[Dxspider-support] **SPAM (10.2)** Re: F8DGY spammer ist back as F8SRX
Dirk Koopman
djk at tobit.co.uk
Mon Mar 23 16:06:25 CET 2020
I have thought about it. And come to the conclusion is it only of very
limited use and therefore probably not worth the effort. Here are some
scenarios:
* If set/badip is in force then it only works on nodes where that ip
(and/or subnet) are set. It could also filter incoming PC61s - but they
are in the minority. Which makes me wonder just how up to date
everybodies' software is.
* another problem is that I believe Orange's routers in France don't
keep their IP addresses for very long. So others users could be caught.
If one bans subnets or ASNs then every user in the Orange's Melun area -
likely much larger than just Melun itself - would be affected.
* none of this applies if he connects outside France (or Melun) or onto
a non-DXS node such as Dave K1TTT (as he currently seems to be).
I think, while I am "sheltering in place", I will add an option to
filter on regexes - I may have to restrict that with some sort of
privilege unless I can _reliably_ remove/prevent execution within regexes.
One could then do something like "rej/spot 9 input node_default regex
((?:\d+\s*DB|WPM){2}\s*C?Q?<+\w+[-_]*F8)" which should catch everything
in upper or lower case from:
'24DB16WPM<<_F8' to '16 WPM 24DB C <<<sDR___--- f8<any
characters>'
Anything that looks "automatic" (which may hit other modes) would just
be '"... regex ((?:\d+\s+DB|WPM){2}\s+CQ)".
If he gets more creative, then something like this: "... regex
((?:(?:\d+\s*(:?DB|WPM))|(:?(:?DB|WPM\)\s*\d+)){2}\s*C?Q?<+\w+[-_]*F8)
should cope with reversing "WPM 16 DB 24". But that would require more
work on his part to achieve. Mind you it will require me to get the
regex right in the first place, which can be a challenge (arcane
gobbledegook or what :-)
How does that sound?
Dirk G1TLH
On 23/03/2020 12:56, dd5xx--- via Dxspider-support wrote:
> 83.114.21.17 = lfbn-idf3-1-427-17.w83-114.abo.wanadoo.fr = ASN 3215
> Orange = Cable/DSL = Melun/France
> 92.170.169.241 = lfbn-idf3-1-1231-241.w92-170.abo.wanadoo.fr = ASN
> 3215 Orange = Cable/DSL = Melun/France
> 92.170.93.147 = also belongs to wanadoo ASN 3215 Orange
> you can block/ban the subnet block of that provider. Dirk (=DXspider
> developer) also is thinking about integrating an IP block mechanism
> for DXspider, something like "set/badip 1.2.3.4" or similar. Let's see
> if we get something like that in future to hopefully mitigate such
> spammers.
> *Gesendet:* Montag, 23. März 2020 um 13:39 Uhr
> *Von:* "stephen via Dxspider-support" <dxspider-support at tobit.co.uk>
> *An:* "The DXSpider Support list" <dxspider-support at tobit.co.uk>
> *Cc:* stephen <stephen at thebitbucket.ca>
> *Betreff:* [Dxspider-support] **SPAM (10.2)** Re: F8DGY spammer ist
> back as F8SRX
> Do we have e an IP address for him? I know it's only a temp measure
> but I would like to block him at the firewall.
> Stephen
> Sent from my Bell Samsung device over Canada's largest network.
> -------- Original message --------
> From: jarmo via Dxspider-support <dxspider-support at tobit.co.uk>
> Date: 2020-03-23 06:31 (GMT-07:00)
> To: dxspider-support at tobit.co.uk
> Cc: jarmo <oh1mrr at nic.fi>
> Subject: Re: [Dxspider-support] F8DGY spammer ist back as F8SRX
> Mon, 23 Mar 2020 12:09:54 +0100
> dd5xx--- via Dxspider-support <dxspider-support at tobit.co.uk> kirjoitti:
>
> > F8DGY is back with mass spamming the DX clusters! Here's a brief
> > command overview to mitigate this and block him on propagating his
> > spam activities. You just need to extend the BAN LIST like following
>
> This is again temporary solution. Think we all sysops should take
> REGISTRATION in use, BUT... Think that never happens, unless Dirk
> change new versions so, that there is no other choise.
> If you are not registered you can't send anything on cluster.
> Ofcourse, the best way would be, to find proper medication for
> F8DGY.
>
> Oh1mrr
>
> _______________________________________________
> Dxspider-support mailing list
> Dxspider-support at tobit.co.uk
> https://mailman.tobit.co.uk/mailman/listinfo/dxspider-support
> _______________________________________________ Dxspider-support
> mailing list Dxspider-support at tobit.co.uk
> https://mailman.tobit.co.uk/mailman/listinfo/dxspider-support
>
> _______________________________________________
> Dxspider-support mailing list
> Dxspider-support at tobit.co.uk
> https://mailman.tobit.co.uk/mailman/listinfo/dxspider-support
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://mailman.tobit.co.uk/pipermail/dxspider-support/attachments/20200323/e7072a75/attachment.htm>
More information about the Dxspider-support
mailing list