<html>
  <head>
    <meta http-equiv="Content-Type" content="text/html; charset=UTF-8">
  </head>
  <body>
    <p>Hi all,<br>
      as a newbie sysop, I don't know if this is the right way, but an
      input filter seems to do most of "cleaning job" (output of my node
      was compared to dxfun).</p>
    <p><span style="font-size:10.0pt;line-height:107%;
        font-family:"Courier
        New";mso-fareast-font-family:"Times New
        Roman";color:black;
mso-ansi-language:IT;mso-fareast-language:IT;mso-bidi-language:AR-SA">rej/spots
        node_default input 1 info
        {crimin|terror|cattle|kill|k1ll|kremlin|rape|ruzzia}</span></p>
    <p>This way seems to block also words starting with "terror" like:
      terrorist, terrorize, terrorizing ecc.<br>
    </p>
    <p>The list can become very long of course, and will be updated
      regularly, but 98% of spam seems to be gone.<br>
    </p>
    <p>Any suggestions or advise against this method?</p>
    Thank you, 73<br>
    Davide IW0HLG<br>
    <div class="moz-cite-prefix"><br>
    </div>
    <div class="moz-cite-prefix"><br>
    </div>
    <div class="moz-cite-prefix">Il 30/07/2022 11:12, Danilo Brelih via
      Dxspider-support ha scritto:<br>
    </div>
    <blockquote type="cite"
      cite="mid:1155fa48-b7ac-4c8c-7afc-7087a1745d37@siol.net">
      <meta http-equiv="Content-Type" content="text/html; charset=UTF-8">
      <div class="moz-cite-prefix"><br>
      </div>
      <div class="moz-cite-prefix">It helps also if you set SET/BADWORD.
        Blocking the bot from connecting to your cluster is the most
        effective method. 94.156.203.117 IP has been in use for several
        days. From today he is using also Telecom Italia S.p.A. (Venice,
        Italy) IP 79.20.34.246. Check whether it connects to your
        cluster node instead.<br>
      </div>
      <div class="moz-cite-prefix"><br>
      </div>
      <div class="moz-cite-prefix">SET/BADWORD kills</div>
      <div class="moz-cite-prefix">SET/BADWORD ruzzia<br>
        SET/BADWORD criminal</div>
      <div class="moz-cite-prefix">SET/BADWORD murders<br>
        SET/BADWORD nazzists</div>
      <div class="moz-cite-prefix"><br>
      </div>
      <div class="moz-cite-prefix">etc....</div>
      <div class="moz-cite-prefix"><br>
      </div>
      <div class="moz-cite-prefix">GL Dan</div>
      <br>
      <div class="moz-cite-prefix"><br>
      </div>
      <div class="moz-cite-prefix"><br>
      </div>
      <div class="moz-cite-prefix"><br>
      </div>
      <blockquote type="cite"
        cite="mid:c8156212-a243-071f-bce4-c50d91f0f81d@siol.net">
        <meta http-equiv="Content-Type" content="text/html;
          charset=UTF-8">
        <div class="moz-cite-prefix">Hi</div>
        <div class="moz-cite-prefix"><br>
        </div>
        <div class="moz-cite-prefix">Exactly the same bot at work like
          last last year with CQWW contest. Already set up iptables
          firewall rule rejected subnet 94.156.203.0/24 here.</div>
        <div class="moz-cite-prefix"><br>
        </div>
        <div class="moz-cite-prefix">GL Dan</div>
        <div class="moz-cite-prefix"><br>
        </div>
        <div class="moz-cite-prefix"> <br>
        </div>
        <div class="moz-cite-prefix"><br>
        </div>
        <blockquote type="cite"
          cite="mid:ef49fd26-cfd9-162d-294a-ce3256235d9c@tobit.co.uk">
          <meta http-equiv="content-type" content="text/html;
            charset=UTF-8">
          <font size="+1"><font face="monospace">There is a bot out
              there that delights in trying to confuse the Contest
              Committee's log checking process and/or causing
              contestants' problems by posting spurious spots using
              their callsign. It does this by logging in to a node,
              "sniping" a spot and then immediately disconnecting.<br>
              <br>
              Here are some examples:<br>
              <br>
              13:15:59 (progress) CMD: 'show/cluster ' by LZ1JZ ip:
              217.61.58.23 1mS<br>
              13:16:00 (progress) CMD: 'DX YL2KO 14082.2' by LZ1JZ ip:
              217.61.58.23 1mS<br>
              13:16:00 (progress) CMD: 'bye ' by LZ1JZ ip: 217.61.58.23
              45mS<br>
              13:16:25 (progress) CMD: 'show/cluster ' by CT1GFQ ip:
              217.61.58.23 0mS<br>
              13:16:25 (progress) CMD: 'DX ZF1A 28127.6' by CT1GFQ ip:
              217.61.58.23 1mS<br>
              13:16:25 (progress) CMD: 'bye ' by CT1GFQ ip: 217.61.58.23
              12mS<br>
              13:18:18 (progress) CMD: 'show/cluster ' by DK5QN ip:
              217.61.58.23 0mS<br>
              13:18:18 (progress) CMD: 'DX NY3A 21067.2' by DK5QN ip:
              217.61.58.23 1mS<br>
              13:18:18 (progress) CMD: 'bye ' by DK5QN ip: 217.61.58.23
              13mS<br>
              13:55:21 (progress) CMD: 'show/cluster ' by VK6POP ip:
              217.61.58.23 0mS<br>
              13:55:21 (progress) CMD: 'DX W3UA 21022.5' by VK6POP ip:
              217.61.58.23 1mS<br>
              13:55:21 (progress) CMD: 'bye ' by VK6POP ip: 217.61.58.23
              10mS<br>
              13:55:32 (progress) CMD: 'show/cluster ' by EA3HXV ip:
              217.61.58.23 0mS<br>
              13:55:32 (progress) CMD: 'DX MI5I 14012.5' by EA3HXV ip:
              217.61.58.23 2mS<br>
              13:55:32 (progress) CMD: 'bye ' by EA3HXV ip: 217.61.58.23
              23mS<br>
            </font></font><br>
          <font size="+1" face="monospace">To try and reduce this as
            much as possible, please would you block this ip address </font><font
            size="+1" face="monospace"><font size="+1"><font
                face="monospace">217.61.58.23 </font></font>(or its
            subnet </font><br>
          <font size="+1" face="monospace"><font size="+1"><font
                face="monospace">217.61.58.0/24) using your firewall (in
                your router). If you are running Linux/BSD you could
                consider installing UFW or similar software to help with
                this task. <br>
                <br>
              </font></font>73 Dirk G1TLH<br>
          </font> <br>
          <fieldset class="moz-mime-attachment-header"></fieldset>
          <pre class="moz-quote-pre" wrap="">_______________________________________________
Dxspider-support mailing list
<a class="moz-txt-link-abbreviated moz-txt-link-freetext" href="mailto:Dxspider-support@tobit.co.uk" moz-do-not-send="true">Dxspider-support@tobit.co.uk</a>
<a class="moz-txt-link-freetext" href="https://mailman.tobit.co.uk/mailman/listinfo/dxspider-support" moz-do-not-send="true">https://mailman.tobit.co.uk/mailman/listinfo/dxspider-support</a>
</pre>
        </blockquote>
        <br>
        <br>
        <fieldset class="moz-mime-attachment-header"></fieldset>
        <pre class="moz-quote-pre" wrap="">_______________________________________________
Dxspider-support mailing list
<a class="moz-txt-link-abbreviated moz-txt-link-freetext" href="mailto:Dxspider-support@tobit.co.uk" moz-do-not-send="true">Dxspider-support@tobit.co.uk</a>
<a class="moz-txt-link-freetext" href="https://mailman.tobit.co.uk/mailman/listinfo/dxspider-support" moz-do-not-send="true">https://mailman.tobit.co.uk/mailman/listinfo/dxspider-support</a>
</pre>
      </blockquote>
      <p><br>
      </p>
      <div class="moz-signature">-- <br>
        <a href="https://s50e.si/gorje.html" moz-do-not-send="true">Gorje,
          Cerkno h=604m</a></div>
      <br>
      <fieldset class="moz-mime-attachment-header"></fieldset>
      <pre class="moz-quote-pre" wrap="">_______________________________________________
Dxspider-support mailing list
<a class="moz-txt-link-abbreviated" href="mailto:Dxspider-support@tobit.co.uk">Dxspider-support@tobit.co.uk</a>
<a class="moz-txt-link-freetext" href="https://mailman.tobit.co.uk/mailman/listinfo/dxspider-support">https://mailman.tobit.co.uk/mailman/listinfo/dxspider-support</a>
</pre>
    </blockquote>
  </body>
</html>