Usenet Explorer

Forums
It is currently Thu Nov 15, 2018 6:39 am

All times are UTC




Post new topic Reply to topic  [ 3 posts ] 
Author Message
 Post subject: New sporge attack
PostPosted: Mon Sep 13, 2004 6:34 am 

Joined: Thu Feb 05, 2004 7:14 pm
Posts: 3
Hi, I've been using NewsPro for at least two years now, and thank you every day for it. In the last few days, however, there's been a "sporging" attack on alt.binaries.ibm-pc.0-day that totally confuses newspro. Compare the following two headers:

Header 1 - The correct one:
Subject: abwi0: Alead_Search_Engine_Builder_Pro_v1.86-PARADOX - "pdxsear.zip" (1/4) yEnc - 1 of 1
From: "aLiEn_Ink" <pdx@this.bot.is.a.crack-head.us>
Date: Sun, 12 Sep 2004 03:15:42 +0000
Lines: 3049
Newsgroups: alt.binaries.warez.ibm-pc.0-day
X-Complaints-To: abuse@newshosting.com
Organization: Splinter Cell Inc
Followup-To: alt.binaries.warez.ibm-pc.d,alt.binaries.warez.ibm-pc.fills
Message-ID: <2d4cf739ce5b72ea5869bb9e364b8cfd42@nntp1.splinter-cell.ushq>
X-Comment: BEWARE --> http://www.warezfaq.com is an BSA site.
X-Newsposter: SharkPost v1.0 Build 20030711.1
X-No-Archive: yes
Path: spool7-east!propagator-sterling!news-in.nuthinbutnews.com!feedeast.aleron.net!newshosting.com!nx02.iad01.newshosting.com!post01.iad01.newshosting.com!not-for-mail
Xref: 127.0.0.1 alt.binaries.warez.ibm-pc.0-day:695567

Header 2:
Subject: abwi0: Alead_Search_Engine_Builder_Pro_v1.86-PARADOX - "pdxsear.zip" (1/4) yEnc - 1 of 1
From: "aLiEn_Ink" <pdx@this.bot.is.a.crack-head.us> .
Date: Sun, 12 Sep 2004 03:15:42 +0000
Lines: 3049
Newsgroups: alt.binaries.warez.ibm-pc.0-day
X-Complaints-To: abuse@usenetserver.com
Path: internal1.nntp.dca.giganews.com!border2.nntp.dca.giganews.com!border1.nntp.dca.giganews.com!nntp.giganews.com!atl-c02.usenetserver.com!c03.atl99!news.usenetserver.com!fe37.usenetserver.com.POSTED!53ab2750!not-for-mail
Message-ID: <2d4cf739ce5b72ea5869bb9e364b8cfd42@233.65.241.45>
X-Abuse-Info: Please be sure to forward a copy of ALL headers
X-Abuse-Info: Otherwise we will be unable to process your complaint properly.
NNTP-Posting-Date: Sat, 11 Sep 2004 23:59:17 EDT
Xref: number1.nntp.dca.giganews.com alt.binaries.warez.ibm-pc.0-day:2607246

----------------------
Notice, that everything except the @xxx in the Message-ID in the fields I'm allowed to filter on in NewsPro is the same. Unfortunately, the @xxx is always different, so I can't even add a filter for that. What happens, then, is that in a 3 part attachment, I will actually have six messages. When NewsPro assembles them, it doesn't assemble them as two different, 3-part messages in chronological order, but rather as a single 3 part message which uses the latest 3-parts (the bad ones) rather than the earlier 3. Now, note that this is not a supercedes. Do you have any suggestions for how I might be able to filter this? Or, if my analysis is sound, can NewsPro change it's "auto-assemble" logic to account for this?

Thanks again for all your work.


Top
 Profile  
 
 Post subject:
PostPosted: Tue Sep 14, 2004 11:54 pm 

Joined: Thu Feb 05, 2004 7:14 pm
Posts: 3
Also, I'd like to point out that if you could just enable filtering on other fields, like say (X-Complaints-To:), this would be a non-issue. Is there any reason why you only allow filtering on the non X fields?

Thanks!


Top
 Profile  
 
 Post subject:
PostPosted: Fri Sep 17, 2004 5:02 pm 

Joined: Thu Feb 27, 2003 5:57 pm
Posts: 4382
you can filter by any field, the header kill filter is the "IS" filter, probably you forgot to add the trailing asterisk (in fact newspro compared full header line including CR LF in the end so the trailing asterisk was always needed, but starting with the version below it won't take CR LF into account so in principle you can just put the header line itself).

i added a check box in properties->articles, "additional article download kill filter heuristics", now it handles this specific attack (if there is something more let me know i'll try to handle it too, usenet is not well protected from such attacks).

so no need to change anything, just use the latest version.


Top
 Profile  
 
Display posts from previous:  Sort by  
Post new topic Reply to topic  [ 3 posts ] 

All times are UTC


You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot post attachments in this forum

Search for:
Jump to:  
cron
Powered by phpBB © 2000, 2002, 2005, 2007 phpBB Group