Please create an account to participate in the Slashdot moderation system

 


Forgot your password?
Close
typodupeerror
×
Spam

Filtering the Anonymous USENET Trolls? 32

Posted by Cliff from the combatting-anonymous-remailers-used-for-evil dept.
BoneFlower asks: "Anonymous remailers are all well and good, but sometimes people use them to abuse people through email or through trolling newsgroups. I've had limited results filtering "anonymous" on a USENET group I frequent but many anonymous remailer trolls get through. The group was nearly unuseable for over a week due to the volume of anonymous remailer trolls. Does anyone have tips on filtering them out? I personally use Forte Agent 1.9.1, many others use Netscape/Mozilla, OE, and various others. If you could help us out, we'd appreciate it."
This discussion has been archived. No new comments can be posted.

Filtering the Anonymous USENET Trolls? More

Filtering the Anonymous USENET Trolls?

Comments Filter:
  • If you post the name of the Usenet group of which you are writing, I think the whole Slashdot community would be glad to get behind you and help out however they can.
  • I've never used Forte, but common sense would say that it contain some way to filter by IP address (from the NNTP-Posting-Host header). Worst case scenario is you have to filter each troll individually, but even that shouldn't be a problem if it gets you peace and quiet afterwards.
    • Use an IRC client to take look at some of the more popular channels's filters in IRC (dalnet for example), to get a sense of troulesome IP domains (at least for IRC) and also a sense of how much effort this course of action might take.

  • How ironic... (Score:1, Insightful)

    by Anonymous Coward
    We see a thread full of trolls in response to a story about how to avoid trolls. Perhaps you should not have used Slashdot for this purpose? And in response to your question, everyone knows usenet is only for pr0n and mp3z/w4r3z. :-P

    • Re:How ironic... (Score:1, Funny)

      by Anonymous Coward
      "...everyone knows usenet is only for pr0n and mp3z/w4r3z"

      Yeah, and your point is?

    • Re:How ironic... (Score:4, Informative)

      by Restil ( 31903 ) on Monday June 24, 2002 @05:24PM (#3759297) Homepage
      everyone knows usenet is only for pr0n and mp3z/w4r3z

      Your statement has some element of truth to it. Probably 99% of the usenet data is devoted to these time honored traditions. However, these are generally not the areas that are inflicted with trolls. The binary newsgroups typically are pretty well organized, and most of the commentary is devoted to requests or to flaming those who haven't learned how to post properly yet. Pron newsgroups get a lot of spam and heated discussions as to image quality... or content quality. *Ahem*... or so I've heard.

      The trolls prey upon the general discussion groups. That is because they can actually get a voice there. If you're in a binary group, you're there to download binaries, and thus, you're going to download the multipart messages that are visibly 10-15 megs in size. The individual messages you can scroll by in a heartbeat without ever paying attention to anything more than the message size. Even the title won't stand out. Trolls get no audience this way. Now, if the trolls took to posting large binaries for kicks, that would be something different. And while I'm not saying that they don't, I've never encountered this on usenet, although I have seen it done on the various P2P networks. It would appear, that if someone's going to spend 3 days uploading something, they're not going to waste their upstream on something just so one person can download it then post a warning message to the rest of the group to ignore it.

      -Restil
  • I know this is off topic (though not totally), but do these people who send all these huge amounts of spam actually make money? Or is it just a symptom of some late night infomercial pipedream?
    • The idea behind spam, whether USENET, email, snail mail, or whatnot, is that you only need to get a small fraction, less than 1%, to respond in order to turn a profit. Of course, from a cost-prohibative accounting, USENET is the cheapest (you effectively only send the message out once over your bandwidth, compared with once per spam target with email), but also probably has the lowest number of readers.

      • but also probably has the lowest number of readers. >

        Not only that but the lowest number of susceptiable readers. Nowadays very few stupid people know about USENET or how to use it.
        • Nowadays very few stupid people know about USENET or how to use it.


          Really? I just tried to read through a few groups, and it appears the "stupid" people are out in full effect.


          That said, I know what you mean - Very few people that have only been online in the last 3-4 years even know what a newsgroup is.

  • Set up a local spool (Score:3, Informative)

    by coyote-san ( 38515 ) on Monday June 24, 2002 @04:55PM (#3759127)
    One option that seems to work fairly well, if you have the resources, is to set up a local news spool, then filter out the crap locally. With a local spool, you can perform checks that are too expensive to perform in the reader, e.g., not just verifying a valid looking sender, but actually performing A and MX record lookups for the domain to eliminate one class of spamware. (Unfortunately other spamware sees nothing wrong with criminally impersonating innocent third parties, but there are other ways to catch them.) Or you could do some regular expression matching looking for suspicious phrases, decoding uuencoded/base64-encoded blocks to check for viral loads, etc.

    If you decide to do this, you can usually perform the tests during the ingest process (if it's always running), or as a daemon that periodically runs and checks the most recent messages.

    The results can be staggering. I was doing this on a couple alt.* groups as a test, and a few simple rules could reduce the SNR from about 1-in-20 messages to about 2-in-3 messages. More importantly, this approach tends to eliminate the stuff that's mindlessly repeated hundreds of times. Most people don't mind getting a spam message once, but seeing the 247th identical message to make your breasts and penis larger (*who* needs this stuff?!) can make anyone lose it.
  • Mod me off-topic if you must, but I am reminded of the halcyon days of Serdar Argic. It's just not as trollsome without him :)
    • or Gary Stollman, or even Kibo!
    • You're KIDDING, right? You actually miss the automated, off-topic crap denying the Armenian genocide? Jeez! Who else do you miss, Cantor & Siegel?!
      • Yet more lies, and nonsense and purest babble from "DNS-and-BIND". Perhaps you should crawl back into your hole where you will be safe from the dangerous world out here.

        Nonetheless, let us return to the fact of the matter:

        Source: "/usr/dict/words" by Ritchie, Dennis

        From "words"

        Aaron
        Ababa
        aback
        abaft
        abandon
        abandoned
        abandoning
        abandonment
        abandons
        abase
        abased
        abasement
        abasements

        (err....)

        Source: "The Linux Genocide" by Bill Gates

        From "The Death of IP"

        Pages 42-45

        "In 1812, Richard Stallman assembled an army of criminals, hackers and luddites, armed them with evil circumvention devices and proceeded to steal all the software in the kingdom of Uruguay. Not content to merely steal intellectual property, the thugs slaked their lust by massacaring hundreds of millions of innocent women and children. Witnesses at the time described the excessive zeal with which the marauding Stallmanists destroyed whole villages, and every technological innovation their ignorant hands could grasp. The horrors of the Linux Genocide are well known to historians everywhere and are documented in even more detail in:"

        R.A. :D uga

Slashdot Top Deals

So you think that money is the root of all evil. Have you ever asked what is the root of money? -- Ayn Rand

Close