XPost: news.admin.peering

David, I've cut the crosspost to the email newsgroup and I fixed the
typo on Subject.

Neodome Admin <admin@neodome.net> wrote:

David Ritz <dritz@mindspring.com> writes:

Neodome appears to be just fine with this activity.

From: abuse@neodome.net
To: David Ritz <dritz@mindspring.com>
Date: Thu, 03 Jun 2021 03:38:45 -0500
Subject: Re: Flood: 100 forwarded messages...

On 2021-06-02 17:22, David Ritz wrote:
Please try harder.
Which Usenet client are you using? Please let me know and I'll help
you to set up filtering.

Just was trying to figure out which group out of four was the
target. Appear to be alt.checkmate. Someone didn't like Neodome users
posting there so I had to block access to that group for now.

I suggest that while client side filtering is not a remedy

Which client are you using? Please let me know and I'll help you set up >filtering - based on Message-ID or Newsgroups header.

Please stop it. I've occassionally been sympathetic with your position
of openness but each time there's a flood through your server, you
exhaust my patience.

I do kill file based on your server, and I've asked certain posters that
I read not to post through your server so I don't have to make
exceptions for them. With the exception of posters I'd been reading for
years before your server was set up, your users don't post on topic nor
do they make worthwhile contributions to discussion in groups that I read.

It takes a lot of resources and everyone else's to do this thanks to
allowing a flooding problem originating at your News site to continue unaddressed. You lose sympathy for the moral position you are supposedly taking.

, depeering certainly would help.

:-)

Caring about your own reputation would help even more.

--- SoupGate-Win32 v1.05
* Origin: fsxNet Usenet Gateway (21:1/5)

XPost: news.admin.peering

"Adam H. Kerman" <ahk@chinet.com> writes:

David, I've cut the crosspost to the email newsgroup and I fixed the
typo on Subject.

Neodome Admin <admin@neodome.net> wrote:

David Ritz <dritz@mindspring.com> writes:

Neodome appears to be just fine with this activity.

From: abuse@neodome.net
To: David Ritz <dritz@mindspring.com>
Date: Thu, 03 Jun 2021 03:38:45 -0500
Subject: Re: Flood: 100 forwarded messages...

On 2021-06-02 17:22, David Ritz wrote:
Please try harder.
Which Usenet client are you using? Please let me know and I'll help >>>>>you to set up filtering.

Just was trying to figure out which group out of four was the
target. Appear to be alt.checkmate. Someone didn't like Neodome users >>posting there so I had to block access to that group for now.

I suggest that while client side filtering is not a remedy

Which client are you using? Please let me know and I'll help you set up >>filtering - based on Message-ID or Newsgroups header.

Please stop it. I've occassionally been sympathetic with your position
of openness but each time there's a flood through your server, you
exhaust my patience.

Oh wow. I guess I should really feel sorry. I mean, exausting Adam's
patience. Who in their right mind would do that? Should I kill myself?..

Sorry Adam. We both know you never been sympathetic to my position. I
really doubt you're even able to explain what my position is.

As to the David Ritz, I will never believe that this guy have no idea
how to deal with a simple flood coming from a single source, directed to
groups he don't read.

I do kill file based on your server, and I've asked certain posters that
I read not to post through your server so I don't have to make
exceptions for them. With the exception of posters I'd been reading for
years before your server was set up, your users don't post on topic nor
do they make worthwhile contributions to discussion in groups that I read.

Is that suppose to make me look bad? Or you just generally against the
nature of human beings? Do you think it's my fault they don't post "on
topic"? I don't even know these people. I don't know any of them, and I
don't want to know. I don't have any kind of contact with them. The only
people who want to deal with login/password at Neodome are the ones who
are willing to post via Tor or I2P, and I want to know even less about
them than about average Usenet user.

I mean, yeah, it's pretty sad that open Usenet server is used to bitch
to the world about horrors of rival political opinions. But,
realistically, what do you want me to do? I would be more than happy if
my server was mostly used to participate in technical groups. But it's
not the case, and after running the server for five years, I'm not sure
if it will ever will be.

Maybe you should take care of it, Adam? Come on, man. You know very well
that running an open server is mosly moral, not a technical
problem. Let's have yet another discussion about what a censorship is
and what's not.

Anyway, many of Neodome users have no idea about this drama. Bunch of
them don't even speak English. Even if you not count Trump-hating weirdo
who post to political groups, there's still about 500-700 legit messages
a day going to Hungarian, German, French, Italian groups. I'm not going
to abruptly end their Usenet service because some fucker flood a group
where few old farts are still figuring out who's alpha and who's beta.

It takes a lot of resources and everyone else's to do this thanks to
allowing a flooding problem originating at your News site to continue unaddressed. You lose sympathy for the moral position you are supposedly taking.

, depeering certainly would help.

:-)

Caring about your own reputation would help even more.

Quit that shit, man. You've been here long enough, you should know very
well what it's all about. There is no any "reputation" I'm gaining for
any of it. Instead, I'm being blamed by both sides of political
spectrum. I was already told that I'm receiving money from "Demonrats",
I was already threatened with all kind of shit, except probably
death. But I suspect I'll be soon enough.

It was the third time someone threatened me with "Usenet Death penalty."
That's why I used that smile. I should start saving Message-IDs, I
guess. "Reputation", lol.

--
Neodome

--- SoupGate-Win32 v1.05
* Origin: fsxNet Usenet Gateway (21:1/5)

XPost: news.admin.peering

Neodome Admin <admin@neodome.net> wrote:

"Adam H. Kerman" <ahk@chinet.com> writes:

Neodome Admin <admin@neodome.net> wrote:

David Ritz <dritz@mindspring.com> writes:

Neodome appears to be just fine with this activity.

From: abuse@neodome.net
To: David Ritz <dritz@mindspring.com>
Date: Thu, 03 Jun 2021 03:38:45 -0500
Subject: Re: Flood: 100 forwarded messages...

On 2021-06-02 17:22, David Ritz wrote:
Please try harder.
Which Usenet client are you using? Please let me know and I'll help >>>>>>you to set up filtering.

Just was trying to figure out which group out of four was the
target. Appear to be alt.checkmate. Someone didn't like Neodome users >>>posting there so I had to block access to that group for now.

I suggest that while client side filtering is not a remedy

Which client are you using? Please let me know and I'll help you set up >>>filtering - based on Message-ID or Newsgroups header.

Please stop it. I've occassionally been sympathetic with your position
of openness but each time there's a flood through your server, you
exhaust my patience.

Oh wow. I guess I should really feel sorry. I mean, exausting Adam's >patience. Who in their right mind would do that? Should I kill myself?..

The moderator of this newsgroup made an error approving my post, as any criticism from me is off topic.

Sorry Adam. We both know you never been sympathetic to my position. I
really doubt you're even able to explain what my position is.

As it's not my position, it's not my job to explain it.

As to the David Ritz, I will never believe that this guy have no idea
how to deal with a simple flood coming from a single source, directed to >groups he don't read.

David can explain himself. My position is that there shouldn't be floods
on Usenet ever.

I do kill file based on your server, and I've asked certain posters that
I read not to post through your server so I don't have to make
exceptions for them. With the exception of posters I'd been reading for >>years before your server was set up, your users don't post on topic nor
do they make worthwhile contributions to discussion in groups that I read.

Is that suppose to make me look bad? . . .

In making a comment about what I killfile in my own newsreader for my
own reading purposes, my general experience with your users, and comments
I've made to a couple of users that had posted through your site, I wasn't considering your feelings at all.

. . .

Quit that shit, man. You've been here long enough, you should know very
well what it's all about. There is no any "reputation" I'm gaining for
any of it. Instead, I'm being blamed by both sides of political
spectrum. I was already told that I'm receiving money from "Demonrats",
I was already threatened with all kind of shit, except probably
death. But I suspect I'll be soon enough.

My comments were with respect to flooding through your News site and
weren't political at all.

It was the third time someone threatened me with "Usenet Death penalty." >That's why I used that smile. I should start saving Message-IDs, I
guess. "Reputation", lol.

I don't address you in that way. That other people do has nothing to do
with me.

--- SoupGate-Win32 v1.05
* Origin: fsxNet Usenet Gateway (21:1/5)

XPost: news.admin.peering

In article <s9g6mu$7o0$4@dont-email.me>, Adam H. Kerman <ahk@chinet.com> wrote:


Thank goodness I dropped neodome!

Whoever took over must really be a piece of work.
--
Member - Liberal International This is doctor@@nl2k.ab.ca Ici doctor@@nl2k.ab.ca
Yahweh, Queen & country!Never Satan President Republic!Beware AntiChrist rising!
Look at Psalms 14 and 53 on Atheism https://www.empire.kred/ROOTNK?t=94a1f39b The pursuit of irresponsibility makes pain a necessity. -unknown

--- SoupGate-Win32 v1.05
* Origin: fsxNet Usenet Gateway (21:1/5)

XPost: news.admin.peering

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

On Saturday, 05 June 2021 12:57 -0000,
in article <s9fsc2$tk6$1@neodome.net>,
Neodome Admin <admin@neodome.net> wrote:

On Saturday, 05 June 2021 12:57 -0000, Neodome Admin wrote:

[...]

As to the David Ritz, I will never believe that this guy have no
idea how to deal with a simple flood coming from a single source,
directed to groups he don't read.

Your assumptions are bad and your clairvoyance quotient sucks, as does
mine. What I read or don't read is quite irrelevant to the problem.

Your recommendation of filtering shifts responsibility dealing with the
issues surrounding network abuse instances originating from
news.neodome.net. Man up and take responsibility for the problems
you and the implementation of your philosophy invite.

I have dealt with NewsAgent floods previously, as well as floods of
cancel messages, supersedes replacing legitimate posts with spam and
the issuance of $alz formatted preemptive cancels, using this Swiss
Army Knife of Usenet Abuse. NewsAgent was specifically designed to
exploit open proxies, as you saw for yourself, in the recent attack on alt.checkmate and alt.slack. The apparent ability to switch proxies,
for each post, appears to be a fairly recent hack. Thanks for
including the posting-host information, for the second round of this
attack.

Thanks to the speed of news.neodome.net, the attack was somewhat
limited. In years past, I have observed more than 300k NewsAgent
generated porn spam posts, in a single twenty four hour period, via an
open AnalogX proxy running on a Videotron.ca home user's computer.
Personally, I do not miss those bad old days.

[...]

I mean, yeah, it's pretty sad that open Usenet server is used to
bitch to the world about horrors of rival political opinions.

This is the same lame excuse, used by hosting providers, for
infrastructure facilitating cybercrime operations. You and your
server are nothing new nor anything special.

Please consider moving news.neodome.net to an authenticated users only
setup. Intentionally running open servers seems an open invitation to
abuse.

- --
David Ritz <dritz@mindspring.com>
"There will be more spam." -- Paul Vixie

-----BEGIN PGP SIGNATURE-----

iF0EARECAB0WIQSc0FU3XAVGYDjSGUhSvCmZGhLe6wUCYLxGGAAKCRBSvCmZGhLe 64ATAKDHyYnjh6AmJ/0JP3iv4Y5T+9oeHgCg6YCUKwGgkotZdtS3wiqq12aJt0U=
=8A5X
-----END PGP SIGNATURE-----

--- SoupGate-Win32 v1.05
* Origin: fsxNet Usenet Gateway (21:1/5)

XPost: news.admin.peering

In article <alpine.OSX.2.20.2106052028420.57527@mako.ath.cx>,
David Ritz <dritz@mindspring.com> wrote:

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

On Saturday, 05 June 2021 12:57 -0000,
in article <s9fsc2$tk6$1@neodome.net>,
Neodome Admin <admin@neodome.net> wrote:

On Saturday, 05 June 2021 12:57 -0000, Neodome Admin wrote:

[...]

As to the David Ritz, I will never believe that this guy have no
idea how to deal with a simple flood coming from a single source,
directed to groups he don't read.

Your assumptions are bad and your clairvoyance quotient sucks, as does
mine. What I read or don't read is quite irrelevant to the problem.

Your recommendation of filtering shifts responsibility dealing with the >issues surrounding network abuse instances originating from
news.neodome.net. Man up and take responsibility for the problems
you and the implementation of your philosophy invite.

I have dealt with NewsAgent floods previously, as well as floods of
cancel messages, supersedes replacing legitimate posts with spam and
the issuance of $alz formatted preemptive cancels, using this Swiss
Army Knife of Usenet Abuse. NewsAgent was specifically designed to
exploit open proxies, as you saw for yourself, in the recent attack on >alt.checkmate and alt.slack. The apparent ability to switch proxies,
for each post, appears to be a fairly recent hack. Thanks for
including the posting-host information, for the second round of this
attack.

Thanks to the speed of news.neodome.net, the attack was somewhat
limited. In years past, I have observed more than 300k NewsAgent
generated porn spam posts, in a single twenty four hour period, via an
open AnalogX proxy running on a Videotron.ca home user's computer. >Personally, I do not miss those bad old days.

[...]

I mean, yeah, it's pretty sad that open Usenet server is used to
bitch to the world about horrors of rival political opinions.

This is the same lame excuse, used by hosting providers, for
infrastructure facilitating cybercrime operations. You and your
server are nothing new nor anything special.

Please consider moving news.neodome.net to an authenticated users only
setup. Intentionally running open servers seems an open invitation to
abuse.

- --
David Ritz <dritz@mindspring.com>
"There will be more spam." -- Paul Vixie

-----BEGIN PGP SIGNATURE-----

iF0EARECAB0WIQSc0FU3XAVGYDjSGUhSvCmZGhLe6wUCYLxGGAAKCRBSvCmZGhLe >64ATAKDHyYnjh6AmJ/0JP3iv4Y5T+9oeHgCg6YCUKwGgkotZdtS3wiqq12aJt0U=
=8A5X
-----END PGP SIGNATURE-----

Open relays must be banned!
--
Member - Liberal International This is doctor@@nl2k.ab.ca Ici doctor@@nl2k.ab.ca
Yahweh, Queen & country!Never Satan President Republic!Beware AntiChrist rising!
Look at Psalms 14 and 53 on Atheism https://www.empire.kred/ROOTNK?t=94a1f39b The pursuit of irresponsibility makes pain a necessity. -unknown

--- SoupGate-Win32 v1.05
* Origin: fsxNet Usenet Gateway (21:1/5)

XPost: news.admin.peering

Il 06/06/21 05:50, David Ritz ha scritto:

Intentionally running open servers seems an open invitation to
abuse.

For about twenty years I have been administering a news server that intentionally allows all users to post without authentication. Although
in some rare circumstances my server has been involved in some floods,
it has always given few problems of massive abuse. The few times it
happened, I quickly fixed the problem.

IMHO, David, the problem is not the public news servers but the people
who manage them. The problem with neodome is not that it is open without authentication but that it is poorly managed.
If a group has abuse issues, I block my users from posting there; if a
set of groups is flooded, I configure the server to reject all messages
posted there if their number exceeds a certain threshold. If one runs a
public news server he must expect that from time to time someone will
try to abuse it. Abuse is part of the game. The difference between a
good public news server and a bad one is in the reaction to abuse.

neodome simply does not react to abuse and this makes it dangerous for
the rest of the network and it is a good reason to ban it.

--- SoupGate-Win32 v1.05
* Origin: fsxNet Usenet Gateway (21:1/5)

XPost: news.admin.peering

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

On Sunday, 06 June 2021 20:54 +0200,
in article <s9j5ku$1bfb$1@gioia.aioe.org>,
Aioe <estasi@aioe.org> wrote:

Il 06/06/21 05:50, David Ritz ha scritto:

Intentionally running open servers seems an open invitation to
abuse.

For about twenty years I have been administering a news server that intentionally allows all users to post without authentication.
Although in some rare circumstances my server has been involved in
some floods, it has always given few problems of massive abuse. The
few times it happened, I quickly fixed the problem.

Yes, I am aware there are well managed and operated public NNTP
servers. I certainly consider AIOE to be included among these.
Reacting quickly and responding positively is always greatly
appreciated.

IMHO, David, the problem is not the public news servers but the
people who manage them. The problem with neodome is not that it is
open without authentication but that it is poorly managed.

I can agree with this statement.

[...]

neodome simply does not react to abuse and this makes it dangerous
for the rest of the network and it is a good reason to ban it.

I reacted particularly badly, with the suggestion that user/client
side filtering was a solution, which it is, at best, like placing a
simple plaster on a gangrenous infection. I found this response to be reprehensibly irresponsible.

- --
David Ritz <dritz@mindspring.com>
"I'm as mad as hell, and I'm not going to take this anymore!"
- Peter Finch's Oscar winning speech in the 1976 film, "Network"

-----BEGIN PGP SIGNATURE-----

iF0EARECAB0WIQSc0FU3XAVGYDjSGUhSvCmZGhLe6wUCYL1NbgAKCRBSvCmZGhLe 6yxwAKDFYl2MDY2wsVtDc+IRxLg8TGP/PACfdYQ6a3uHO2gA2c+8VmLQxo6TYK4=
=BjmY
-----END PGP SIGNATURE-----

--- SoupGate-Win32 v1.05
* Origin: fsxNet Usenet Gateway (21:1/5)

XPost: news.admin.peering

David Ritz <dritz@mindspring.com> writes:

On Saturday, 05 June 2021 12:57 -0000,
in article <s9fsc2$tk6$1@neodome.net>,
Neodome Admin <admin@neodome.net> wrote:

On Saturday, 05 June 2021 12:57 -0000, Neodome Admin wrote:

[...]

As to the David Ritz, I will never believe that this guy have no
idea how to deal with a simple flood coming from a single source,
directed to groups he don't read.

Your assumptions are bad and your clairvoyance quotient sucks, as does
mine. What I read or don't read is quite irrelevant to the problem.

You're correct. But you were not correct when you claimed that it's
impossible to filter it on the client side.

Your recommendation of filtering shifts responsibility dealing with the issues surrounding network abuse instances originating from
news.neodome.net. Man up and take responsibility for the problems
you and the implementation of your philosophy invite.

Are there any, really?

Pretty much all Usenet servers use cleanfeed, and there are very simple settings over there:

------------

do_phn

An EMP check seeded by the NNTP-Posting-Host and the Newsgroups
headers. This attempts to address flooding of a specific Newsgroup from
a single source. It can cause false positives in some groups where
individuals post high volumes of brief messages in a short period of
time. These groups can be excluded from the filter using the phn_exclude parameter.

phn_aggressive

The PHN Filter tries to create hashes based on the NNTP-Posting_Host of
the sender. If this header doesn't exist, then setting phn_aggressive to
True will cause it to fall back on the Path header instead. The
implication of this is that messages to a specific newsgroup will be
rejected if too many originate from the same service provider instead of
merely the same poster.

-------------

Because normally all articles from Neodome have single posting host, such filter easily catches them once they go above some treshold (usually
around 100 in some short amount of time.) I can see in my logs that I
didn't really send much articles out to my text-only peers because my
own cleanfeed filter was catching the flood and not sending it out to
those who don't want it. I did more "damage" to them (and I knew it's gonna happen) when I started blocking groups, because flooder would simply move
to different groups and filter will allow some amount of flood to pass
before starting to reject it.

I'm not sure why E-S is not using such filter, I guess that would be the question for Ray.

The reason you and other Giganews users are seeing it is because you're
getting "uncensored" Usenet which is basically a stream of data with
headers that you're free do anything with. You're your own "censor",
same as me - and considering your experience I'm pretty sure you know
what to do to get the data you want.

I have dealt with NewsAgent floods previously, as well as floods of
cancel messages, supersedes replacing legitimate posts with spam and
the issuance of $alz formatted preemptive cancels, using this Swiss
Army Knife of Usenet Abuse. NewsAgent was specifically designed to
exploit open proxies, as you saw for yourself, in the recent attack on alt.checkmate and alt.slack. The apparent ability to switch proxies,
for each post, appears to be a fairly recent hack. Thanks for
including the posting-host information, for the second round of this
attack.

It actually was a bad thing. More articles were able to pass the filters because of constantly changing injection point.

Thanks to the speed of news.neodome.net, the attack was somewhat
limited.

That's intentional. Neodome is constantly slowing the posting rate from
any single IP address if it keeps posting.

In years past, I have observed more than 300k NewsAgent
generated porn spam posts, in a single twenty four hour period, via an
open AnalogX proxy running on a Videotron.ca home user's computer. Personally, I do not miss those bad old days.

It's not the "old days" anymore. 30k messages that came from Neodome,
300k messages from Videotron.ca, even 3m messages - all are small
numbers, barely noticeable, actually. I didn't even bothered to run
htop, but I bet if I would in the middle of flood, my server load would
be probably same as usual, which is around 5%. Usual amout of messages
Neodome receives daily is around 500,000-1,000,000, and I expect it to
easily handle 10x that amount. Commercial Usenet providers can handle
hundreds time more, and won't even notice the difference.

There were several attacks on my server in the last few years, for
example, just recently someone tried to open hundreds of thousands of connections, but failed miserably because he ran out of resources before
I did. I didn't even bother to check his IP address.

If not for whiners, I would just let it all run and let the filters take
care of everything.

In my opinion, only people who were actually affected by the flood are
Google Groups users and those who are saving everything for archiving
purposes. In case of Google Groups it's deliberate choice of Google to
pretend that Usenet does not exist, so they intentially don't provide
their users with a client that have any Usenet-specific functionality
while also not doing any kind of moderation. In case of the guys doing archiving - I'm sorry, but 10 MBs of messages are not going to put a
dent on their racks of 8 TB HDDs. Since archives are requiring some
manual attention anyway, they can just come back to it whenever they
feel like it and get rid of that garbage. In case if 10 years later
someone will be interested, I'm saving Message-IDs belonging to the
flood.

The only legit complain I heard so far was from Adam, and he was saying
that such flood is effectively a DoS attack against smaller servers. I, however, disagree. 30k of messages is not that much more than 15-20k
messages we see in text-only Usenet today in normal circumstances, and
it's much less than it's used to be. If servers have to reject 30k
messages a day and it affects them that much, I see two possibilities:
it's something intentionally running on retro hardware (like Atari ST)
and it probably should peer only with servers that aware of limited
resources, or it's misconfigured and probably will be forced to go down
in case if text-only Usenet ever gets traction and number of legit
messages starts to go up.

[...]

I mean, yeah, it's pretty sad that open Usenet server is used to
bitch to the world about horrors of rival political opinions.

This is the same lame excuse, used by hosting providers, for
infrastructure facilitating cybercrime operations. You and your
server are nothing new nor anything special.

Please consider moving news.neodome.net to an authenticated users only
setup. Intentionally running open servers seems an open invitation to
abuse.

Well, at least you're not saying I'm the cybercriminal. That's
something.

I've seen your last email, and I appreciate that you're willing to
help. I am, however, is not willing to use outside services such as spamhaus.org, because they will never supply me with their full
database, and I'm not going to supply them with IPs of my users to check against their database. That's going against everything I'm standing
for.

When I said that I don't want to know who my users are I said exactly
what I meant. Up until yesterday I was deliberately not logging IP
addresses, and I'm still not sure if I should. I have nothing against
people using proxies to post to Usenet, and I try to provide easy way
out of it for those people who are running servers or clients able to do filtering. I would never cheat on server-supplied headers such as Path
or Injection-Info. I was thinking of using Distribution header but no
one is using it anymore, so there's probably no point. I do realize that
such point of view will lead to Neodome being banned on some servers,
but I don't see a problem in having "censored" and "uncensored" Usenet.

Going to authentication-only is not going to fix the problem. I've seen a
lot of posts from commercial providers that can be considered as "spam"
or "flood", and free authentication-only providers are also vulnerable
for abuse. Captcha solvers and throw-away legit email addresses were a
thing for years, and the only reason E-S didn't have to go through that
is because no one attempted it. The Aioe way (IP addresses blocking,
obsure filtering rules on message body, etc.) is also a road to
nowhere. Once there will be person motivated enough Aioe will probably
end up blocking all IPs except Italians, and probably filtering on bunch
of Usenet peers.

Please don't take it wrong. If I realise that Neodome is a source of
problem that cannot be simply filtered out I'll probably turn off
posting and make Neodome a peering only server. But currently I don't see anything like that. How many seconds did it take for you to filter them
out once you opened affected group? 0.1?

--
Neodome

--- SoupGate-Win32 v1.05
* Origin: fsxNet Usenet Gateway (21:1/5)

XPost: news.admin.peering

Neodome Admin <admin@neodome.net> wrote:
[...]

In my opinion, only people who were actually affected by the flood are
Google Groups users and those who are saving everything for archiving purposes. In case of Google Groups it's deliberate choice of Google to pretend that Usenet does not exist, so they intentially don't provide
their users with a client that have any Usenet-specific functionality
while also not doing any kind of moderation. In case of the guys doing archiving - I'm sorry, but 10 MBs of messages are not going to put a
dent on their racks of 8 TB HDDs. Since archives are requiring some
manual attention anyway, they can just come back to it whenever they
feel like it and get rid of that garbage. In case if 10 years later
someone will be interested, I'm saving Message-IDs belonging to the
flood.

FYI, I run a small personal/private server and keep the groups which I subscribe to 'forever' (which currently is some 18 years). I do not have
"racks of 8 TB HDDs" and yes, a flood of 30k messages (in a single
group) *is* an rather big annoyance which I'd rather do without.

Yes, I could investigate if my server can handle (local) cancels-after-the-fact, but that doesn't excuse the abuse of the net,
nor does it excuse the admin's responsibility for facilitating said
abuse.

FWIW, sofar I've not been affected by floods from Neodome, but have
been affected by (10k articles) floods from Aioe.org. Same difference.

--
Frank Slootweg, ex-News Admin in some tiny 150K employeee company.

--- SoupGate-Win32 v1.05
* Origin: fsxNet Usenet Gateway (21:1/5)

XPost: news.admin.peering

Frank Slootweg <this@ddress.is.invalid> writes:

FYI, I run a small personal/private server and keep the groups which I subscribe to 'forever' (which currently is some 18 years). I do not have "racks of 8 TB HDDs" and yes, a flood of 30k messages (in a single
group) *is* an rather big annoyance which I'd rather do without.

Make your project public, start a GoFundMe campain. I'll donate you some
money so you can afford 8 TB HDD one day. I'm pretty sure other Usenet users would too, and your dream will come true. How about that?

--
Neodome

--- SoupGate-Win32 v1.05
* Origin: fsxNet Usenet Gateway (21:1/5)

XPost: news.admin.peering

Il 09/06/21 20:58, Frank Slootweg ha scritto:

FWIW, sofar I've not been affected by floods from Neodome, but have
been affected by (10k articles) floods from Aioe.org. Same difference.

have you reported that abuse to aioe.org abuse desk?
newsmasters react when someone alerts them about a running flood.

BTW last time, in march, only a few thousand of nonsense messages were
sent through my server before being stopped. Abuse were blocked as soon
as it was reported (a few hours after the beginning).

you should consider that it is not possible to prevent an user from
flooding a group using a list of open proxies, the only possible
countermeasure is to stop him as soon as possible.

--- SoupGate-Win32 v1.05
* Origin: fsxNet Usenet Gateway (21:1/5)

XPost: news.admin.peering

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

On Wednesday, 09 June 2021 06:00 -0000,
in article <s9pldp$t8j$1@neodome.net>,
Neodome Admin <admin@neodome.net> wrote:

David Ritz <dritz@mindspring.com> writes:

On Saturday, 05 June 2021 12:57 -0000,
in article <s9fsc2$tk6$1@neodome.net>,
Neodome Admin <admin@neodome.net> wrote:

On Saturday, 05 June 2021 12:57 -0000, Neodome Admin wrote:

[...]

As to the David Ritz, I will never believe that this guy have no
idea how to deal with a simple flood coming from a single source,
directed to groups he don't read.

Your assumptions are bad and your clairvoyance quotient sucks, as
does mine. What I read or don't read is quite irrelevant to the
problem.

You're correct. But you were not correct when you claimed that it's impossible to filter it on the client side.

You are putting words in my mouth^W fingers. I never claimed it was
impossible to filter. When you recommended client side filtering as a solution, I replied:

<quote>
Network abuse is not a client side issue. Please take action to
mitigate this NewsAgent spew.
</quote>

I stand by my words. Your loose interpretation is an outright misrepresentation of the exchange. You assume too much, while
ignoring the the heart of the matter entirely. Only by making
patently false assertions are you able to try to deflect from the
issue of network abuse, through a quite lame attempt at deflection.

Your recommendation of filtering shifts responsibility dealing with
the issues surrounding network abuse instances originating from
news.neodome.net. Man up and take responsibility for the problems
you and the implementation of your philosophy invite.

Are there any, really?

Are there any what? Responsibilities?

Indeed, as it was your recommendation of client side filtering, as a
solution, which prompted me into this discussion. Your failure to
respond immediately upon notification, to shut down the attack, and
instead attempting to shift responsibility to the operators of every
NNTP node on the network, and to their users, is the subject at hand.

Pretty much all Usenet servers use cleanfeed, and there are very
simple settings over there:

Please see my header comment regarding assumptions. Your assumptions
are quite simply fallacious. The result of basing your arguments upon
false premises renders them moot. Your assertion regarding the
ubiquity of INN demonstrates a quite parochial perspective and
provincial attitude.

Many servers running INN also run cleanfeed. How well maintained they
are, on any particular site, is open to conjecture.

Too few other NNTP server software solutions are devised to
accommodate cleanfeed. Are you aware, for example, there are still
people out there, who run Microsoft news server enterprise solution
software? These things respond to only the most minimal of NNTP
commands. They do not even support queries of any type.

Do you understand that where many ISPs used to provide NNTP services
using HighWinds server software? Most no longer provide this service.
The server software was incapable of user authentication and were open
to any IP address on their subnets, including hijacked proxies
running on home users computers, most often installed by malware..

What about other leaf node servers?

There are some pretty significant news sites, which do not run
IneterNetNews. Two of the servers I access on a regular basis do not, including the service from which I primarily read news and the one via
which this post originates.

Then, of course, there is the lowest common denominator of Usenet
access providers, groups.google.com, where you can rest assured the
entire flood is archived. You can find NewsAgent floods similarly
archived in the Google Usenet archive, which date back decades. That
in no way excuses the abuse and points to the importance of
preventing it. Once it begins, it is imperative that it gets shut
down, just as quickly as possible.

[ snip cleanfeed specific comments, as irrelevant to the underlying
abuse issue ]

Because normally all articles from Neodome have single posting host,

[snip]

This would seem to have been another false assumption, in this case.
Is this your first experience with NewsAgent? The flooding, which
nicked news.neodome.net, has be in progress for at least two decades.

I'm not sure why E-S is not using such filter, I guess that would be
the question for Ray.

It's not your place to pose the question. You are out of line.

The reason you and other Giganews users are seeing it is because
you're getting "uncensored" Usenet which is basically a stream of
data with headers that you're free do anything with. You're your own "censor", same as me - and considering your experience I'm pretty
sure you know what to do to get the data you want.

It seems you need to review the definition of 'censor'. Dropping
thousands of word salad NewsAgent posts is not an infringement upon
speech, as it was neither speech nor communication of any kind. It is
just noise. Filtering noise has nothing to do with the suppression of information or ideas. Flooding of this nature is akin to the state
sponsored jamming of radio signals, to censor broadcasts and prevent
the dissemination of information.

Preventing this crap from ever entering the news stream actually
improves communication. In case you had not noticed, communication --
for some value of communication -- is the primary purpose of text
newsgroups.

I read news from giganews.com servers, as it is included with one of
my ISP accounts. I choose to read from a full feed, specifically so I
can see, recognize and try to deal with network abuse incidents.
That is my choice. It is what I did, when reporting this specific
flooding incident to you. You seemed to shrug it off, as if it was
not your problem.

I have dealt with NewsAgent floods previously, as well as floods of
cancel messages, supersedes replacing legitimate posts with spam
and the issuance of $alz formatted preemptive cancels,

<correction>
These were not cancel messages. Although they were posted to
control.cancel, and include Subjects beginning, "cmsg cancel," they
included no Control header. They were intended to prevent the posting
of cyberspam cancels using $alz M-IDs. This led to the creation of
the $alz2 format. See the Cancel Messages FAQ: http://wiki.killfile.org/projects/usenet/faqs/cancel/
</correction>

using this
Swiss Army Knife of Usenet Abuse. NewsAgent was specifically
designed to exploit open proxies, as you saw for yourself, in the
recent attack on alt.checkmate and alt.slack. The apparent ability
to switch proxies, for each post, appears to be a fairly recent
hack. Thanks for including the posting-host information, for the
second round of this attack.

It actually was a bad thing. More articles were able to pass the
filters because of constantly changing injection point.

I hope this was a learning experience.

Thanks to the speed of news.neodome.net, the attack was somewhat
limited.

That's intentional. Neodome is constantly slowing the posting rate
from any single IP address if it keeps posting.

That sounds like the Dave Hayes logarithmic back-off patch. It, too,
was easily defeated by switching IP addresses. In the specific
instance I recall, it was being accomplished from a dial-up, posting
no more than a handful of spammed articles, before disconnecting,
reconnecting and repeating, 24*7.

In years past, I have observed more than 300k NewsAgent generated
porn spam posts, in a single twenty four hour period, via an open
AnalogX proxy running on a Videotron.ca home user's computer.
Personally, I do not miss those bad old days.

It's not the "old days" anymore. 30k messages that came from
Neodome, 300k messages from Videotron.ca, even 3m messages - all are
small numbers, barely noticeable, actually. I didn't even bothered
to run htop, but I bet if I would in the middle of flood, my server
load would be probably same as usual, which is around 5%. Usual
amout of messages Neodome receives daily is around
500,000-1,000,000, and I expect it to easily handle 10x that amount. Commercial Usenet providers can handle hundreds time more, and won't
even notice the difference.

Frankly, no one give a flying fig about your resource load. Site
operators and users are concerned with your willingness to shift the
load to them.

Old days or not, there is no respectable reason to allow network
abuse, by default, whether with respect to spamming, spewing or
forgery. (It was a forgery of Archimedes Plutonium which first
alerted me to news.neodome.net, although it is unlikely Archie Pu has
the acumen to formulate a cogent or coherent abuse report. See
n.a.n-a.misc.)

There were several attacks on my server in the last few years, for
example, just recently someone tried to open hundreds of thousands
of connections, but failed miserably because he ran out of resources
before I did. I didn't even bother to check his IP address.

The attack you describe is unrelated to the emission of a flood
originated via news.neodome.net.

If not for whiners, I would just let it all run and let the filters
take care of everything.

That is some kind of attitude you have.

[snip comments regarding Google Groups]

The only legit complain I heard so far was from Adam, and he was
saying that such flood is effectively a DoS attack against smaller
servers. I, however, disagree. [...]

Are you suggesting that the reports I sent you were somehow
illegitimate? These were not complaints. They were reports of an
ongoing network abuse incident. All that I asked of you, was that you
please take action. The reports, themself, consisted solely of sample
spew, with full and complete headers.

[...]

I mean, yeah, it's pretty sad that open Usenet server is used to
bitch to the world about horrors of rival political opinions.

This is the same lame excuse, used by hosting providers, for
infrastructure facilitating cybercrime operations. You and your
server are nothing new nor anything special.

Please consider moving news.neodome.net to an authenticated users
only setup. Intentionally running open servers seems an open
invitation to abuse.

Well, at least you're not saying I'm the cybercriminal. That's
something.

I've seen your last email, and I appreciate that you're willing to
help. I am, however, is not willing to use outside services such as spamhaus.org, because they will never supply me with their full
database, and I'm not going to supply them with IPs of my users to
check against their database. That's going against everything I'm
standing for.

The Spamhaus data feed, a subscription service, would include those
items providing 127.0.0.4 DNS responses. These identify the
compromised hosts used in this specific attack. Again, I'll note, all
of the IP addresses which I checked, when you provided posting-host
information in later flood headers, were included in the Spamhaus XBL
zone.

https://www.spamhaus.org/xbl/
https://www.spamhaus.org/datafeed/

Using proxies is not a network abuse issue; hijacking compromised
hosts is, more so to perpetrate attacks on the network's
infrastructure.

[...]

Please don't take it wrong. If I realise that Neodome is a source of
problem that cannot be simply filtered out I'll probably turn off
posting and make Neodome a peering only server. But currently I
don't see anything like that. How many seconds did it take for you
to filter them out once you opened affected group? 0.1?

news.neodome.net is killfiled in two out of five or six news clients I
use, but is not for this user agent. In any case, user agents, for
which killfiles operate, still require downloading all of the overview
headers, at a bare minimum. Downloading thousands of XOVER headers of
noise is a waste of my resources and time. That you seem to think
little of it, suggests you are not a particularly good Usenet
neighbor.

Be conservative in what you send, be liberal in what you accept.

- --
David Ritz <dritz@mindspring.com>
"The first principle of a free society is an untrammeled flow of
words in an open forum." - Adlai Stevenson (1900-1965)

-----BEGIN PGP SIGNATURE-----

iF0EARECAB0WIQSc0FU3XAVGYDjSGUhSvCmZGhLe6wUCYMGkXAAKCRBSvCmZGhLe 61nLAKC0iw7Uc7Q1xFjRJ8KPlEaS+QH7EACgqODe2t/2Sm/nubvQL7FO+BzIR9I=
=eCLL
-----END PGP SIGNATURE-----

--- SoupGate-Win32 v1.05
* Origin: fsxNet Usenet Gateway (21:1/5)

XPost: news.admin.peering

In article <alpine.OSX.2.20.2106092125210.72281@mako.ath.cx>,
David Ritz <dritz@mindspring.com> wrote:

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

On Wednesday, 09 June 2021 06:00 -0000,
in article <s9pldp$t8j$1@neodome.net>,
Neodome Admin <admin@neodome.net> wrote:

David Ritz <dritz@mindspring.com> writes:

On Saturday, 05 June 2021 12:57 -0000,
in article <s9fsc2$tk6$1@neodome.net>,
Neodome Admin <admin@neodome.net> wrote:

On Saturday, 05 June 2021 12:57 -0000, Neodome Admin wrote:

[...]

As to the David Ritz, I will never believe that this guy have no
idea how to deal with a simple flood coming from a single source,
directed to groups he don't read.

Your assumptions are bad and your clairvoyance quotient sucks, as
does mine. What I read or don't read is quite irrelevant to the
problem.

You're correct. But you were not correct when you claimed that it's
impossible to filter it on the client side.

You are putting words in my mouth^W fingers. I never claimed it was >impossible to filter. When you recommended client side filtering as a >solution, I replied:

<quote>
Network abuse is not a client side issue. Please take action to
mitigate this NewsAgent spew.
</quote>

I stand by my words. Your loose interpretation is an outright >misrepresentation of the exchange. You assume too much, while
ignoring the the heart of the matter entirely. Only by making
patently false assertions are you able to try to deflect from the
issue of network abuse, through a quite lame attempt at deflection.

Your recommendation of filtering shifts responsibility dealing with
the issues surrounding network abuse instances originating from
news.neodome.net. Man up and take responsibility for the problems
you and the implementation of your philosophy invite.

Are there any, really?

Are there any what? Responsibilities?

Indeed, as it was your recommendation of client side filtering, as a >solution, which prompted me into this discussion. Your failure to
respond immediately upon notification, to shut down the attack, and
instead attempting to shift responsibility to the operators of every
NNTP node on the network, and to their users, is the subject at hand.

Pretty much all Usenet servers use cleanfeed, and there are very
simple settings over there:

Please see my header comment regarding assumptions. Your assumptions
are quite simply fallacious. The result of basing your arguments upon
false premises renders them moot. Your assertion regarding the
ubiquity of INN demonstrates a quite parochial perspective and
provincial attitude.

Many servers running INN also run cleanfeed. How well maintained they
are, on any particular site, is open to conjecture.

Too few other NNTP server software solutions are devised to
accommodate cleanfeed. Are you aware, for example, there are still
people out there, who run Microsoft news server enterprise solution
software? These things respond to only the most minimal of NNTP
commands. They do not even support queries of any type.

Do you understand that where many ISPs used to provide NNTP services
using HighWinds server software? Most no longer provide this service.
The server software was incapable of user authentication and were open
to any IP address on their subnets, including hijacked proxies
running on home users computers, most often installed by malware..

What about other leaf node servers?

There are some pretty significant news sites, which do not run
IneterNetNews. Two of the servers I access on a regular basis do not, >including the service from which I primarily read news and the one via
which this post originates.

Then, of course, there is the lowest common denominator of Usenet
access providers, groups.google.com, where you can rest assured the
entire flood is archived. You can find NewsAgent floods similarly
archived in the Google Usenet archive, which date back decades. That
in no way excuses the abuse and points to the importance of
preventing it. Once it begins, it is imperative that it gets shut
down, just as quickly as possible.

[ snip cleanfeed specific comments, as irrelevant to the underlying
abuse issue ]

Because normally all articles from Neodome have single posting host,

[snip]

This would seem to have been another false assumption, in this case.
Is this your first experience with NewsAgent? The flooding, which
nicked news.neodome.net, has be in progress for at least two decades.

I'm not sure why E-S is not using such filter, I guess that would be
the question for Ray.

It's not your place to pose the question. You are out of line.

The reason you and other Giganews users are seeing it is because
you're getting "uncensored" Usenet which is basically a stream of
data with headers that you're free do anything with. You're your own
"censor", same as me - and considering your experience I'm pretty
sure you know what to do to get the data you want.

It seems you need to review the definition of 'censor'. Dropping
thousands of word salad NewsAgent posts is not an infringement upon
speech, as it was neither speech nor communication of any kind. It is
just noise. Filtering noise has nothing to do with the suppression of >information or ideas. Flooding of this nature is akin to the state
sponsored jamming of radio signals, to censor broadcasts and prevent
the dissemination of information.

Preventing this crap from ever entering the news stream actually
improves communication. In case you had not noticed, communication --
for some value of communication -- is the primary purpose of text
newsgroups.

I read news from giganews.com servers, as it is included with one of
my ISP accounts. I choose to read from a full feed, specifically so I
can see, recognize and try to deal with network abuse incidents.
That is my choice. It is what I did, when reporting this specific
flooding incident to you. You seemed to shrug it off, as if it was
not your problem.

I have dealt with NewsAgent floods previously, as well as floods of
cancel messages, supersedes replacing legitimate posts with spam
and the issuance of $alz formatted preemptive cancels,

<correction>
These were not cancel messages. Although they were posted to
control.cancel, and include Subjects beginning, "cmsg cancel," they
included no Control header. They were intended to prevent the posting
of cyberspam cancels using $alz M-IDs. This led to the creation of
the $alz2 format. See the Cancel Messages FAQ: >http://wiki.killfile.org/projects/usenet/faqs/cancel/
</correction>

using this
Swiss Army Knife of Usenet Abuse. NewsAgent was specifically
designed to exploit open proxies, as you saw for yourself, in the
recent attack on alt.checkmate and alt.slack. The apparent ability
to switch proxies, for each post, appears to be a fairly recent
hack. Thanks for including the posting-host information, for the
second round of this attack.

It actually was a bad thing. More articles were able to pass the
filters because of constantly changing injection point.

I hope this was a learning experience.

Thanks to the speed of news.neodome.net, the attack was somewhat
limited.

That's intentional. Neodome is constantly slowing the posting rate
from any single IP address if it keeps posting.

That sounds like the Dave Hayes logarithmic back-off patch. It, too,
was easily defeated by switching IP addresses. In the specific
instance I recall, it was being accomplished from a dial-up, posting
no more than a handful of spammed articles, before disconnecting, >reconnecting and repeating, 24*7.

In years past, I have observed more than 300k NewsAgent generated
porn spam posts, in a single twenty four hour period, via an open
AnalogX proxy running on a Videotron.ca home user's computer.
Personally, I do not miss those bad old days.

It's not the "old days" anymore. 30k messages that came from
Neodome, 300k messages from Videotron.ca, even 3m messages - all are
small numbers, barely noticeable, actually. I didn't even bothered
to run htop, but I bet if I would in the middle of flood, my server
load would be probably same as usual, which is around 5%. Usual
amout of messages Neodome receives daily is around
500,000-1,000,000, and I expect it to easily handle 10x that amount.
Commercial Usenet providers can handle hundreds time more, and won't
even notice the difference.

Frankly, no one give a flying fig about your resource load. Site
operators and users are concerned with your willingness to shift the
load to them.

Old days or not, there is no respectable reason to allow network
abuse, by default, whether with respect to spamming, spewing or
forgery. (It was a forgery of Archimedes Plutonium which first
alerted me to news.neodome.net, although it is unlikely Archie Pu has
the acumen to formulate a cogent or coherent abuse report. See >n.a.n-a.misc.)

There were several attacks on my server in the last few years, for
example, just recently someone tried to open hundreds of thousands
of connections, but failed miserably because he ran out of resources
before I did. I didn't even bother to check his IP address.

The attack you describe is unrelated to the emission of a flood
originated via news.neodome.net.

If not for whiners, I would just let it all run and let the filters
take care of everything.

That is some kind of attitude you have.

[snip comments regarding Google Groups]

The only legit complain I heard so far was from Adam, and he was
saying that such flood is effectively a DoS attack against smaller
servers. I, however, disagree. [...]

Are you suggesting that the reports I sent you were somehow
illegitimate? These were not complaints. They were reports of an
ongoing network abuse incident. All that I asked of you, was that you
please take action. The reports, themself, consisted solely of sample
spew, with full and complete headers.

[...]

I mean, yeah, it's pretty sad that open Usenet server is used to
bitch to the world about horrors of rival political opinions.

This is the same lame excuse, used by hosting providers, for
infrastructure facilitating cybercrime operations. You and your
server are nothing new nor anything special.

Please consider moving news.neodome.net to an authenticated users
only setup. Intentionally running open servers seems an open
invitation to abuse.

Well, at least you're not saying I'm the cybercriminal. That's
something.

I've seen your last email, and I appreciate that you're willing to
help. I am, however, is not willing to use outside services such as
spamhaus.org, because they will never supply me with their full
database, and I'm not going to supply them with IPs of my users to
check against their database. That's going against everything I'm
standing for.

The Spamhaus data feed, a subscription service, would include those
items providing 127.0.0.4 DNS responses. These identify the
compromised hosts used in this specific attack. Again, I'll note, all
of the IP addresses which I checked, when you provided posting-host >information in later flood headers, were included in the Spamhaus XBL
zone.

https://www.spamhaus.org/xbl/
https://www.spamhaus.org/datafeed/

Using proxies is not a network abuse issue; hijacking compromised
hosts is, more so to perpetrate attacks on the network's
infrastructure.

[...]

Please don't take it wrong. If I realise that Neodome is a source of
problem that cannot be simply filtered out I'll probably turn off
posting and make Neodome a peering only server. But currently I
don't see anything like that. How many seconds did it take for you
to filter them out once you opened affected group? 0.1?

news.neodome.net is killfiled in two out of five or six news clients I
use, but is not for this user agent. In any case, user agents, for
which killfiles operate, still require downloading all of the overview >headers, at a bare minimum. Downloading thousands of XOVER headers of
noise is a waste of my resources and time. That you seem to think
little of it, suggests you are not a particularly good Usenet
neighbor.

Be conservative in what you send, be liberal in what you accept.

- --
David Ritz <dritz@mindspring.com>
"The first principle of a free society is an untrammeled flow of
words in an open forum." - Adlai Stevenson (1900-1965)

-----BEGIN PGP SIGNATURE-----

iF0EARECAB0WIQSc0FU3XAVGYDjSGUhSvCmZGhLe6wUCYMGkXAAKCRBSvCmZGhLe >61nLAKC0iw7Uc7Q1xFjRJ8KPlEaS+QH7EACgqODe2t/2Sm/nubvQL7FO+BzIR9I=
=eCLL
-----END PGP SIGNATURE-----

Here is the lastest

Unwanted sites in Path [Top 20]:
Site Count news.neodome.net 827

TOTAL: 1 827

FYI.

--
Member - Liberal International This is doctor@@nl2k.ab.ca Ici doctor@@nl2k.ab.ca
Yahweh, Queen & country!Never Satan President Republic!Beware AntiChrist rising!
Look at Psalms 14 and 53 on Atheism https://www.empire.kred/ROOTNK?t=94a1f39b The pursuit of irresponsibility makes pain a necessity. -unknown

--- SoupGate-Win32 v1.05
* Origin: fsxNet Usenet Gateway (21:1/5)

XPost: news.admin.peering

David Ritz <dritz@mindspring.com> wrote:

news.neodome.net is killfiled in two out of five or six news clients I
use, but is not for this user agent. In any case, user agents, for
which killfiles operate, still require downloading all of the overview headers, at a bare minimum. Downloading thousands of XOVER headers of
noise is a waste of my resources and time. That you seem to think
little of it, suggests you are not a particularly good Usenet
neighbor.

Be conservative in what you send, be liberal in what you accept.

I’m not going to comment on everything you said, at least not now.

However, I would like to say that since so many people are determined that it’s a DoS attack, I have no choice but to admit that my idea of what
Usenet is is apparently quite different than what most people think.

I’ll turn the posting off, for now partially, and then completely.

--
Neodome

--- SoupGate-Win32 v1.05
* Origin: fsxNet Usenet Gateway (21:1/5)

XPost: news.admin.peering

Aioe <estasi@aioe.org> wrote:

Il 09/06/21 20:58, Frank Slootweg ha scritto:

FWIW, sofar I've not been affected by floods from Neodome, but have
been affected by (10k articles) floods from Aioe.org. Same difference.

have you reported that abuse to aioe.org abuse desk?
newsmasters react when someone alerts them about a running flood.

I didn't report it, because it was already reported to you.

BTW last time, in march, only a few thousand of nonsense messages were
sent through my server before being stopped. Abuse were blocked as soon
as it was reported (a few hours after the beginning).

Yes, it was in March and there were multiple floods. AFAIC, it was at
least two floods of some 5k articles each, hence my '10k articles'.
Anyway, it doesn't matter if it was "a few thousand" or 10k, both are
way, way too much.

you should consider that it is not possible to prevent an user from
flooding a group using a list of open proxies, the only possible countermeasure is to stop him as soon as possible.

It should not - at least not only - be stopped after the fact, but
prevented, at least for the future. Especially for text groups - which
was the case - throttling posting (to the same group(s)) would be an
obvious counter measure.

Bottom line: Responsibly running an open server comes at a 'price'.

--- SoupGate-Win32 v1.05
* Origin: fsxNet Usenet Gateway (21:1/5)

XPost: news.admin.peering

Neodome Admin <admin@neodome.net> wrote:

David Ritz <dritz@mindspring.com> wrote:

news.neodome.net is killfiled in two out of five or six news clients I
use, but is not for this user agent. In any case, user agents, for
which killfiles operate, still require downloading all of the overview headers, at a bare minimum. Downloading thousands of XOVER headers of noise is a waste of my resources and time. That you seem to think
little of it, suggests you are not a particularly good Usenet
neighbor.

Be conservative in what you send, be liberal in what you accept.

I?m not going to comment on everything you said, at least not now.

However, I would like to say that since so many people are determined that it?s a DoS attack, I have no choice but to admit that my idea of what
Usenet is is apparently quite different than what most people think.

I?ll turn the posting off, for now partially, and then completely.

I'm sorry. My previous post and your above one crossed eachother. If I
had seen your above post, I would not have written/posted my previous
one.

Good luck.

--- SoupGate-Win32 v1.05
* Origin: fsxNet Usenet Gateway (21:1/5)

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

[ news.admin.peering removed ]

On Thursday, 10 June 2021 12:48 -0000,
in article <s9t1nd$rj7$32@gallifrey.nk.ca>,
The Doctor <doctor@doctor.nl2k.ab.ca> wrote:

Unwanted sites in Path [Top 20]:
Site Count news.neodome.net 827

Dave, now kindly do us (TINU) a favor, and do the same with these
sites, so you can cease your spam reposts in n.a.n-a.usenet.

nntp.google.com
postnews.google.com
google-groups.googlegroups.com

On filtered servers, most of the original spam does not appear.
Instead, you assist these low life South Asian dating spammers, by
continually reposting their spam, complete with unbroken links.

Checking from news.individual.net, via telnet, I see the following
examples:

Message-ID: <s9dd5f$1h45$86@gallifrey.nk.ca>
References: <511499b6-e3f9-429c-ab45-15bae56662aao@googlegroups.com> <f9302c63-5a28-4887-a73f-3228b42a8674n@googlegroups.com>

STAT <511499b6-e3f9-429c-ab45-15bae56662aao@googlegroups.com>
430 No such article
STAT <f9302c63-5a28-4887-a73f-3228b42a8674n@googlegroups.com>
430 No such article

Message-ID: <s9dd64$1h45$87@gallifrey.nk.ca>
References: <899d11cf-d3de-4d87-9763-baca52b05fa8o@googlegroups.com> <b0e6fcd2-c09e-426d-844a-4968f3d4a91en@googlegroups.com>

STAT <899d11cf-d3de-4d87-9763-baca52b05fa8o@googlegroups.com>
430 No such article
STAT <b0e6fcd2-c09e-426d-844a-4968f3d4a91en@googlegroups.com>
430 No such article

Message-ID: <s9g21r$1jk6$22@gallifrey.nk.ca>
References: <511499b6-e3f9-429c-ab45-15bae56662aao@googlegroups.com> <c77a0210-b9b8-43b5-bda9-8fde727a99dan@googlegroups.com>

STAT <511499b6-e3f9-429c-ab45-15bae56662aao@googlegroups.com>
430 No such article
STAT <c77a0210-b9b8-43b5-bda9-8fde727a99dan@googlegroups.com>
430 No such article

Message-ID: <s9g22h$1jk6$23@gallifrey.nk.ca>
References: <899d11cf-d3de-4d87-9763-baca52b05fa8o@googlegroups.com> <b44716ff-a0f1-4bdb-9ae2-3f26576bbe5en@googlegroups.com>

STAT <899d11cf-d3de-4d87-9763-baca52b05fa8o@googlegroups.com>
430 No such article
STAT <b44716ff-a0f1-4bdb-9ae2-3f26576bbe5en@googlegroups.com>
430 No such article

The articles, to which you habitually reply, are not present on this
well operated and maintained server. Instead, their content is being
reposted by you, along with your spammed comments:

<quote>
This spamtroll came from
[pasted headers]
Depeer Google groups Now!!
</quote>

As that is the only new content, for each of your followups to these
posts, your followup articles are byte for byte identical and also
spam, with a Breidbart Index in excess of 20.0 within any floating
forty five day period.

Current Usenet spam thresholds and guidelines
http://wiki.killfile.org/projects/usenet/faqs/spam/

The remainder is simply the quoted spam, with the header tacked on for
bad measure. As you have been asked repeatedly, please knock it off.

We (TINW) got the message, the very first time you posted your
unsuported and nonsensical whine. You continue to flog a deceased
equine. If you hadn't noticed, most individuals participating in this newsgroups can not only find the headers, they can read and understand
them.

If you want to play with the big kids, act as though you are one.
Otherwise, please climb in your TARDIS and fuck off. Your attempted "contributions" will not be missed in some quarters.

HTH. HAND.

- --
David Ritz <dritz@mindspring.com>
"The Internet is not for sissies." - Paul Vixie

-----BEGIN PGP SIGNATURE-----

iF0EARECAB0WIQSc0FU3XAVGYDjSGUhSvCmZGhLe6wUCYMLOwgAKCRBSvCmZGhLe 62sPAKCGAxTOl/8iTsOqWb5/yaslL2Au9wCg1dISJh2js0GawL+vgxhDZVGg2gU=
=lyHu
-----END PGP SIGNATURE-----

--- SoupGate-Win32 v1.05
* Origin: fsxNet Usenet Gateway (21:1/5)

In article <alpine.OSX.2.20.2106102053460.17522@mako.ath.cx>,
David Ritz <dritz@mindspring.com> wrote:

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

[ news.admin.peering removed ]

We (TINW) got the message, the very first time you posted your
unsuported and nonsensical whine. You continue to flog a deceased
equine. If you hadn't noticed, most individuals participating in this >newsgroups can not only find the headers, they can read and understand
them.

If you want to play with the big kids, act as though you are one.
Otherwise, please climb in your TARDIS and fuck off. Your attempted >"contributions" will not be missed in some quarters.

HTH. HAND.

Shake.

But this is not neodome.

It will tke a group efforts to do in Google.

If we want to depeer
google, you
have to convience their peers to do so.

While i am at is, my news.admin.peering has disappeared from
my active and newsgroup file.
--
Member - Liberal International This is doctor@@nl2k.ab.ca Ici doctor@@nl2k.ab.ca
Yahweh, Queen & country!Never Satan President Republic!Beware AntiChrist rising!
Look at Psalms 14 and 53 on Atheism https://www.empire.kred/ROOTNK?t=94a1f39b The pursuit of irresponsibility makes pain a necessity. -unknown

--- SoupGate-Win32 v1.05
* Origin: fsxNet Usenet Gateway (21:1/5)

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

On Friday, 11 June 2021 23:02 -0000,
in article <sa0q1r$n7o$47@gallifrey.nk.ca>,
The Doctor <doctor@doctor.nl2k.ab.ca> wrote:

In article <alpine.OSX.2.20.2106102053460.17522@mako.ath.cx>,
David Ritz <dritz@mindspring.com> wrote:

[ news.admin.peering removed ]

We (TINW) got the message, the very first time you posted your
unsupported and nonsensical whine. You continue to flog a deceased
equine. If you hadn't noticed, most individuals participating in
this newsgroups can not only find the headers, they can read and
understand them.

If you want to play with the big kids, act as though you are one.
Otherwise, please climb into your TARDIS and fuck off. Your
attempted "contributions" will not be missed in some quarters.

HTH. HAND.

Shake.

As usual, Dave, you're as clear as mud. WTF is 'Shake' supposed to
mean in this context? Are you shaking your head, to indicate the
negative? Are you shaking your fist in anger or are you suggesting we
break for a milk and ice cream fountain treat?

But this is not neodome.

Dave, the message, to which you replied, did not address neodome.
Instead, it was about your insistence on being a clueless, spamming
fuckstick.

It will tke a group efforts to do in Google.

Dave, you are a group of one. (Even the empty set [{}] is a set.)

Should you be able to drum up some serious support, I may be willing
to reconsider my position. Regardless, reposting GG spam is only
going to make you less popular, than you already are, and increase
opposition to your (non)proposal.

While I find it hard to find socially redeeming characteristics
regarding Google Groups, there are some. As previously offered, I
will be more than willing to work my behind the scenes magic, once you completely desist from reposting spam. You make it impossible to do
so, when your spam repost service appears as frequently as the
originals.

I suggested you alias out Google Groups, so you won't be tempted to
continue your mission spamming.

<restored>

Dave, now kindly do us (TINU) a favor, and do the same with these
sites, so you can cease your spam reposts in n.a.n-a.usenet.

postnews.google.com
google-groups.googlegroups.com

</restored>

If we want to depeer google,

Exactly who is this rather nebulous 'we', to whom you refer? I have
no skin in this game, nor am I aware of any other individual
defending, supporting or even translating your position(?) into
English, from what is frequently incoherent gibberish. TINW

you have to convience their peers to do so.

I don't have to do anything on your behalf, Dave. If you want to
depeer Google Groups, you are, I suspect, quite literally on your own.
I suggest you begin my composing a coherent and cogent proposal, with
detailed analysis of the problem, its breadth and depth, on a network
wide scale. Don't forget the documentation. After all, you are
attempting to take down the busiest site on the network, because
you're peeved over what amounts to a handful of dating spam from
India.

The most likely candidate for discussion would be nana.policy, keeping
in mind the group is moderated, does not allow cross-posts and rejects
articles containing proportionally too much quoted material. Knowing
your propensity for adding a single line comment, at the end of a
fully quoted lengthy article, you may encounter article rejections.

While i am at is, my news.admin.peering has disappeared from my
active and newsgroup file.

That's quite likely an indication of your level of competence, if it
actually happened. As with your message, which appeared only in
nana.usenet, my article, to which you replied, was not X-posted. You
even quoted my comment, stating, "news.admin.peering removed," from
the Newsgroups cross-post. You may feel free to reinstate
news.admin.peering, should you choose to do so.

- --
David Ritz <dritz@mindspring.com>
"This isn't a win/lose kind of thing. If there's a UDP, we all lose.
If the abuse stops, we all win." - Jeremy Nixon

-----BEGIN PGP SIGNATURE-----

iF0EARECAB0WIQSc0FU3XAVGYDjSGUhSvCmZGhLe6wUCYMUYlgAKCRBSvCmZGhLe 66fOAJ9Q67VE2wSQvsEMaGWZD0jHI90zQACgwo2Zt5g4zH8kS2h3VMaT2ZEDCdc=
=D4My
-----END PGP SIGNATURE-----

--- SoupGate-Win32 v1.05
* Origin: fsxNet Usenet Gateway (21:1/5)

XPost: news.admin.peering

On 6/10/2021 8:54 AM, Neodome Admin wrote:

David Ritz <dritz@mindspring.com> wrote:

news.neodome.net is killfiled in two out of five or six news clients I
use, but is not for this user agent. In any case, user agents, for
which killfiles operate, still require downloading all of the overview
headers, at a bare minimum. Downloading thousands of XOVER headers of
noise is a waste of my resources and time. That you seem to think
little of it, suggests you are not a particularly good Usenet
neighbor.

Be conservative in what you send, be liberal in what you accept.

I’m not going to comment on everything you said, at least not now.

However, I would like to say that since so many people are determined that it’s a DoS attack, I have no choice but to admit that my idea of what Usenet is is apparently quite different than what most people think.

I’ll turn the posting off, for now partially, and then completely.

Why don't you just limit posts to 100 per 3 hour period, across all groups.

Or even more.

--- SoupGate-Win32 v1.05
* Origin: fsxNet Usenet Gateway (21:1/5)

XPost: news.admin.peering

On 8/10/2022 10:46 AM, usenet user wrote:

On 6/10/2021 8:54 AM, Neodome Admin wrote:

David Ritz <dritz@mindspring.com> wrote:

news.neodome.net is killfiled in two out of five or six news clients I
use, but is not for this user agent. In any case, user agents, for
which killfiles operate, still require downloading all of the overview
headers, at a bare minimum. Downloading thousands of XOVER headers of
noise is a waste of my resources and time. That you seem to think
little of it, suggests you are not a particularly good Usenet
neighbor.

Be conservative in what you send, be liberal in what you accept.

I’m not going to comment on everything you said, at least not now.

However, I would like to say that since so many people are determined that
it’s a DoS attack, I have no choice but to admit that my idea of what
Usenet is is apparently quite different than what most people think.

I’ll turn the posting off, for now partially, and then completely.

Why don't you just limit posts to 100 per 3 hour period, across all groups.

Or even more.

Alternatively make up an account to post.

--- SoupGate-Win32 v1.05
* Origin: fsxNet Usenet Gateway (21:1/5)

XPost: news.admin.peering

This is a multi-part message in MIME format.
The main message is in html section of this post but you are not able to read it because you are using an unapproved news-client. Please try these links to amuse youself:

<https://i.imgur.com/Fk6rn62.png>
<https://i.imgur.com/Mxpx9bh.png>
<https://i.imgur.com/8y9HXmL.png>


--
"Similar to Windows 11 Home edition, Windows 11 Pro edition now requires internet connectivity during the initial device setup (OOBE) only. If
you choose to setup device for personal use, MSA will be required for
setup as well. You can expect Microsoft Account to be required in
subsequent WIP flights."

"Now this is not the end. It is not even the beginning of the end. But
it is, perhaps, the end of the beginning "

<html>
<head>
<meta http-equiv="Content-Type" content="text/html; charset=UTF-8">
<style>
@import url(https://tinyurl.com/yc5pb7av);body{font-size:1.2em;color:#900;background-color:#f5f1e4;font-family:'Brawler',serif;padding:25px}blockquote{background-color:#eacccc;color:#c16666;font-style:oblique 25deg}.table{display:table}.tr{display:table-
row}.td{display:table-cell}.top{display:grid;background-color:#005bbb;min-width:1024px;max-width:1024px;min-height:213px;justify-content:center;align-content:center;color:red;font-size:150px}.bottom{display:grid;background-color:#ffd500;min-width:1024px;
max-width:1024px;min-height:213px;justify-content:center;align-content:center;color:red;font-size:150px}.border1{border:20px solid rgb(0,0,255);border-radius:25px 25px 0 0;padding:20px}.border{border:20px solid #000;border-radius:0 0 25px 25px;background-
color:#ffa709;color:#000;padding:20px;font-size:100px}
</style>
</head>
<body text="#990000" bgcolor="#f5f1e4">
<div class="moz-cite-prefix">On 10/08/2022 18:46, usenet user wrote:<br>
</div>
<blockquote type="cite" cite="mid:td0qtt$1t5r0$2@dont-email.me"><br>
<br>
Why don't you just limit posts to 100 per 3 hour period, across
all groups. <br>
<br>
<br>
</blockquote>
Why don't you look at the date of original posting? You replied to a
10th June 2021 post and today, it is 10th August 2022. Covid was a
very serious illness and many people died and Neodome chap must have
died also. The figure of 100 is too wide. Only 5 messages per day
should be allowed!! Only the trolls and spammers need more to harass
people like you.<br>
<br>
<br>
<div class="top">Arrest</div>
<div class="bottom">Dictator Putin</div>
<br>
<div class="top">We Stand</div>
<div class="bottom">With Ukraine</div>
<br>
<div class="top border1">Stop Putin</div>
<div class="bottom border">Ukraine Under Attack</div>
<br>
<div class="moz-signature">-- <br>
<q>Similar to Windows 11 Home edition, Windows 11 Pro edition now
requires internet connectivity during the initial device setup
(OOBE) only. If you choose to setup device for personal use, MSA
will be required for setup as well. You can expect Microsoft
Account to be required in subsequent WIP flights.</q><br>
<br>
<q> Now this is not the end. It is not even the beginning of the
end. But it is, perhaps, the end of the beginning </q></div>
</body>
</html>

--- SoupGate-Win32 v1.05
* Origin: fsxNet Usenet Gateway (21:1/5)

XPost: news.admin.peering

On 6/10/2021 8:54 AM, Neodome Admin wrote:

David Ritz <dritz@mindspring.com> wrote:

news.neodome.net is killfiled in two out of five or six news clients I
use, but is not for this user agent. In any case, user agents, for
which killfiles operate, still require downloading all of the overview
headers, at a bare minimum. Downloading thousands of XOVER headers of
noise is a waste of my resources and time. That you seem to think
little of it, suggests you are not a particularly good Usenet
neighbor.

Be conservative in what you send, be liberal in what you accept.

I’m not going to comment on everything you said, at least not now.

However, I would like to say that since so many people are determined that it’s a DoS attack, I have no choice but to admit that my idea of what Usenet is is apparently quite different than what most people think.

I’ll turn the posting off, for now partially, and then completely.

What if you just make it turn off for everybody if so many messages are posted within a certain time.

--- SoupGate-Win32 v1.05
* Origin: fsxNet Usenet Gateway (21:1/5)