="ab...@neodome.net"
644636 neodome.net; mail-complaints-to="ab...@neodome.net"
644637 neodome.net; mail-complaints-to="ab...@neodome.net"
644645 neodome.net; mail-complaints-to="ab...@neodome.net"
644646 neodome.net; mail-complaints-to="ab...@neodome.net"
644647 neodome.net; mail-complaints-to="ab...@neodome.net"
644648 neodome.net; mail-complaints-to="ab...@neodome.net"
644649 neodome.net; mail-complaints-to="ab...@neodome.net"
644650 neodome.net; mail-complaints-to="ab...@neodome.net"
644651 neodome.net; mail-complaints-to="ab...@neodome.net"
644652 neodome.net; mail-complaints-to="ab...@neodome.net"
644653 neodome.net; mail-complaints-to="ab...@neodome.net"
644654 neodome.net; mail-complaints-to="ab...@neodome.net"
644655 neodome.net; mail-complaints-to="ab...@neodome.net"
.
This header will only appear in articles posted to neodome.net.
The only other header providing a degree of stability is in the Path
statement.
XPAT PATH 644600-644664 *\!news.neodome.net\!*
221 Header information for PATH follows (from articles)
644601 news.mixmin.net!news.neodome.net!.POSTED!not-for-mail
644604 news.mixmin.net!news.neodome.net!.POSTED!not-for-mail
644632 news.mixmin.net!news.neodome.net!.POSTED!not-for-mail
644635 news.mixmin.net!news.neodome.net!.POSTED!not-for-mail
644636 news.mixmin.net!news.neodome.net!.POSTED!not-for-mail
644637 news.mixmin.net!news.neodome.net!.POSTED!not-for-mail
644645 news.mixmin.net!news.neodome.net!.POSTED!not-for-mail
644646 news.mixmin.net!news.neodome.net!.POSTED!not-for-mail
644647 news.mixmin.net!news.neodome.net!.POSTED!not-for-mail
644648 news.mixmin.net!news.neodome.net!.POSTED!not-for-mail
644649 news.mixmin.net!news.neodome.net!.POSTED!not-for-mail
644650 news.mixmin.net!news.neodome.net!.POSTED!not-for-mail
644651 news.mixmin.net!news.neodome.net!.POSTED!not-for-mail
644652 news.mixmin.net!news.neodome.net!.POSTED!not-for-mail
644653 news.mixmin.net!news.neodome.net!.POSTED!not-for-mail
644654 news.mixmin.net!news.neodome.net!.POSTED!not-for-mail
644655 news.mixmin.net!news.neodome.net!.POSTED!not-for-mail
.
The entire Path tail may be a suitable definition, as it includes only
articles posted to this outfit, without prejudicing anything which
might transit through it.
XPAT PATH 644600-644664 *\!news.neodome.net\!.POSTED\!not-for-mail
221 Header information for PATH follows (from articles)
644601 news.mixmin.net!news.neodome.net!.POSTED!not-for-mail
644604 news.mixmin.net!news.neodome.net!.POSTED!not-for-mail
644632 news.mixmin.net!news.neodome.net!.POSTED!not-for-mail
644635 news.mixmin.net!news.neodome.net!.POSTED!not-for-mail
644636 news.mixmin.net!news.neodome.net!.POSTED!not-for-mail
644637 news.mixmin.net!news.neodome.net!.POSTED!not-for-mail
644645 news.mixmin.net!news.neodome.net!.POSTED!not-for-mail
644646 news.mixmin.net!news.neodome.net!.POSTED!not-for-mail
644647 news.mixmin.net!news.neodome.net!.POSTED!not-for-mail
644648 news.mixmin.net!news.neodome.net!.POSTED!not-for-mail
644649 news.mixmin.net!news.neodome.net!.POSTED!not-for-mail
644650 news.mixmin.net!news.neodome.net!.POSTED!not-for-mail
644651 news.mixmin.net!news.neodome.net!.POSTED!not-for-mail
644652 news.mixmin.net!news.neodome.net!.POSTED!not-for-mail
644653 news.mixmin.net!news.neodome.net!.POSTED!not-for-mail
644654 news.mixmin.net!news.neodome.net!.POSTED!not-for-mail
644655 news.mixmin.net!news.neodome.net!.POSTED!not-for-mail
.
For those dealing with servers which do not allow XPAT, filtering
based on the count of colons (":") in the Xref header, provided in the
overview (XOVER or OVER) may provide some relief, in limiting the
number of groups to which articles have been cross-posted. It does
not, however, specify the target.
OVER 644654-644655
224 Overview information for 644654-644655 follows
644654 BREAKING NEWS: Uncontrollable Rightist Outrage As Trump Dead - Expect Riots, Gun Play, Fat Old Men Dying of Heart Attacks BTR1701 <532...@gmail.com> Wed, 31 Mar 2021 01:27:35 -0000 (UTC) <s40j67$1rir$1...@neodome.net> 1531 7 Xref: news.mixmin.net alt.fan.rush-limbaugh:3076888 alt.politics.trump:126784 alt.tv.pol-incorrect:41726 rec.arts.tv:1803304 talk.politics.guns:1549731 talk.politics.misc:1527646 soc.retirement:963765 uk.politics.misc:1355496 alt.global-warming:869302 alt.atheism:3902767 alt.conspiracy:542798 alt.politics.democrats.d:276268 or.politics:644654 can.politics:854925
644655 Re: Please, don't sign the petition BTR1701 <s...@gmail.com> Wed, 31 Mar 2021 01:27:53 -0000 (UTC) <s40j6p$1rir$2...@neodome.net> <f3o62g1li1sljag82...@4ax.com> <s009up$srj$2...@gioia.aioe.org> <s0321r$1nfq$2...@gioia.aioe.org> 4434 94 Xref: news.mixmin.net alt.fan.rush-limbaugh:3076889 alt.politics.trump:126785 alt.tv.pol-incorrect:41727 rec.arts.tv:1803305 talk.politics.guns:1549732 talk.politics.misc:1527647 soc.retirement:963766 uk.politics.misc:1355497 alt.global-warming:869303 alt.atheism:3902768 alt.conspiracy:542799 alt.politics.democrats.d:276269 or.politics:644655 can.politics:854926
.
HEAD 644655
221 644655 <s40j6p$1rir$2...@neodome.net> head
Path: news.mixmin.net!news.neodome.net!.POSTED!not-for-mail
From: BTR1701 <s...@gmail.com>
Newsgroups: alt.fan.rush-limbaugh,alt.politics,alt.politics.trump,alt.tv.pol-incorrect,rec.arts.tv,talk.politics.guns,talk.politics.misc,soc.retirement,uk.politics.misc,alt.global-warming,alt.atheism,alt.conspiracy,alt.politics.democrats.d,or.politics,can.politics
Subject: Re: Please, don't sign the petition
Followup-To: alt.fan.rush-limbaugh
Date: Wed, 31 Mar 2021 01:27:53 -0000 (UTC)
Organization: ea
Message-ID: <s40j6p$1rir$2...@neodome.net>
References: <f3o62g1li1sljag82...@4ax.com> <s009up$srj$2...@gioia.aioe.org> <s0321r$1nfq$2...@gioia.aioe.org>
Injection-Date: Wed, 31 Mar 2021 01:27:53 -0000 (UTC)
Injection-Info: neodome.net; mail-complaints-to="ab...@neodome.net"
User-Agent: Xnews/2006.08.05
Xref: news.mixmin.net alt.fan.rush-limbaugh:3076889 alt.politics.trump:126785 alt.tv.pol-incorrect:41727 rec.arts.tv:1803305 talk.politics.guns:1549732 talk.politics.misc:1527647 soc.retirement:963766 uk.politics.misc:1355497 alt.global-warming:869303 alt.atheism:3902768 alt.conspiracy:542799 alt.politics.democrats.d:276269 or.politics:644655 can.politics:854926
.
For those using newsreaders which are designed to filter based on the
email addresses shown in the From headers, ...
XHDR FROM 644647-644655
221 Header or metadata information for FROM follows (from overview)
644647 BTR1701 <G...@inbox1.com>
644648 BTR1701 <fd...@gmail.com>
644649 BTR1701 <55...@gmail.com>
644650 BTR1701 <fds...@gmail.com>
644651 BTR1701 <BTR1...@jam.rr.com>
644652 BTR1701 <j...@gmail.com>
644653 BTR1701 <534...@gmail.com>
644654 BTR1701 <532...@gmail.com>
644655 BTR1701 <s...@gmail.com>
.
QUIT
205 Bye!
Connection closed by foreign host.
Personally, I would recommend anvils from low earth orbit.
- --
David Ritz <dr...@mindspring.com>
"There is nothing worse than having a spare couple of hours and you
can't find an open server to abuse." - Tim Thorne - 26 Dec 1998
-----BEGIN PGP SIGNATURE-----
iF0EARECAB0WIQSc0FU3XAVGYDjSGUhSvCmZGhLe6wUCYGTg0wAKCRBSvCmZGhLe
6znvAJ9jRRMlAib5xp9td4NOLNVb+7tv2wCg3jxQDMGG4lkvfF8OTABA85LPVIM=
=033L
-----END PGP SIGNATURE-----
Hash: SHA1
On Wednesday, 31 March 2021 02:27 -0000,
in article <s40mlt$qe0$2...@dont-email.me>,
> We're in the midst of a hipclone attack through your server. I've
> seen 1000 articles thus far, and it's still ongoing.
As I noted, with respect to the forgeries of Archimedes Plutonium
> seen 1000 articles thus far, and it's still ongoing.
propagating from neodome.net, they are running a wide open NNTP
server, which is specifically designed to accept connections via Tor
and I2P anonymous networks. What could possibly go wrong?
> Could you LART this shithead?
Neodome Admin <ad...@neodome.net>, they're quite pleased with their
intentionally designed for net-abuse facilitation service.
Spot checks show a few upstream feeds. If you are not getting any
traction via the channel provided, <ab...@neodome.net>, contacting
their feeds would seem appropriate.
So far as filtering, those reading from servers running INN should be
able to filter based any consistent header provided, as this software
allows pattern matching on any header. In this instance, the
Injection-Info header appears to be static, although it was not in the
past. Even so, the beginning of the header has remained consistent.
$ telnet news.mixmin.net nntp
Trying 144.76.182.167...
Connected to news.mixmin.net.
Escape character is '^]'.
200 news.mixmin.net InterNetNews NNRP server INN 2.7.0 (20200329 prerelease) ready (posting ok)
GROUP or.politics
211 13236 621506 644664 or.politics
XPAT INJECTION-INFO 644600-644664 neodome.net;*
221 Header information for INJECTION-INFO follows (from articles)
644601 neodome.net; mail-complaints-to="ab...@neodome.net"
644604 neodome.net; mail-complaints-to="ab...@neodome.net"
644632 neodome.net; mail-complaints-to="ab...@neodome.net"
644635 neodome.net; mail-complaints-to="ab...@neodome.net"
644636 neodome.net; mail-complaints-to="ab...@neodome.net"
644637 neodome.net; mail-complaints-to="ab...@neodome.net"
644645 neodome.net; mail-complaints-to="ab...@neodome.net"
644646 neodome.net; mail-complaints-to="ab...@neodome.net"
644647 neodome.net; mail-complaints-to="ab...@neodome.net"
644648 neodome.net; mail-complaints-to="ab...@neodome.net"
644649 neodome.net; mail-complaints-to="ab...@neodome.net"
644650 neodome.net; mail-complaints-to="ab...@neodome.net"
644651 neodome.net; mail-complaints-to="ab...@neodome.net"
644652 neodome.net; mail-complaints-to="ab...@neodome.net"
644653 neodome.net; mail-complaints-to="ab...@neodome.net"
644654 neodome.net; mail-complaints-to="ab...@neodome.net"
644655 neodome.net; mail-complaints-to="ab...@neodome.net"
.
This header will only appear in articles posted to neodome.net.
The only other header providing a degree of stability is in the Path
statement.
XPAT PATH 644600-644664 *\!news.neodome.net\!*
221 Header information for PATH follows (from articles)
644601 news.mixmin.net!news.neodome.net!.POSTED!not-for-mail
644604 news.mixmin.net!news.neodome.net!.POSTED!not-for-mail
644632 news.mixmin.net!news.neodome.net!.POSTED!not-for-mail
644635 news.mixmin.net!news.neodome.net!.POSTED!not-for-mail
644636 news.mixmin.net!news.neodome.net!.POSTED!not-for-mail
644637 news.mixmin.net!news.neodome.net!.POSTED!not-for-mail
644645 news.mixmin.net!news.neodome.net!.POSTED!not-for-mail
644646 news.mixmin.net!news.neodome.net!.POSTED!not-for-mail
644647 news.mixmin.net!news.neodome.net!.POSTED!not-for-mail
644648 news.mixmin.net!news.neodome.net!.POSTED!not-for-mail
644649 news.mixmin.net!news.neodome.net!.POSTED!not-for-mail
644650 news.mixmin.net!news.neodome.net!.POSTED!not-for-mail
644651 news.mixmin.net!news.neodome.net!.POSTED!not-for-mail
644652 news.mixmin.net!news.neodome.net!.POSTED!not-for-mail
644653 news.mixmin.net!news.neodome.net!.POSTED!not-for-mail
644654 news.mixmin.net!news.neodome.net!.POSTED!not-for-mail
644655 news.mixmin.net!news.neodome.net!.POSTED!not-for-mail
.
The entire Path tail may be a suitable definition, as it includes only
articles posted to this outfit, without prejudicing anything which
might transit through it.
XPAT PATH 644600-644664 *\!news.neodome.net\!.POSTED\!not-for-mail
221 Header information for PATH follows (from articles)
644601 news.mixmin.net!news.neodome.net!.POSTED!not-for-mail
644604 news.mixmin.net!news.neodome.net!.POSTED!not-for-mail
644632 news.mixmin.net!news.neodome.net!.POSTED!not-for-mail
644635 news.mixmin.net!news.neodome.net!.POSTED!not-for-mail
644636 news.mixmin.net!news.neodome.net!.POSTED!not-for-mail
644637 news.mixmin.net!news.neodome.net!.POSTED!not-for-mail
644645 news.mixmin.net!news.neodome.net!.POSTED!not-for-mail
644646 news.mixmin.net!news.neodome.net!.POSTED!not-for-mail
644647 news.mixmin.net!news.neodome.net!.POSTED!not-for-mail
644648 news.mixmin.net!news.neodome.net!.POSTED!not-for-mail
644649 news.mixmin.net!news.neodome.net!.POSTED!not-for-mail
644650 news.mixmin.net!news.neodome.net!.POSTED!not-for-mail
644651 news.mixmin.net!news.neodome.net!.POSTED!not-for-mail
644652 news.mixmin.net!news.neodome.net!.POSTED!not-for-mail
644653 news.mixmin.net!news.neodome.net!.POSTED!not-for-mail
644654 news.mixmin.net!news.neodome.net!.POSTED!not-for-mail
644655 news.mixmin.net!news.neodome.net!.POSTED!not-for-mail
.
For those dealing with servers which do not allow XPAT, filtering
based on the count of colons (":") in the Xref header, provided in the
overview (XOVER or OVER) may provide some relief, in limiting the
number of groups to which articles have been cross-posted. It does
not, however, specify the target.
OVER 644654-644655
224 Overview information for 644654-644655 follows
644654 BREAKING NEWS: Uncontrollable Rightist Outrage As Trump Dead - Expect Riots, Gun Play, Fat Old Men Dying of Heart Attacks BTR1701 <532...@gmail.com> Wed, 31 Mar 2021 01:27:35 -0000 (UTC) <s40j67$1rir$1...@neodome.net> 1531 7 Xref: news.mixmin.net alt.fan.rush-limbaugh:3076888 alt.politics.trump:126784 alt.tv.pol-incorrect:41726 rec.arts.tv:1803304 talk.politics.guns:1549731 talk.politics.misc:1527646 soc.retirement:963765 uk.politics.misc:1355496 alt.global-warming:869302 alt.atheism:3902767 alt.conspiracy:542798 alt.politics.democrats.d:276268 or.politics:644654 can.politics:854925
644655 Re: Please, don't sign the petition BTR1701 <s...@gmail.com> Wed, 31 Mar 2021 01:27:53 -0000 (UTC) <s40j6p$1rir$2...@neodome.net> <f3o62g1li1sljag82...@4ax.com> <s009up$srj$2...@gioia.aioe.org> <s0321r$1nfq$2...@gioia.aioe.org> 4434 94 Xref: news.mixmin.net alt.fan.rush-limbaugh:3076889 alt.politics.trump:126785 alt.tv.pol-incorrect:41727 rec.arts.tv:1803305 talk.politics.guns:1549732 talk.politics.misc:1527647 soc.retirement:963766 uk.politics.misc:1355497 alt.global-warming:869303 alt.atheism:3902768 alt.conspiracy:542799 alt.politics.democrats.d:276269 or.politics:644655 can.politics:854926
.
HEAD 644655
221 644655 <s40j6p$1rir$2...@neodome.net> head
Path: news.mixmin.net!news.neodome.net!.POSTED!not-for-mail
From: BTR1701 <s...@gmail.com>
Newsgroups: alt.fan.rush-limbaugh,alt.politics,alt.politics.trump,alt.tv.pol-incorrect,rec.arts.tv,talk.politics.guns,talk.politics.misc,soc.retirement,uk.politics.misc,alt.global-warming,alt.atheism,alt.conspiracy,alt.politics.democrats.d,or.politics,can.politics
Subject: Re: Please, don't sign the petition
Followup-To: alt.fan.rush-limbaugh
Date: Wed, 31 Mar 2021 01:27:53 -0000 (UTC)
Organization: ea
Message-ID: <s40j6p$1rir$2...@neodome.net>
References: <f3o62g1li1sljag82...@4ax.com> <s009up$srj$2...@gioia.aioe.org> <s0321r$1nfq$2...@gioia.aioe.org>
Injection-Date: Wed, 31 Mar 2021 01:27:53 -0000 (UTC)
Injection-Info: neodome.net; mail-complaints-to="ab...@neodome.net"
User-Agent: Xnews/2006.08.05
Xref: news.mixmin.net alt.fan.rush-limbaugh:3076889 alt.politics.trump:126785 alt.tv.pol-incorrect:41727 rec.arts.tv:1803305 talk.politics.guns:1549732 talk.politics.misc:1527647 soc.retirement:963766 uk.politics.misc:1355497 alt.global-warming:869303 alt.atheism:3902768 alt.conspiracy:542799 alt.politics.democrats.d:276269 or.politics:644655 can.politics:854926
.
For those using newsreaders which are designed to filter based on the
email addresses shown in the From headers, ...
XHDR FROM 644647-644655
221 Header or metadata information for FROM follows (from overview)
644647 BTR1701 <G...@inbox1.com>
644648 BTR1701 <fd...@gmail.com>
644649 BTR1701 <55...@gmail.com>
644650 BTR1701 <fds...@gmail.com>
644651 BTR1701 <BTR1...@jam.rr.com>
644652 BTR1701 <j...@gmail.com>
644653 BTR1701 <534...@gmail.com>
644654 BTR1701 <532...@gmail.com>
644655 BTR1701 <s...@gmail.com>
.
QUIT
205 Bye!
Connection closed by foreign host.
Personally, I would recommend anvils from low earth orbit.
- --
David Ritz <dr...@mindspring.com>
"There is nothing worse than having a spare couple of hours and you
can't find an open server to abuse." - Tim Thorne - 26 Dec 1998
-----BEGIN PGP SIGNATURE-----
iF0EARECAB0WIQSc0FU3XAVGYDjSGUhSvCmZGhLe6wUCYGTg0wAKCRBSvCmZGhLe
6znvAJ9jRRMlAib5xp9td4NOLNVb+7tv2wCg3jxQDMGG4lkvfF8OTABA85LPVIM=
=033L
-----END PGP SIGNATURE-----
The Doctor
Mar 31, 2021, 5:32:47 PM3/31/21
to
The Doctor
Mar 31, 2021, 5:34:26 PM3/31/21
to
The Doctor
Mar 31, 2021, 5:37:20 PM3/31/21
to
In article <alpine.OSX.2.21.2...@mako.ath.cx>,
David Ritz <dr...@mindspring.com> wrote:
>-----BEGIN PGP SIGNED MESSAGE-----
>
>Personally, I would recommend anvils from low earth orbit.
>
Please put in coordinates!
>- --
>David Ritz <dr...@mindspring.com>
> "There is nothing worse than having a spare couple of hours and you
> can't find an open server to abuse." - Tim Thorne - 26 Dec 1998
>
>-----BEGIN PGP SIGNATURE-----
>
>iF0EARECAB0WIQSc0FU3XAVGYDjSGUhSvCmZGhLe6wUCYGTg0wAKCRBSvCmZGhLe
>6znvAJ9jRRMlAib5xp9td4NOLNVb+7tv2wCg3jxQDMGG4lkvfF8OTABA85LPVIM=
>=033L
>-----END PGP SIGNATURE-----
David Ritz <dr...@mindspring.com> wrote:
>-----BEGIN PGP SIGNED MESSAGE-----
>
>So far as filtering, those reading from servers running INN should be
>able to filter based any consistent header provided, as this software
>allows pattern matching on any header. In this instance, the
>Injection-Info header appears to be static, although it was not in the
>past. Even so, the beginning of the header has remained consistent.
>
What code should be implemented in cleanfeed?
>So far as filtering, those reading from servers running INN should be
>able to filter based any consistent header provided, as this software
>allows pattern matching on any header. In this instance, the
>Injection-Info header appears to be static, although it was not in the
>past. Even so, the beginning of the header has remained consistent.
>
>
>Personally, I would recommend anvils from low earth orbit.
>
>- --
>David Ritz <dr...@mindspring.com>
> "There is nothing worse than having a spare couple of hours and you
> can't find an open server to abuse." - Tim Thorne - 26 Dec 1998
>
>-----BEGIN PGP SIGNATURE-----
>
>iF0EARECAB0WIQSc0FU3XAVGYDjSGUhSvCmZGhLe6wUCYGTg0wAKCRBSvCmZGhLe
>6znvAJ9jRRMlAib5xp9td4NOLNVb+7tv2wCg3jxQDMGG4lkvfF8OTABA85LPVIM=
>=033L
>-----END PGP SIGNATURE-----
David Ritz
Mar 31, 2021, 6:24:39 PM3/31/21
to
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
On Wednesday, 31 March 2021 21:37 -0000,
Hash: SHA1
in article <s42q2e$1nap$4...@gallifrey.nk.ca>,
The Doctor <doc...@doctor.nl2k.ab.ca> wrote:
> In article <alpine.OSX.2.21.2...@mako.ath.cx>,
> David Ritz <dr...@mindspring.com> wrote:
>> So far as filtering, those reading from servers running INN should
>> be able to filter based any consistent header provided, as this
>> software allows pattern matching on any header. In this instance,
>> the Injection-Info header appears to be static, although it was not
>> in the past. Even so, the beginning of the header has remained
>> consistent.
> What code should be implemented in cleanfeed?
That may be a question better suited to news.software.nntp, where you
> In article <alpine.OSX.2.21.2...@mako.ath.cx>,
> David Ritz <dr...@mindspring.com> wrote:
>> So far as filtering, those reading from servers running INN should
>> be able to filter based any consistent header provided, as this
>> software allows pattern matching on any header. In this instance,
>> the Injection-Info header appears to be static, although it was not
>> in the past. Even so, the beginning of the header has remained
>> consistent.
> What code should be implemented in cleanfeed?
are likely to encounter Steve Crooks, the maintainer of cleanfeed.
As Steve's news.mixmin.net is a neodome.net outbound feed, I would not
expect news.neodome.net to be included in the default bad_paths.
>> Personally, I would recommend anvils from low earth orbit.
> Please put in coordinates!
neodome.net.
95.216.243.224
$ whois -h whois.ripe.net 95.216.243.224|grep Abuse
% Abuse contact for '95.216.0.0 - 95.217.255.255' is 'ab...@hetzner.com'
Meanwhile, Dave, please fix your trn reply indent string, to include a
trailing space, ie. "> " instead of ">". Thanks.
"We have met the enemy and he is us."
-- Walt Kelly (1913-1973), in the voice of Pogo
-----BEGIN PGP SIGNATURE-----
iF0EARECAB0WIQSc0FU3XAVGYDjSGUhSvCmZGhLe6wUCYGT2ogAKCRBSvCmZGhLe
60zLAJ0Uqo1ZnT0Mw2IKftAMhFyl/iHBvgCeOZ9C+0wm4fUeuGP/zr+sl04qKNU=
=wUzy
-----END PGP SIGNATURE-----
Grant Taylor
Mar 31, 2021, 6:28:27 PM3/31/21
to
On 3/31/21 12:38 PM, Adam H. Kerman wrote:
> A quick glance at the server logs without reading cover-to-cover will
> provide evidence of Neodome being used as a relay for the attack.
True.
> A quick glance at the server logs without reading cover-to-cover will
> provide evidence of Neodome being used as a relay for the attack.
However, I find that most people don't spend /all/ of their time reading
server logs. Usually they are out enjoying their lives and periodically
checking ... wait for it ... email.
Read: They will quite often see an alert email /before/ getting back to
logs to look at.
--
Grant. . . .
unix || die
The Doctor
Mar 31, 2021, 8:04:41 PM3/31/21
to
In article <alpine.OSX.2.21.2...@mako.ath.cx>,
David Ritz <dr...@mindspring.com> wrote:
>-----BEGIN PGP SIGNED MESSAGE-----
>Hash: SHA1
>
>On Wednesday, 31 March 2021 21:37 -0000,
> in article <s42q2e$1nap$4...@gallifrey.nk.ca>,
> The Doctor <doc...@doctor.nl2k.ab.ca> wrote:
>
>> In article <alpine.OSX.2.21.2...@mako.ath.cx>,
>> David Ritz <dr...@mindspring.com> wrote:
>
>>> So far as filtering, those reading from servers running INN should
>>> be able to filter based any consistent header provided, as this
>>> software allows pattern matching on any header. In this instance,
>>> the Injection-Info header appears to be static, although it was not
>>> in the past. Even so, the beginning of the header has remained
>>> consistent.
>
>> What code should be implemented in cleanfeed?
>
>That may be a question better suited to news.software.nntp, where you
>are likely to encounter Steve Crooks, the maintainer of cleanfeed.
>As Steve's news.mixmin.net is a neodome.net outbound feed, I would not
>expect news.neodome.net to be included in the default bad_paths.
>
Still waiting for an answer in news.software.nntp
David Ritz <dr...@mindspring.com> wrote:
>-----BEGIN PGP SIGNED MESSAGE-----
>Hash: SHA1
>
>On Wednesday, 31 March 2021 21:37 -0000,
> in article <s42q2e$1nap$4...@gallifrey.nk.ca>,
> The Doctor <doc...@doctor.nl2k.ab.ca> wrote:
>
>> In article <alpine.OSX.2.21.2...@mako.ath.cx>,
>> David Ritz <dr...@mindspring.com> wrote:
>
>>> So far as filtering, those reading from servers running INN should
>>> be able to filter based any consistent header provided, as this
>>> software allows pattern matching on any header. In this instance,
>>> the Injection-Info header appears to be static, although it was not
>>> in the past. Even so, the beginning of the header has remained
>>> consistent.
>
>> What code should be implemented in cleanfeed?
>
>That may be a question better suited to news.software.nntp, where you
>are likely to encounter Steve Crooks, the maintainer of cleanfeed.
>As Steve's news.mixmin.net is a neodome.net outbound feed, I would not
>expect news.neodome.net to be included in the default bad_paths.
>
>>> Personally, I would recommend anvils from low earth orbit.
>
>> Please put in coordinates!
>
> $ dig +short news.neodome.net
> neodome.net.
> 95.216.243.224
>
>$ whois -h whois.ripe.net 95.216.243.224|grep Abuse
>% Abuse contact for '95.216.0.0 - 95.217.255.255' is 'ab...@hetzner.com'
>
>Meanwhile, Dave, please fix your trn reply indent string, to include a
>trailing space, ie. "> " instead of ">". Thanks.
>
>- --
>David Ritz <dr...@mindspring.com>
> "We have met the enemy and he is us."
> -- Walt Kelly (1913-1973), in the voice of Pogo
>
>-----BEGIN PGP SIGNATURE-----
>
>iF0EARECAB0WIQSc0FU3XAVGYDjSGUhSvCmZGhLe6wUCYGT2ogAKCRBSvCmZGhLe
>60zLAJ0Uqo1ZnT0Mw2IKftAMhFyl/iHBvgCeOZ9C+0wm4fUeuGP/zr+sl04qKNU=
>=wUzy
>-----END PGP SIGNATURE-----
--
Member - Liberal International This is doctor@@nl2k.ab.ca Ici doctor@@nl2k.ab.ca
Yahweh, Queen & country!Never Satan President Republic!Beware AntiChrist rising!
Look at Psalms 14 and 53 on Atheism https://www.empire.kred/ROOTNK?t=94a1f39b
If they can dehumanize the most innocent, they can dehumanize anyone. -unknown
Member - Liberal International This is doctor@@nl2k.ab.ca Ici doctor@@nl2k.ab.ca
Yahweh, Queen & country!Never Satan President Republic!Beware AntiChrist rising!
Look at Psalms 14 and 53 on Atheism https://www.empire.kred/ROOTNK?t=94a1f39b
The Doctor
Mar 31, 2021, 8:05:27 PM3/31/21
to
In article <s42t36$jgd$1...@tncsrv09.home.tnetconsulting.net>,
I am not holding my breath but I see no more spamtrolling
from neodome, yet!
from neodome, yet!
yamo'
Apr 1, 2021, 3:14:15 AM4/1/21
to
Hi,
David Ritz a tapoté le 31/03/2021 22:51:
> GROUP or.politics
> 211 13236 621506 644664 or.politics
> XPAT INJECTION-INFO 644600-644664 neodome.net;*
Here (INN 2.6.3 raspbian buster ) :
221 No header information for INJECTION-INFO follows (from articles)
Because cleanfeed has yesterday canceled 11195 posts only for the reason
"Too many newsgroups"...
Best regards,
--
Stéphane
Sorry for my bad English...
David Ritz a tapoté le 31/03/2021 22:51:
> GROUP or.politics
> 211 13236 621506 644664 or.politics
> XPAT INJECTION-INFO 644600-644664 neodome.net;*
221 No header information for INJECTION-INFO follows (from articles)
Because cleanfeed has yesterday canceled 11195 posts only for the reason
"Too many newsgroups"...
Best regards,
--
Stéphane
Sorry for my bad English...
Anton Shepelev
Apr 1, 2021, 6:17:19 AM4/1/21
to
The Doctor:
> Sent abuse@ . Still awaiting a reply!
They list some PGP keys with the address. Could that mean
incoming messages must be PGP-sisnged to deserve
consideration?
> Sent abuse@ . Still awaiting a reply!
incoming messages must be PGP-sisnged to deserve
consideration?
The Doctor
Apr 1, 2021, 8:44:30 AM4/1/21
to
In article <20210401131716.14d1ee464044e64bcee71946@g{oogle}mail.com>,
>--
>() ascii ribbon campaign - against html e-mail
>/\ http://preview.tinyurl.com/qcy6mjc [archived]
Anton Shepelev <anton.txt@g{oogle}mail.com> wrote:
>The Doctor:
>
>> Sent abuse@ . Still awaiting a reply!
>
>They list some PGP keys with the address. Could that mean
>incoming messages must be PGP-sisnged to deserve
>consideration?
>
Bogus!
>
>> Sent abuse@ . Still awaiting a reply!
>
>They list some PGP keys with the address. Could that mean
>incoming messages must be PGP-sisnged to deserve
>consideration?
>
>--
>() ascii ribbon campaign - against html e-mail
>/\ http://preview.tinyurl.com/qcy6mjc [archived]
--
Member - Liberal International This is doctor@@nl2k.ab.ca Ici doctor@@nl2k.ab.ca
Yahweh, Queen & country!Never Satan President Republic!Beware AntiChrist rising!
Look at Psalms 14 and 53 on Atheism https://www.empire.kred/ROOTNK?t=94a1f39b
Member - Liberal International This is doctor@@nl2k.ab.ca Ici doctor@@nl2k.ab.ca
Yahweh, Queen & country!Never Satan President Republic!Beware AntiChrist rising!
Look at Psalms 14 and 53 on Atheism https://www.empire.kred/ROOTNK?t=94a1f39b
Neodome Admin
Apr 3, 2021, 7:04:39 PM4/3/21
to
The Doctor <doc...@doctor.nl2k.ab.ca> wrote:
> In article <s4259k$dkr$1...@dont-email.me>, Adam H. Kerman <a...@chinet.com> wrote:
>> Anton Shepelev <anton.txt@g{oogle}mail.com> wrote:
>>> Adam H. Kerman:
>>
>>>> We're in the midst of a hipclone attack through your
>>>> server. I've seen 1000 articles thus far, and it's still
>>>> ongoing.
>>
>>>> Could you LART this shithead?
>>
>>> Shall we assume you have already reported this at the
>>> address ab...@neodome.net, as specified on
>>> http://neodome.net/ ?
>>
>> What's the point? You think the News administrator of Neodome doesn't
>> check his logs regularly?
>>
>> I'm just expressing frustration here.
>
> Someone give us a cleenfeed solution
do_phn = true;
> In article <s4259k$dkr$1...@dont-email.me>, Adam H. Kerman <a...@chinet.com> wrote:
>> Anton Shepelev <anton.txt@g{oogle}mail.com> wrote:
>>> Adam H. Kerman:
>>
>>>> We're in the midst of a hipclone attack through your
>>>> server. I've seen 1000 articles thus far, and it's still
>>>> ongoing.
>>
>>>> Could you LART this shithead?
>>
>>> Shall we assume you have already reported this at the
>>> address ab...@neodome.net, as specified on
>>> http://neodome.net/ ?
>>
>> What's the point? You think the News administrator of Neodome doesn't
>> check his logs regularly?
>>
>> I'm just expressing frustration here.
>
> Someone give us a cleenfeed solution
phn_aggressive = true;
It will also get rid of bunch of your posts, too. But we all have to make
sacrifices.
> so we can drop this cretin!
in 2016.
--
Neodome
Neodome Admin
Apr 3, 2021, 8:01:20 PM4/3/21
to
Adam H. Kerman <a...@chinet.com> wrote:
> I'm just expressing frustration here.
something like that always been a possibility. Unfortunately.
--
Neodome
Neodome Admin
Apr 3, 2021, 9:32:42 PM4/3/21
to
Eric@ <nos...@invalid.ca> wrote:
> Adam H. Kerman wrote...
>>
>> Anton Shepelev <anton.txt@g{oogle}mail.com> wrote:
>>> Adam H. Kerman:
>>
>>>> We're in the midst of a hipclone attack through your
>>>> server. I've seen 1000 articles thus far, and it's still
>>>> ongoing.
>>
>>>> Could you LART this shithead?
>>
>>> Shall we assume you have already reported this at the
>>> address ab...@neodome.net, as specified on
>>> http://neodome.net/ ?
>>
>> What's the point? You think the News administrator of Neodome doesn't
>> check his logs regularly?
>>
>> I'm just expressing frustration here.
>
> Does anyone actually know who/where the Neodome admin is?
Looks like someone have doxxing urges, huh?
> Adam H. Kerman wrote...
>>
>> Anton Shepelev <anton.txt@g{oogle}mail.com> wrote:
>>> Adam H. Kerman:
>>
>>>> We're in the midst of a hipclone attack through your
>>>> server. I've seen 1000 articles thus far, and it's still
>>>> ongoing.
>>
>>>> Could you LART this shithead?
>>
>>> Shall we assume you have already reported this at the
>>> address ab...@neodome.net, as specified on
>>> http://neodome.net/ ?
>>
>> What's the point? You think the News administrator of Neodome doesn't
>> check his logs regularly?
>>
>> I'm just expressing frustration here.
>
> Does anyone actually know who/where the Neodome admin is?
--
Neodome
Adam H. Kerman
Apr 4, 2021, 12:10:11 AM4/4/21
to
Neodome Admin <ad...@neodome.net> wrote:
>Adam H. Kerman <a...@chinet.com> wrote:
>>Anton Shepelev <anton.txt@g{oogle}mail.com> wrote:
>>>Adam H. Kerman:
>>>>We're in the midst of a hipclone attack through your
>>>>server. I've seen 1000 articles thus far, and it's still
>>>>ongoing.
>>>>Could you LART this shithead?
>>>Shall we assume you have already reported this at the
>>>address ab...@neodome.net, as specified on
>>>http://neodome.net/ ?
>>What's the point? You think the News administrator of Neodome doesn't
>>check his logs regularly?
>I mostly do. However, sometimes life gets in the way.
What do your logs show? Can you identify the IP? Was it from an open
>Adam H. Kerman <a...@chinet.com> wrote:
>>Anton Shepelev <anton.txt@g{oogle}mail.com> wrote:
>>>Adam H. Kerman:
>>>>We're in the midst of a hipclone attack through your
>>>>server. I've seen 1000 articles thus far, and it's still
>>>>ongoing.
>>>>Could you LART this shithead?
>>>Shall we assume you have already reported this at the
>>>address ab...@neodome.net, as specified on
>>>http://neodome.net/ ?
>>What's the point? You think the News administrator of Neodome doesn't
>>check his logs regularly?
>I mostly do. However, sometimes life gets in the way.
proxy or from his own location?
Was it TOR?
Others pointed out that this was the second Hipclone attack through
your server in a short time; I didn't notice the earlier one.
You might be able to figure out who it was.
>>I'm just expressing frustration here.
>I’m also not very happy about it. Since Neodome always been an open server,
>something like that always been a possibility. Unfortunately.
Hipclone attack.
The Doctor
Apr 4, 2021, 7:50:40 AM4/4/21
to
Frank Slootweg
Apr 4, 2021, 10:25:18 AM4/4/21
to
Adam H. Kerman <a...@chinet.com> wrote:
> Neodome Admin <ad...@neodome.net> wrote:
> >Adam H. Kerman <a...@chinet.com> wrote:
> >>Anton Shepelev <anton.txt@g{oogle}mail.com> wrote:
> >>>Adam H. Kerman:
>
> >>>>We're in the midst of a hipclone attack through your
> >>>>server. I've seen 1000 articles thus far, and it's still
> >>>>ongoing.
>
> >>>>Could you LART this shithead?
>
> >>>Shall we assume you have already reported this at the
> >>>address ab...@neodome.net, as specified on
> >>>http://neodome.net/ ?
>
> >>What's the point? You think the News administrator of Neodome doesn't
> >>check his logs regularly?
>
> >I mostly do. However, sometimes life gets in the way.
>
> What do your logs show? Can you identify the IP? Was it from an open
> proxy or from his own location?
>
> Was it TOR?
>
> Others pointed out that this was the second Hipclone attack through
> your server in a short time; I didn't notice the earlier one.
>
> You might be able to figure out who it was.
>
> >>I'm just expressing frustration here.
>
> >I???m also not very happy about it. Since Neodome always been an open server,
> Neodome Admin <ad...@neodome.net> wrote:
> >Adam H. Kerman <a...@chinet.com> wrote:
> >>Anton Shepelev <anton.txt@g{oogle}mail.com> wrote:
> >>>Adam H. Kerman:
>
> >>>>We're in the midst of a hipclone attack through your
> >>>>server. I've seen 1000 articles thus far, and it's still
> >>>>ongoing.
>
> >>>>Could you LART this shithead?
>
> >>>Shall we assume you have already reported this at the
> >>>address ab...@neodome.net, as specified on
> >>>http://neodome.net/ ?
>
> >>What's the point? You think the News administrator of Neodome doesn't
> >>check his logs regularly?
>
> >I mostly do. However, sometimes life gets in the way.
>
> What do your logs show? Can you identify the IP? Was it from an open
> proxy or from his own location?
>
> Was it TOR?
>
> Others pointed out that this was the second Hipclone attack through
> your server in a short time; I didn't notice the earlier one.
>
> You might be able to figure out who it was.
>
> >>I'm just expressing frustration here.
>
> >something like that always been a possibility. Unfortunately.
>
> AIOE is an open server, too, but has a hard posting cap to thwart a
> Hipclone attack.
Well, recently there were big - thousands of articles - floods of
>
> AIOE is an open server, too, but has a hard posting cap to thwart a
> Hipclone attack.
non-sense posts through aioe.org's server, despite the posting cap.
Apparently the culprit used a VPN to submit artricles from many
different IPs, thereby evading the cap. [1]
I don't know if that was a Hipclone attack. (I've not looked at which
flood is which kind for quite some time, so I don't know whether it was
Hipclone or not.)
Paolo (Amoroso) only closed the attacked groups for some time, but did
not fix the underlying problem(s).
FWIW, AFAIC there's no excuse for server to be 'open'. username/password
should not present a problem for anyone's 'privacy', except for the
stupid (unsolvable) and for those who *really* need privacy (and who can
use other means).
[1] AFAIR, these floods where 'discussed' in the news.* groups
(news.software.nntp or/and news.software.readers or/and this one).
Adam H. Kerman
Apr 4, 2021, 10:54:27 AM4/4/21
to
Frank Slootweg <th...@ddress.is.invalid> wrote:
>Adam H. Kerman <a...@chinet.com> wrote:
>>Neodome Admin <ad...@neodome.net> wrote:
>>>Adam H. Kerman <a...@chinet.com> wrote:
>>>>Anton Shepelev <anton.txt@g{oogle}mail.com> wrote:
>>>>>Adam H. Kerman:
>>>>>>We're in the midst of a hipclone attack through your
>>>>>>server. I've seen 1000 articles thus far, and it's still
>>>>>>ongoing.
>>>>>>Could you LART this shithead?
>>>>>Shall we assume you have already reported this at the
>>>>>address ab...@neodome.net, as specified on
>>>>>http://neodome.net/ ?
>>>>What's the point? You think the News administrator of Neodome doesn't
>>>>check his logs regularly?
>>>I mostly do. However, sometimes life gets in the way.
>>What do your logs show? Can you identify the IP? Was it from an open
>>proxy or from his own location?
>>Was it TOR?
>>Others pointed out that this was the second Hipclone attack through
>>your server in a short time; I didn't notice the earlier one.
>>You might be able to figure out who it was.
>>>>I'm just expressing frustration here.
>>>I'm also not very happy about it. Since Neodome always been an open
>Adam H. Kerman <a...@chinet.com> wrote:
>>Neodome Admin <ad...@neodome.net> wrote:
>>>Adam H. Kerman <a...@chinet.com> wrote:
>>>>Anton Shepelev <anton.txt@g{oogle}mail.com> wrote:
>>>>>Adam H. Kerman:
>>>>>>We're in the midst of a hipclone attack through your
>>>>>>server. I've seen 1000 articles thus far, and it's still
>>>>>>ongoing.
>>>>>>Could you LART this shithead?
>>>>>Shall we assume you have already reported this at the
>>>>>address ab...@neodome.net, as specified on
>>>>>http://neodome.net/ ?
>>>>What's the point? You think the News administrator of Neodome doesn't
>>>>check his logs regularly?
>>>I mostly do. However, sometimes life gets in the way.
>>What do your logs show? Can you identify the IP? Was it from an open
>>proxy or from his own location?
>>Was it TOR?
>>Others pointed out that this was the second Hipclone attack through
>>your server in a short time; I didn't notice the earlier one.
>>You might be able to figure out who it was.
>>>>I'm just expressing frustration here.
>>>server, something like that always been a possibility. Unfortunately.
>>AIOE is an open server, too, but has a hard posting cap to thwart a
>>Hipclone attack.
> Well, recently there were big - thousands of articles - floods of
>non-sense posts through aioe.org's server, despite the posting cap.
>Apparently the culprit used a VPN to submit artricles from many
>different IPs, thereby evading the cap. [1]
I didn't recall.
>>AIOE is an open server, too, but has a hard posting cap to thwart a
>>Hipclone attack.
> Well, recently there were big - thousands of articles - floods of
>non-sense posts through aioe.org's server, despite the posting cap.
>Apparently the culprit used a VPN to submit artricles from many
>different IPs, thereby evading the cap. [1]
I was still hoping the Neodome administrator would review his logs and
summarize any patterns he discovered for the Usenet audience.
> I don't know if that was a Hipclone attack. (I've not looked at which
>flood is which kind for quite some time, so I don't know whether it was
>Hipclone or not.)
> Paolo (Amoroso) only closed the attacked groups for some time, but did
>not fix the underlying problem(s).
> FWIW, AFAIC there's no excuse for server to be 'open'. username/password
>should not present a problem for anyone's 'privacy', except for the
>stupid (unsolvable) and for those who *really* need privacy (and who can
>use other means).
is a good idea.
However, you don't need privacy till someone tries to harm you. Hipcrime
software can abuse the News server accounts of actual users as the
open proxy attack over nine months via Bell Canada two decades ago
demonstrated. I don't know if anyone's combined spamming software with
a password cracking tool.
Neodome Admin
Apr 4, 2021, 2:05:33 PM4/4/21
to
Adam H. Kerman <a...@chinet.com> wrote:
> Neodome Admin <ad...@neodome.net> wrote:
>> Adam H. Kerman <a...@chinet.com> wrote:
>>> Anton Shepelev <anton.txt@g{oogle}mail.com> wrote:
>>>> Adam H. Kerman:
>
>>>>> We're in the midst of a hipclone attack through your
>>>>> server. I've seen 1000 articles thus far, and it's still
>>>>> ongoing.
>
>>>>> Could you LART this shithead?
>
>>>> Shall we assume you have already reported this at the
>>>> address ab...@neodome.net, as specified on
>>>> http://neodome.net/ ?
>
>>> What's the point? You think the News administrator of Neodome doesn't
>>> check his logs regularly?
>
>> I mostly do. However, sometimes life gets in the way.
>
> What do your logs show? Can you identify the IP? Was it from an open
> proxy or from his own location?
A lot of open proxies, tens of them.
> Neodome Admin <ad...@neodome.net> wrote:
>> Adam H. Kerman <a...@chinet.com> wrote:
>>> Anton Shepelev <anton.txt@g{oogle}mail.com> wrote:
>>>> Adam H. Kerman:
>
>>>>> We're in the midst of a hipclone attack through your
>>>>> server. I've seen 1000 articles thus far, and it's still
>>>>> ongoing.
>
>>>>> Could you LART this shithead?
>
>>>> Shall we assume you have already reported this at the
>>>> address ab...@neodome.net, as specified on
>>>> http://neodome.net/ ?
>
>>> What's the point? You think the News administrator of Neodome doesn't
>>> check his logs regularly?
>
>> I mostly do. However, sometimes life gets in the way.
>
> What do your logs show? Can you identify the IP? Was it from an open
> proxy or from his own location?
> Was it TOR?
No.
> Others pointed out that this was the second Hipclone attack through
> your server in a short time; I didn't notice the earlier one.
>
> You might be able to figure out who it was.
>>> I'm just expressing frustration here.
>
>> I’m also not very happy about it. Since Neodome always been an open server,
>> something like that always been a possibility. Unfortunately.
>
> AIOE is an open server, too, but has a hard posting cap to thwart a
> Hipclone attack.
looks like a different user for such defense system.
The messages in question are actually being filtered on Neodome server,
cleanfeed is good enough at identifying and rejecting this type of flood.
However, Neodome server is keeping rejected articles. The problem is,
Neodome have two types of outgoing feeds, filtered and unfiltered. Some
news administrators specifically asking to send them everything (for
example, binaries in text groups, which are usually rejected), thus the
reason for unfiltered feeds. Those administrators who are running text-only
servers usually expect to receive filtered feed, and that’s what I’m doing.
If they are receiving the flood, it’s probably not directly from Neodome
but from other servers that are getting unfiltered feeds.
Neodome server is handling all Usenet articles smaller than 64 KBs, which
is around 10-20 GBs a day, so the flood itself is not anywhere close to be
a problem volume-wise. I, however, agree that automated posts are Usenet
abuse. Perhaps I’ll turn filtering on on all outgoing feeds for now and see
how it goes. Unfortunately, filtering in INN is not flexible enough to
separate articles rejected for different reasons. Maybe I’ll have to write
a custom solution, or I’ll have to have two virtual servers, one
specifically to handle unfiltered peering, and another for filtered. Local
posting then will happen on filtered one, and any flood won’t enter
unfiltered feed.
--
Neodome
Adam H. Kerman
Apr 4, 2021, 2:49:19 PM4/4/21
to
Neodome Admin <ad...@neodome.net> wrote:
>Adam H. Kerman <a...@chinet.com> wrote:
>>Neodome Admin <ad...@neodome.net> wrote:
>>>Adam H. Kerman <a...@chinet.com> wrote:
>>>>Anton Shepelev <anton.txt@g{oogle}mail.com> wrote:
>>>>>Adam H. Kerman:
>>>>>>We're in the midst of a hipclone attack through your
>>>>>>server. I've seen 1000 articles thus far, and it's still
>>>>>>ongoing.
>>>>>>Could you LART this shithead?
>>>>>Shall we assume you have already reported this at the
>>>>>address ab...@neodome.net, as specified on
>>>>>http://neodome.net/ ?
>>>>What's the point? You think the News administrator of Neodome doesn't
>>>>check his logs regularly?
>>>I mostly do. However, sometimes life gets in the way.
>>What do your logs show? Can you identify the IP? Was it from an open
>>proxy or from his own location?
>A lot of open proxies, tens of them.
Ok.
>Adam H. Kerman <a...@chinet.com> wrote:
>>Neodome Admin <ad...@neodome.net> wrote:
>>>Adam H. Kerman <a...@chinet.com> wrote:
>>>>Anton Shepelev <anton.txt@g{oogle}mail.com> wrote:
>>>>>Adam H. Kerman:
>>>>>>We're in the midst of a hipclone attack through your
>>>>>>server. I've seen 1000 articles thus far, and it's still
>>>>>>ongoing.
>>>>>>Could you LART this shithead?
>>>>>Shall we assume you have already reported this at the
>>>>>address ab...@neodome.net, as specified on
>>>>>http://neodome.net/ ?
>>>>What's the point? You think the News administrator of Neodome doesn't
>>>>check his logs regularly?
>>>I mostly do. However, sometimes life gets in the way.
>>What do your logs show? Can you identify the IP? Was it from an open
>>proxy or from his own location?
>A lot of open proxies, tens of them.
>>Was it TOR?
>No.
>>Others pointed out that this was the second Hipclone attack through
>>your server in a short time; I didn't notice the earlier one.
>>You might be able to figure out who it was.
>I have no interest in that.
open server. There are advantages and consequences to being the
administrator of a server set up in this manner. If a user takes
advantage of the openness you provide to commit abuse of Usenet, isn't
one of the consequences of running an open server that you have to
discipline a user who took advantage of your good nature?
He's your user. The rest of Usenet cannot take any action beyond blocking
articles from your server, which would be a loss for Usenet. You forced
several to block articles originating from your server during the attack,
at least temporarily. At some point, News sites are just going to tire of
the abuse originating at your server and block your users permanently. At
that point, you'll still be running your open server but you'll largely
be blocked from Usenet.
>>>>I'm just expressing frustration here.
>>>I'm also not very happy about it. Since Neodome always been an open server,
>>>something like that always been a possibility. Unfortunately.
>>AIOE is an open server, too, but has a hard posting cap to thwart a
>>Hipclone attack.
>When a lot of open proxies are used, posting cap is useless. Each proxy
>looks like a different user for such defense system.
like that through AIOE.
>The messages in question are actually being filtered on Neodome server,
>cleanfeed is good enough at identifying and rejecting this type of flood.
>However, Neodome server is keeping rejected articles. The problem is,
>Neodome have two types of outgoing feeds, filtered and unfiltered. Some
>news administrators specifically asking to send them everything (for
>example, binaries in text groups, which are usually rejected), thus the
>reason for unfiltered feeds. Those administrators who are running text-only
>servers usually expect to receive filtered feed, and that's what I'm doing.
>If they are receiving the flood, it's probably not directly from Neodome
>but from other servers that are getting unfiltered feeds.
>Neodome server is handling all Usenet articles smaller than 64 KBs, which
>is around 10-20 GBs a day, so the flood itself is not anywhere close to be
>a problem volume-wise. I, however, agree that automated posts are Usenet
>abuse. Perhaps I'll turn filtering on on all outgoing feeds for now and see
>how it goes. Unfortunately, filtering in INN is not flexible enough to
>separate articles rejected for different reasons. Maybe I'll have to write
>a custom solution, or I'll have to have two virtual servers, one
>specifically to handle unfiltered peering, and another for filtered. Local
>posting then will happen on filtered one, and any flood won't enter
>unfiltered feed.
Thank you for working on this.
Neodome Admin
Apr 4, 2021, 4:21:32 PM4/4/21
to
and client side (providing that client software have adequate filtering
means.) I suspect most people unhappy with Neodome are unhappy not because
of floods, but because of trolls. I’ve seen many online communities that
allowed anonymous postings and most effective attacks on them were slow,
and in many cases not automated, they didn’t involve thousands of messages
per day. I’m still surprised how susceptible people are to trolling.
> At
> that point, you'll still be running your open server but you'll largely
> be blocked from Usenet.
identifying an attacker I didn’t mean that I’m somehow agree with them. I
just think that it’s probably impossible and mostly pointless. After this
particular attacker there will be another one, and yet another one. It
would be much more effective to accept possibility to be attacked at any
time and look for ways to minimize potential damage. Usenet is an open
system, open for both good parties and bad parties. Trying to moderate
everything leads to slow (or not that slow) death, perfect example of that
is Usenet II: <https://en.m.wikipedia.org/wiki/Usenet_II> I’m pretty sure
server like Neodome would not be allowed to participate in Usenet II.
--
Neodome
Adam H. Kerman
Apr 4, 2021, 5:08:39 PM4/4/21
to
>I've seen many online communities that allowed anonymous postings and most
>effective attacks on them were slow, and in many cases not automated,
>they didn't involve thousands of messages per day. I'm still surprised
>how susceptible people are to trolling.
host.
>>At that point, you'll still be running your open server but you'll
>>largely be blocked from Usenet.
>I mostly agree with everything you said. When I said I'm not interested in
>identifying an attacker I didn't mean that I'm somehow agree with them. I
>just think that it's probably impossible and mostly pointless. After this
>particular attacker there will be another one, and yet another one.
>It would be much more effective to accept possibility to be attacked at
>any time and look for ways to minimize potential damage. Usenet is an open
>system, open for both good parties and bad parties. Trying to moderate
>everything leads to slow (or not that slow) death, perfect example of
>that is Usenet II: <https://en.m.wikipedia.org/wiki/Usenet_II> I'm pretty
>sure server like Neodome would not be allowed to participate in Usenet II.
moderation for general discussion. I have no objection to authenticating
to my server, isn't comparable to moderation.
I wasn't a Usenet II user.
Eric@
Apr 4, 2021, 5:29:04 PM4/4/21
to
Neodome Admin wrote...
No. Paranoia?
Serious question: is it possible to publish server logs as AIOE ES do?
Serious question: is it possible to publish server logs as AIOE ES do?
Neodome Admin
Apr 5, 2021, 9:51:03 PM4/5/21
to
> Serious question: is it possible to publish server logs as AIOE ES do?
--
Neodome
Bulk User
Jun 27, 2021, 8:27:10 PM6/27/21
to
On 31/03/2021 17:49, The Doctor wrote:
> Someone give us a cleenfeed solution
> Someone give us a cleenfeed solution
> so we can drop this cretin!
The "news.mixmin.net" has been brought down since midnight on 23rd June
and god knows when it will be back by cretins at neodome and dizum or
whatever they call these days. Life's become very interesting these days.
The Doctor
Jun 27, 2021, 11:29:09 PM6/27/21
to
In article <sbb50p$15cs$1...@gioia.aioe.org>,
Thank you for the heads up!
Time to add a blocker if needed.
Time to add a blocker if needed.
--
Member - Liberal International This is doctor@@nl2k.ab.ca Ici doctor@@nl2k.ab.ca
Yahweh, Queen & country!Never Satan President Republic!Beware AntiChrist rising!
Look at Psalms 14 and 53 on Atheism https://www.empire.kred/ROOTNK?t=94a1f39b
Instant perfection is the enemy of the real thing. -unknown Beware https://mindspring.com
Member - Liberal International This is doctor@@nl2k.ab.ca Ici doctor@@nl2k.ab.ca
Yahweh, Queen & country!Never Satan President Republic!Beware AntiChrist rising!
Look at Psalms 14 and 53 on Atheism https://www.empire.kred/ROOTNK?t=94a1f39b
0 new messages