<html>
<head>
<meta http-equiv="Content-Type" content="text/html; charset=UTF-8">
</head>
<body>
<div class="moz-cite-prefix">I have thought about it. And come to
the conclusion is it only of very limited use and therefore
probably not worth the effort. Here are some scenarios:<br>
<br>
* If set/badip is in force then it only works on nodes where that
ip (and/or subnet) are set. It could also filter incoming PC61s -
but they are in the minority. Which makes me wonder just how up to
date everybodies' software is.<br>
* another problem is that I believe Orange's routers in France
don't keep their IP addresses for very long. So others users could
be caught. If one bans subnets or ASNs then every user in the
Orange's Melun area - likely much larger than just Melun itself -
would be affected. <br>
* none of this applies if he connects outside France (or Melun) or
onto a non-DXS node such as Dave K1TTT (as he currently seems to
be).<br>
<br>
I think, while I am "sheltering in place", I will add an option to
filter on regexes - I may have to restrict that with some sort of
privilege unless I can <u>reliably</u> remove/prevent execution
within regexes.<br>
<br>
One could then do something like "rej/spot 9 input node_default
regex ((?:\d+\s*DB|WPM){2}\s*C?Q?<+\w+[-_]*F8)" which should
catch everything in upper or lower case from:<br>
'24DB16WPM<<_F8' to '16 WPM 24DB C
<<<sDR___--- f8<any characters>'<br>
<br>
Anything that looks "automatic" (which may hit other modes) would
just be '"... regex ((?:\d+\s+DB|WPM){2}\s+CQ)".<br>
<br>
If he gets more creative, then something like this: "... regex
((?:(?:\d+\s*(:?DB|WPM))|(:?(:?DB|WPM\)\s*\d+)){2}\s*C?Q?<+\w+[-_]*F8)<br>
should cope with reversing "WPM 16 DB 24". But that would require
more work on his part to achieve. Mind you it will require me to
get the regex right in the first place, which can be a challenge
(arcane gobbledegook or what :-)<br>
<br>
How does that sound?<br>
<br>
Dirk G1TLH<br>
<br>
On 23/03/2020 12:56, dd5xx--- via Dxspider-support wrote:<br>
</div>
<blockquote type="cite"
cite="mid:trinity-4216c02d-b5f1-4edd-aebd-b82471a0c767-1584968183242@3c-app-webde-bs06">
<meta http-equiv="content-type" content="text/html; charset=UTF-8">
<div style="font-family: Verdana;font-size: 12.0px;">
<div>
<div>
<div> </div>
<div>
<div>83.114.21.17 =
lfbn-idf3-1-427-17.w83-114.abo.wanadoo.fr = ASN 3215
Orange = Cable/DSL = Melun/France</div>
<div> </div>
<div>92.170.169.241 =
lfbn-idf3-1-1231-241.w92-170.abo.wanadoo.fr = ASN 3215
Orange = Cable/DSL = Melun/France</div>
<div> </div>
<div>92.170.93.147 = also belongs to wanadoo ASN 3215
Orange</div>
<div> </div>
<div> </div>
<div>you can block/ban the subnet block of that provider.
Dirk (=DXspider developer) also is thinking about
integrating an IP block mechanism for DXspider,
something like "set/badip 1.2.3.4" or similar. Let's see
if we get something like that in future to hopefully
mitigate such spammers.</div>
<div> </div>
<div> </div>
<div> </div>
<div> </div>
</div>
<div style="margin: 10.0px 5.0px 5.0px 10.0px;padding:
10.0px 0 10.0px 10.0px;border-left: 2.0px solid
rgb(195,217,229);">
<div style="margin: 0 0 10.0px 0;"><b>Gesendet:</b> Montag,
23. März 2020 um 13:39 Uhr<br>
<b>Von:</b> "stephen via Dxspider-support"
<a class="moz-txt-link-rfc2396E" href="mailto:dxspider-support@tobit.co.uk"><dxspider-support@tobit.co.uk></a><br>
<b>An:</b> "The DXSpider Support list"
<a class="moz-txt-link-rfc2396E" href="mailto:dxspider-support@tobit.co.uk"><dxspider-support@tobit.co.uk></a><br>
<b>Cc:</b> stephen <a class="moz-txt-link-rfc2396E" href="mailto:stephen@thebitbucket.ca"><stephen@thebitbucket.ca></a><br>
<b>Betreff:</b> [Dxspider-support] **SPAM (10.2)** Re:
F8DGY spammer ist back as F8SRX</div>
<div>
<div>
<div>Do we have e an IP address for him? I know it's
only a temp measure but I would like to block him at
the firewall.</div>
<div> </div>
<div>Stephen</div>
<div> </div>
<div> </div>
<div> </div>
<div id="composer_signature">
<div style="font-size: 85.0%;color: rgb(87,87,87);">Sent
from my Bell Samsung device over Canada's largest
network.</div>
</div>
<div> </div>
<div> </div>
<div style="font-size: 100.0%;color: rgb(0,0,0);"> </div>
<div style="font-size: 100.0%;color: rgb(0,0,0);"> </div>
<div style="font-size: 100.0%;color: rgb(0,0,0);"> </div>
<div style="font-size: 100.0%;color: rgb(0,0,0);">
<div>-------- Original message --------</div>
<div>From: jarmo via Dxspider-support
<a class="moz-txt-link-rfc2396E" href="mailto:dxspider-support@tobit.co.uk"><dxspider-support@tobit.co.uk></a></div>
<div>Date: 2020-03-23 06:31 (GMT-07:00)</div>
<div>To: <a class="moz-txt-link-abbreviated" href="mailto:dxspider-support@tobit.co.uk">dxspider-support@tobit.co.uk</a></div>
<div>Cc: jarmo <a class="moz-txt-link-rfc2396E" href="mailto:oh1mrr@nic.fi"><oh1mrr@nic.fi></a></div>
<div>Subject: Re: [Dxspider-support] F8DGY spammer
ist back as F8SRX</div>
<div> </div>
</div>
Mon, 23 Mar 2020 12:09:54 +0100<br>
dd5xx--- via Dxspider-support
<a class="moz-txt-link-rfc2396E" href="mailto:dxspider-support@tobit.co.uk"><dxspider-support@tobit.co.uk></a> kirjoitti:<br>
<br>
> F8DGY is back with mass spamming the DX clusters!
Here's a brief<br>
> command overview to mitigate this and block him
on propagating his<br>
> spam activities. You just need to extend the BAN
LIST like following<br>
<br>
This is again temporary solution. Think we all sysops
should take<br>
REGISTRATION in use, BUT... Think that never happens,
unless Dirk<br>
change new versions so, that there is no other choise.<br>
If you are not registered you can't send anything on
cluster.<br>
Ofcourse, the best way would be, to find proper
medication for<br>
F8DGY.<br>
<br>
Oh1mrr<br>
<br>
_______________________________________________<br>
Dxspider-support mailing list<br>
<a class="moz-txt-link-abbreviated" href="mailto:Dxspider-support@tobit.co.uk">Dxspider-support@tobit.co.uk</a><br>
<a
href="https://mailman.tobit.co.uk/mailman/listinfo/dxspider-support"
target="_blank" moz-do-not-send="true">https://mailman.tobit.co.uk/mailman/listinfo/dxspider-support</a><br>
_______________________________________________
Dxspider-support mailing list
<a class="moz-txt-link-abbreviated" href="mailto:Dxspider-support@tobit.co.uk">Dxspider-support@tobit.co.uk</a> <a
href="https://mailman.tobit.co.uk/mailman/listinfo/dxspider-support"
target="_blank" moz-do-not-send="true">https://mailman.tobit.co.uk/mailman/listinfo/dxspider-support</a></div>
</div>
</div>
</div>
</div>
</div>
<br>
<fieldset class="mimeAttachmentHeader"></fieldset>
<pre class="moz-quote-pre" wrap="">_______________________________________________
Dxspider-support mailing list
<a class="moz-txt-link-abbreviated" href="mailto:Dxspider-support@tobit.co.uk">Dxspider-support@tobit.co.uk</a>
<a class="moz-txt-link-freetext" href="https://mailman.tobit.co.uk/mailman/listinfo/dxspider-support">https://mailman.tobit.co.uk/mailman/listinfo/dxspider-support</a>
</pre>
</blockquote>
<br>
</body>
</html>