Slashdot Mirror

← Back to Stories (view on slashdot.org)

Filtering the Anonymous USENET Trolls?

Posted by Cliff on from the combatting-anonymous-remailers-used-for-evil dept.

BoneFlower asks: "Anonymous remailers are all well and good, but sometimes people use them to abuse people through email or through trolling newsgroups. I've had limited results filtering "anonymous" on a USENET group I frequent but many anonymous remailer trolls get through. The group was nearly unuseable for over a week due to the volume of anonymous remailer trolls. Does anyone have tips on filtering them out? I personally use Forte Agent 1.9.1, many others use Netscape/Mozilla, OE, and various others. If you could help us out, we'd appreciate it."

13 of 32 comments (clear)

  1. Method of filtering by Violet+Null · · Score: 2

    I've never used Forte, but common sense would say that it contain some way to filter by IP address (from the NNTP-Posting-Host header). Worst case scenario is you have to filter each troll individually, but even that shouldn't be a problem if it gets you peace and quiet afterwards.

    1. Re:Method of filtering by eamonman · · Score: 2, Informative

      Use an IRC client to take look at some of the more popular channels's filters in IRC (dalnet for example), to get a sense of troulesome IP domains (at least for IRC) and also a sense of how much effort this course of action might take.

      --
      0- Eamonman Proud member of DNRC
  2. Do they actually make money? by jsimon12 · · Score: 2

    I know this is off topic (though not totally), but do these people who send all these huge amounts of spam actually make money? Or is it just a symptom of some late night infomercial pipedream?

    1. Re:Do they actually make money? by Masem · · Score: 2
      The idea behind spam, whether USENET, email, snail mail, or whatnot, is that you only need to get a small fraction, less than 1%, to respond in order to turn a profit. Of course, from a cost-prohibative accounting, USENET is the cheapest (you effectively only send the message out once over your bandwidth, compared with once per spam target with email), but also probably has the lowest number of readers.

      --
      "Pinky, you've left the lens cap of your mind on again." - P&TB
      "I can see my house from here!" - ST:
    2. Re:Do they actually make money? by CMiYC · · Score: 2

      but also probably has the lowest number of readers. >

      Not only that but the lowest number of susceptiable readers. Nowadays very few stupid people know about USENET or how to use it.

    3. Re:Do they actually make money? by terpia · · Score: 2
      Nowadays very few stupid people know about USENET or how to use it.


      Really? I just tried to read through a few groups, and it appears the "stupid" people are out in full effect.


      That said, I know what you mean - Very few people that have only been online in the last 3-4 years even know what a newsgroup is.

      --
      .sig wanted: Must be concise, funny, and display my cleverness.
    4. Re:Do they actually make money? by CMiYC · · Score: 2

      It all depends on the group you're reading. alt.rec.videogames.playstation2 is full of them. While, sci.electronics.*, isn't.

  3. Re:Avoiding trolls by bellings · · Score: 2

    Yeah. I like the way the SlashDot kill file works.

    I just have a hot-key mapped to "kill", and then I can kill posts (and articles) based on a regular expression executed against the thread, the subject, or the poster of a message. It's really cool! We never had anything like it back in the 80's, when we were stuck with crappy USENET news readers.

    No, wait, I'm all fucked up. The newsreaders we were using before some of the SlashDot posters were born make the SlashDot interface just look sad.

    --
    Slashdot is jumping the shark. I'm just driving the boat.
  4. Set up a local spool by coyote-san · · Score: 3, Informative

    One option that seems to work fairly well, if you have the resources, is to set up a local news spool, then filter out the crap locally. With a local spool, you can perform checks that are too expensive to perform in the reader, e.g., not just verifying a valid looking sender, but actually performing A and MX record lookups for the domain to eliminate one class of spamware. (Unfortunately other spamware sees nothing wrong with criminally impersonating innocent third parties, but there are other ways to catch them.) Or you could do some regular expression matching looking for suspicious phrases, decoding uuencoded/base64-encoded blocks to check for viral loads, etc.

    If you decide to do this, you can usually perform the tests during the ingest process (if it's always running), or as a daemon that periodically runs and checks the most recent messages.

    The results can be staggering. I was doing this on a couple alt.* groups as a test, and a few simple rules could reduce the SNR from about 1-in-20 messages to about 2-in-3 messages. More importantly, this approach tends to eliminate the stuff that's mindlessly repeated hundreds of times. Most people don't mind getting a spam message once, but seeing the 247th identical message to make your breasts and penis larger (*who* needs this stuff?!) can make anyone lose it.

    --
    For every complex problem there is an answer that is clear, simple, and wrong. -- H L Mencken
  5. Re:How ironic... by Restil · · Score: 4, Informative

    everyone knows usenet is only for pr0n and mp3z/w4r3z

    Your statement has some element of truth to it. Probably 99% of the usenet data is devoted to these time honored traditions. However, these are generally not the areas that are inflicted with trolls. The binary newsgroups typically are pretty well organized, and most of the commentary is devoted to requests or to flaming those who haven't learned how to post properly yet. Pron newsgroups get a lot of spam and heated discussions as to image quality... or content quality. *Ahem*... or so I've heard.

    The trolls prey upon the general discussion groups. That is because they can actually get a voice there. If you're in a binary group, you're there to download binaries, and thus, you're going to download the multipart messages that are visibly 10-15 megs in size. The individual messages you can scroll by in a heartbeat without ever paying attention to anything more than the message size. Even the title won't stand out. Trolls get no audience this way. Now, if the trolls took to posting large binaries for kicks, that would be something different. And while I'm not saying that they don't, I've never encountered this on usenet, although I have seen it done on the various P2P networks. It would appear, that if someone's going to spend 3 days uploading something, they're not going to waste their upstream on something just so one person can download it then post a warning message to the rest of the group to ignore it.

    -Restil

    --
    Play with my webcams and lights here
  6. Re:Serdar Argic by superid · · Score: 2

    or Gary Stollman, or even Kibo!

  7. Re:Serdar Argic by DNS-and-BIND · · Score: 2

    You're KIDDING, right? You actually miss the automated, off-topic crap denying the Armenian genocide? Jeez! Who else do you miss, Cantor & Siegel?!

    --
    Shutting down free speech with violence isn't fighting fascism. It IS fascism!
  8. Re:please post the name of the group by BoneFlower · · Score: 2

    rec.games.miniatures.warhammer