[Dxspider-support] F8DGY spammer ist back as F8SDR

Wed Mar 4 14:36:54 CET 2020

No, but I have been thinking about this. The problem is that a 
significant number of DSL lines still use dynamic addresses, even if 
they don't change very often - but they DO change. Remember also that 
IPV6 really is starting to take off and local address randomisation will 
also stop that working reliably.  Equally, with CIDR ranges this risks 
clobbering lots of unsuspecting people and - more importantly - risks me 
have to diagnose extremely infrequent "random" connection problems 
which, needless to say, I don't want to get into.

Interestingly, after I put out my suggestion of using badwords I haven't 
seen a spot from him.

I have another suggestion for badword based exclusions: set/badword wpmcq

This hits the 'WPM CQ' part of the comment of an RBN spot. Remember 
badwords target contiguous patterns not the bare word (regex is 
m{W+\s*P+\s*M+\s*C+\s*Q+}i) so it will match 'wwwWWPppp  Mmmm  CQqqq' as 
well as plain 'WPM CQ'.

What hacks me off about this, is that RBN spots have a '<spotterl>-#' 
pattern which is rejected as an invalid spot on an incoming user input,  
PC11 or PC61. For the same reason spots from DXS (which come out as 
'<spotter-@') are also rejected on input. This means that F8DGY is 
deliberately doing this - he has clearly written a script to strip off 
the '-#' and then injecting that now valid spot, automatically, into an 
unsuspecting node.

In the meantime I have added 'wpmcq' to my badwords list and we'll see 
a) whether it works and/or b) it stops F8DGY's antisocial behaviour. It 
will certainly slow him down if he connects to a DXSpider node as it 
will disconnect him "for swearing" after every 4th spot :-)

73 Dirk G1TLH

On 04/03/2020 11:29, dd5xx--- via Dxspider-support wrote:
> Hi Dirk,
> is there a command to block his IP address ? something like 
> "set/badipaddr 83.114.21.17"
> or even block a small range of his ISP address range (asking just out 
> of curiosity) "set/badipcidr 83.114.21.0\/24"
> *Gesendet:* Dienstag, 03. März 2020 um 23:38 Uhr
> *Von:* "Dirk Koopman via Dxspider-support" <dxspider-support at tobit.co.uk>
> *An:* "dd5xx--- via Dxspider-support" <dxspider-support at tobit.co.uk>
> *Cc:* "Dirk Koopman" <djk at tobit.co.uk>
> *Betreff:* Re: [Dxspider-support] F8DGY spammer ist back as F8SDR
> A suggestion, try: set/badword f8dgy
>
> I've had it running on gb7djk for a while, but it appears that he has
> stopped for the evening. This should stop any spots where he has signed
> his "work".
>
> Dirk G1TLH
>
> On 03/03/2020 18:33, dd5xx--- via Dxspider-support wrote:
> > which shows us that this strange guy is using various WAN connections
> > to pollute the DX cluster network:
> > 83.114.21.17 = lfbn-idf3-1-427-17.w83-114.abo.wanadoo.fr = ASN 3215
> > Orange = Cable/DSL = Melun/France
> > 92.170.169.241 = lfbn-idf3-1-1231-241.w92-170.abo.wanadoo.fr = ASN
> > 3215 Orange = Cable/DSL = Melun/France
> > 51.68.11.211 = gwc.cluster010.hosting.ovh.net = ASN 16276 which
> > belongs to ISP OVH SAS, obviously a virtual or root server hosted there
> > 89.94.146.92 = static-89-94-146-92.axione.abo.bbox.fr = ASN 5410
> > (Bouygues Telecom SA) = Cable/DSL = 87400 Saint-Leonard-de-Noblat,
> > Nouvelle-Aquitaine, France
> > I don't understand this guy, he is obviously disturbing the ham radio
> > community. He must have real problems in life. He knows he's
> > disturbing but continues his game. -facepalm-
>
>
> _______________________________________________
> Dxspider-support mailing list
> Dxspider-support at tobit.co.uk
> https://mailman.tobit.co.uk/mailman/listinfo/dxspider-support
>
> _______________________________________________
> Dxspider-support mailing list
> Dxspider-support at tobit.co.uk
> https://mailman.tobit.co.uk/mailman/listinfo/dxspider-support

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://mailman.tobit.co.uk/pipermail/dxspider-support/attachments/20200304/651f20f7/attachment.htm>