Filtering the Anonymous USENET Trolls?

← Back to Stories (view on slashdot.org)

Filtering the Anonymous USENET Trolls?

Posted by Cliff on Monday June 24, 2002 @06:30AM from the combatting-anonymous-remailers-used-for-evil dept.

BoneFlower asks: "Anonymous remailers are all well and good, but sometimes people use them to abuse people through email or through trolling newsgroups. I've had limited results filtering "anonymous" on a USENET group I frequent but many anonymous remailer trolls get through. The group was nearly unuseable for over a week due to the volume of anonymous remailer trolls. Does anyone have tips on filtering them out? I personally use Forte Agent 1.9.1, many others use Netscape/Mozilla, OE, and various others. If you could help us out, we'd appreciate it."

32 comments

Min score:

Reason:

Sort:

Avoiding trolls by PhysicsGenius · 2002-06-24 06:36 · Score: 0, Troll

First of all, I think you are dismissing trolls too soon. In nature, lions and jackals cull the slow and stupid animals from the herd, but there aren't very many ISP's in the middle of the African savannah so we have to rely on other means to get the slow and stupid off the 'net. Trolls are the answer--once someone bites on a troll they are forever known as a World Class Moron that can safely be ignored. (To a slashdot reader, being ignored--nobody listening to them spouting punditry from every smelly orifice, is the death penalty).
Second...well, I guess I said everything that needs saying above. In short, don't bite and you won't get bitten.
1. Re:Avoiding trolls by bellings · 2002-06-24 08:19 · Score: 2
  
  Yeah. I like the way the SlashDot kill file works.
  
  I just have a hot-key mapped to "kill", and then I can kill posts (and articles) based on a regular expression executed against the thread, the subject, or the poster of a message. It's really cool! We never had anything like it back in the 80's, when we were stuck with crappy USENET news readers.
  
  No, wait, I'm all fucked up. The newsreaders we were using before some of the SlashDot posters were born make the SlashDot interface just look sad.
  
  --
  Slashdot is jumping the shark. I'm just driving the boat.
2. Re:Avoiding trolls by Mr.+Slippery · 2002-06-25 06:27 · Score: 1
  
  The newsreaders we were using before some of the SlashDot posters were born make
  the SlashDot interface just look sad.
  
  Ahhh...the simple goodness of trn.
  
  --
  Tom Swiss | the infamous tms | my blog
  You cannot wash away blood with blood
please post the name of the group by tps12 · 2002-06-24 06:36 · Score: 1

If you post the name of the Usenet group of which you are writing, I think the whole Slashdot community would be glad to get behind you and help out however they can.

--

Karma: Good (despite my invention of the Karma: sig)
1. Re:please post the name of the group by BoneFlower · 2002-07-03 17:06 · Score: 2
  
  rec.games.miniatures.warhammer
Method of filtering by Violet+Null · 2002-06-24 06:49 · Score: 2

I've never used Forte, but common sense would say that it contain some way to filter by IP address (from the NNTP-Posting-Host header). Worst case scenario is you have to filter each troll individually, but even that shouldn't be a problem if it gets you peace and quiet afterwards.
1. Re:Method of filtering by eamonman · 2002-06-24 07:44 · Score: 2, Informative
  
  Use an IRC client to take look at some of the more popular channels's filters in IRC (dalnet for example), to get a sense of troulesome IP domains (at least for IRC) and also a sense of how much effort this course of action might take.
  
  --
  0- Eamonman Proud member of DNRC
How ironic... by Anonymous Coward · 2002-06-24 06:49 · Score: 1, Insightful

We see a thread full of trolls in response to a story about how to avoid trolls. Perhaps you should not have used Slashdot for this purpose? And in response to your question, everyone knows usenet is only for pr0n and mp3z/w4r3z. :-P
1. Re:How ironic... by Anonymous Coward · 2002-06-24 08:45 · Score: 1, Funny
  
  "...everyone knows usenet is only for pr0n and mp3z/w4r3z"
  
  Yeah, and your point is?
2. Re:How ironic... by Restil · 2002-06-24 09:24 · Score: 4, Informative
  
  everyone knows usenet is only for pr0n and mp3z/w4r3z
  
  Your statement has some element of truth to it. Probably 99% of the usenet data is devoted to these time honored traditions. However, these are generally not the areas that are inflicted with trolls. The binary newsgroups typically are pretty well organized, and most of the commentary is devoted to requests or to flaming those who haven't learned how to post properly yet. Pron newsgroups get a lot of spam and heated discussions as to image quality... or content quality. *Ahem*... or so I've heard.
  
  The trolls prey upon the general discussion groups. That is because they can actually get a voice there. If you're in a binary group, you're there to download binaries, and thus, you're going to download the multipart messages that are visibly 10-15 megs in size. The individual messages you can scroll by in a heartbeat without ever paying attention to anything more than the message size. Even the title won't stand out. Trolls get no audience this way. Now, if the trolls took to posting large binaries for kicks, that would be something different. And while I'm not saying that they don't, I've never encountered this on usenet, although I have seen it done on the various P2P networks. It would appear, that if someone's going to spend 3 days uploading something, they're not going to waste their upstream on something just so one person can download it then post a warning message to the rest of the group to ignore it.
  
  -Restil
  
  --
  Play with my webcams and lights here
Outlook Express by Anonymous Coward · 2002-06-24 06:50 · Score: 0

Is quite possibly the worst news reader ever made.
Do they actually make money? by jsimon12 · 2002-06-24 07:40 · Score: 2

I know this is off topic (though not totally), but do these people who send all these huge amounts of spam actually make money? Or is it just a symptom of some late night infomercial pipedream?
1. Re:Do they actually make money? by Masem · 2002-06-24 08:26 · Score: 2
  
  The idea behind spam, whether USENET, email, snail mail, or whatnot, is that you only need to get a small fraction, less than 1%, to respond in order to turn a profit. Of course, from a cost-prohibative accounting, USENET is the cheapest (you effectively only send the message out once over your bandwidth, compared with once per spam target with email), but also probably has the lowest number of readers.
  
  --
  "Pinky, you've left the lens cap of your mind on again." - P&TB
  "I can see my house from here!" - ST:
2. Re:Do they actually make money? by CMiYC · 2002-06-24 08:36 · Score: 2
  
  but also probably has the lowest number of readers. >
  
  Not only that but the lowest number of susceptiable readers. Nowadays very few stupid people know about USENET or how to use it.
3. Re:Do they actually make money? by terpia · 2002-06-24 08:50 · Score: 2
  
  Nowadays very few stupid people know about USENET or how to use it.
  
  Really? I just tried to read through a few groups, and it appears the "stupid" people are out in full effect.
  
  That said, I know what you mean - Very few people that have only been online in the last 3-4 years even know what a newsgroup is.
  
  --
  .sig wanted: Must be concise, funny, and display my cleverness.
4. Re:Do they actually make money? by CMiYC · 2002-06-24 08:52 · Score: 2
  
  It all depends on the group you're reading. alt.rec.videogames.playstation2 is full of them. While, sci.electronics.*, isn't.
Set up a local spool by coyote-san · 2002-06-24 08:55 · Score: 3, Informative

One option that seems to work fairly well, if you have the resources, is to set up a local news spool, then filter out the crap locally. With a local spool, you can perform checks that are too expensive to perform in the reader, e.g., not just verifying a valid looking sender, but actually performing A and MX record lookups for the domain to eliminate one class of spamware. (Unfortunately other spamware sees nothing wrong with criminally impersonating innocent third parties, but there are other ways to catch them.) Or you could do some regular expression matching looking for suspicious phrases, decoding uuencoded/base64-encoded blocks to check for viral loads, etc.

If you decide to do this, you can usually perform the tests during the ingest process (if it's always running), or as a daemon that periodically runs and checks the most recent messages.

The results can be staggering. I was doing this on a couple alt.* groups as a test, and a few simple rules could reduce the SNR from about 1-in-20 messages to about 2-in-3 messages. More importantly, this approach tends to eliminate the stuff that's mindlessly repeated hundreds of times. Most people don't mind getting a spam message once, but seeing the 247th identical message to make your breasts and penis larger (*who* needs this stuff?!) can make anyone lose it.

--
For every complex problem there is an answer that is clear, simple, and wrong. -- H L Mencken
1. Re:Set up a local spool by hack_and_slash · 2002-06-25 03:11 · Score: 1
  
  Surely breasts OR penis?
  
  --
  -= Never enter a battle of wits with an unarmed man =-
Re:Dear Slashdot... by Anonymous Coward · 2002-06-24 09:13 · Score: 0

There's no need to be snide. Just call BoneFlower a complete dumb fuck. You'll feel better, and so will we.
Yeah right, nice try trolls! by Anonymous Coward · 2002-06-24 13:03 · Score: 0

By "Slashdot community" you must be refering to you and the other ./ trolls. Yeah, the best way to solve this problem is to give it more publicity and traffic by announcing the group name to the trolls and posters here.
Serdar Argic by mumkin · 2002-06-24 15:45 · Score: 1

Mod me off-topic if you must, but I am reminded of the halcyon days of Serdar Argic. It's just not as trollsome without him :)
1. Re:Serdar Argic by superid · 2002-06-25 08:10 · Score: 2
  
  or Gary Stollman, or even Kibo!
2. Re:Serdar Argic by DNS-and-BIND · 2002-06-25 17:21 · Score: 2
  
  You're KIDDING, right? You actually miss the automated, off-topic crap denying the Armenian genocide? Jeez! Who else do you miss, Cantor & Siegel?!
  
  --
  Shutting down free speech with violence isn't fighting fascism. It IS fascism!
3. Re:Serdar Argic by raduga · 2002-06-29 16:43 · Score: 1
  
  Yet more lies, and nonsense and purest babble from "DNS-and-BIND". Perhaps you should crawl back into your hole where you will be safe from the dangerous world out here.
  Nonetheless, let us return to the fact of the matter:
  Source: "/usr/dict/words" by Ritchie, Dennis
  From "words"
  Aaron
  Ababa
  aback
  abaft
  abandon
  abandoned
  abandoning
  abandonment
  abandons
  abase
  abased
  abasement
  abasements
  
  (err....)
  Source: "The Linux Genocide" by Bill Gates
  From "The Death of IP"
  Pages 42-45
  "In 1812, Richard Stallman assembled an army of criminals, hackers and luddites, armed them with evil circumvention devices and proceeded to steal all the software in the kingdom of Uruguay. Not content to merely steal intellectual property, the thugs slaked their lust by massacaring hundreds of millions of innocent women and children. Witnesses at the time described the excessive zeal with which the marauding Stallmanists destroyed whole villages, and every technological innovation their ignorant hands could grasp. The horrors of the Linux Genocide are well known to historians everywhere and are documented in even more detail in:"
  R.A. :D uga
  
  --
  First, nothing begins if not opening
4. Re:Serdar Argic by DNS-and-BIND · 2002-06-30 03:22 · Score: 1
  
  Raduga from #phreak?
  
  --
  Shutting down free speech with violence isn't fighting fascism. It IS fascism!