How to fix spam on this group.

[John Nagle]

If you look at the message headers for the "prescription" and
"naked" spams, they're coming into Google Groups from a very small
number of points. One entry point was a Comcast customer in
West Virginia. I wrote to Comcast, and spam from that IP seems
to have stopped.

The next worst offender is a Road Runner account.
Look at the line:

Injection-Info: dm9g2000vbb.googlegroups.com;
posting-host=24.163.127.116;
posting-account=DKJxlgoAAADWiLPCKKQ3ODU2U5wum67n

That's coming in from a Road Runner account in North Carolina.

cpe-024-163-127-116.nc.res.rr.com [24.163.127.116]

So I just sent a message to "(e-mail address removed)", telling them they have
a compromised user machine on their network. I also sent a message
to the hosting service where they're using a compromised machine.

If a few more people do this, we'll knock off the spamming machines.
There aren't that many of them.

John Nagle

 

[RobG]

    If you look at the message headers for the "prescription" and
"naked" spams, they're coming into Google Groups from a very small
number of points.  One entry point was a Comcast customer in
West Virginia.  I wrote to Comcast, and spam from that IP seems
to have stopped.

    The next worst offender is a Road Runner account.
Look at the line:

Injection-Info: dm9g2000vbb.googlegroups.com;
posting-host=24.163.127.116;
posting-account=DKJxlgoAAADWiLPCKKQ3ODU2U5wum67n

That's coming in from a Road Runner account in North Carolina.

cpe-024-163-127-116.nc.res.rr.com [24.163.127.116]

So I just sent a message to "(e-mail address removed)", telling them they have
a compromised user machine on their network. I also sent a message
to the hosting service where they're using a compromised machine.

If a few more people do this, we'll knock off the spamming machines.
There aren't that many of them.

If you can advise how to track down such machines (e.g. header
information to use and how to convert that to the hosting service and
account), I'd be more than happy to help.

Incidentally, the GG interface is becoming so broken that I'm not sure
I'll keep using it anyway.

 

[John Nagle]

Can you even look at headers from Google Groups?

Anyway, for real USENET users, look at the source of the
posting, and look for

Injection-Info: g29g2000yqh.googlegroups.com; posting-host=98.195.42.10;
posting-account=QnXevQoAAACLS_7VkHDYYGmE-B4KRENj

Take the IP address, "98.195.42.10", and put it into any IP
address lookup site, such as
"http://www.ip-address.org/lookup/ip-locator.php".
Or use "tracert". In either case, you find out that it's
a Comcast IP address. Then you report it to the Comcast
abuse address, which is "(e-mail address removed)". Send
them a copy of the entire posting, including headers,
and tell them that one of their customers has a probably
compromised machine that's sending newsgroup spam.
Mention the IP address prominently, along with the
reverse DNS value,
"c-98-195-42-10.hsd1.tx.comcast.net". Most providers
will do something at that point.

John Nagle

If you look at the message headers for the "prescription" and
"naked" spams, they're coming into Google Groups from a very small
number of points. One entry point was a Comcast customer in
West Virginia. I wrote to Comcast, and spam from that IP seems
to have stopped.

The next worst offender is a Road Runner account.
Look at the line:

Injection-Info: dm9g2000vbb.googlegroups.com;
posting-host=24.163.127.116;
posting-account=DKJxlgoAAADWiLPCKKQ3ODU2U5wum67n

That's coming in from a Road Runner account in North Carolina.

cpe-024-163-127-116.nc.res.rr.com [24.163.127.116]

So I just sent a message to "(e-mail address removed)", telling them they have
a compromised user machine on their network. I also sent a message
to the hosting service where they're using a compromised machine.

If a few more people do this, we'll knock off the spamming machines.
There aren't that many of them.

If you can advise how to track down such machines (e.g. header
information to use and how to convert that to the hosting service and
account), I'd be more than happy to help.

Incidentally, the GG interface is becoming so broken that I'm not sure
I'll keep using it anyway.

 

[Antony Scriven]

Can you even look at headers from Google Groups?

Yep. Click 'More options' and then 'Show original'.

Anyway, for real USENET users, look at the source of the
posting, and look for

Injection-Info: g29g2000yqh.googlegroups.com; posting- host=98.195.42.10;
posting-account=QnXevQoAAACLS_7VkHDYYGmE-B4KRENj

It's all there in GG too.

Take the IP address, "98.195.42.10", and put it into any IP
address lookup site, such as
"http://www.ip-address.org/lookup/ip-locator.php".
Or use "tracert".

dnsstuff.com is another useful site for this kind of thing.
There's an add-on for Firefox too.

In either case, you find out that it's a Comcast IP
address. Then you report it to the Comcast abuse
address, which is "(e-mail address removed)". Send
them a copy of the entire posting, including headers, and
tell them that one of their customers has a probably
compromised machine that's sending newsgroup spam.
Mention the IP address prominently, along with the
reverse DNS value,
"c-98-195-42-10.hsd1.tx.comcast.net". Most providers
will do something at that point.

John Nagle

Well, the spam seem's to have tapered off already. Thanks. --Antony

 

[RobG]

The convention here is to reply below trimmed quotes.

     Can you even look at headers from Google Groups?

Yes, but I have a newsreader too. I use GG because some places that I
access the net from don't support Usenet groups and the old GG
interface is ok. The new one is crap.

     Anyway, for real USENET users, look at the source of the
posting, and look for

Injection-Info: g29g2000yqh.googlegroups.com; posting-host=98.195.42.10;
posting-account=QnXevQoAAACLS_7VkHDYYGmE-B4KRENj

Take the IP address, "98.195.42.10", and put it into any IP
address lookup site, such as
"http://www.ip-address.org/lookup/ip-locator.php".
Or use "tracert". In either case, you find out that it's
a Comcast IP address.  Then you report it to the Comcast
abuse address, which is "(e-mail address removed)".  Send
them a copy of the entire posting, including headers,
and tell them that one of their customers has a probably
compromised machine that's sending newsgroup spam.
Mention the IP address prominently, along with the
reverse DNS value,
"c-98-195-42-10.hsd1.tx.comcast.net".  Most providers
will do something at that point.

Thank you, I'll pitch in when I can.

 

[dhtml]

     Can you even look at headers from Google Groups?

Click "more options" then "show original". That is using old Groups
UI. The new UI is very broken.
[...]
Brilliant solution and explanation. Thank you. I've written to Comcast
(as in your message) and Verizon.

| One of your customers is sending out bulk spam porongraphy to USENET
| via Google Groups. The IP address "71.163.166.250" and the IP host
| (reverse DNS) is "pool-71-163-166-250.washdc.fios.verizon.net".
|
| Please put a stop to the offending user. And keep in mind that his
| machine may have been compromised without his knowledge. Thank you.
|
| Here is one of many recent "nude" messages, with full headers:
| [message with headers omitted for brevity]

 

[dhtml]

On 6/10/11 7:22 AM, John Nagle wrote:> Can you even look at headers from Google Groups?

[...]
Today I reported ordercis and qpaltinic, both from a network in
Uzbekistan. Let's see what happens.

I've reported yet another to Comcast. More spambots keep popping up
like zombies. Though to be fair, it seems that it is Google's
responsibility to be a good netizen and rectify the abuse that they're
abetting ("they" not "it"; Google is a corporation of employees who
are people).

Yet Google does not enforce its own TOS despite numerous warnings. Why
is that?

Nor does Google seem to have any public group for Google Groups. Not
this fraud by more spammers:
http://groups.google.com/group/google-groups-help-?lnk=

The USENET Death Penalty for Google Groups would eliminate the bulk of
spam but would come at a cost of greater obscurity.

It really comes down to this: Does Google Groups cause more harm than
good?

And if the answer is yes, then UDP makes sense.

Might be appropriate for com.googlegroups.is-something-broken

 

[RobG]

On 6/10/11 7:22 AM, John Nagle wrote:> Can you even look at headers from Google Groups?
[...]

Today I reported ordercis and qpaltinic, both from a network in
Uzbekistan. Let's see what happens.

I've reported yet another to Comcast. More spambots keep popping up
like zombies. Though to be fair, it seems that it is Google's
responsibility to be a good netizen and rectify the abuse that they're
abetting ("they" not "it"; Google is a corporation of employees who
are people).

I think Google is technically a person in corporation law. Corporate
culture comes from the top, it isn't a ground-up thing, so you can
think of the CEO as the corporation in this case - Eric Schmidt[1].
Perhaps direct appeals to him might have some effect.

Is there a way to automate the reporting process? Stopping the
spammers through existing processes is a start but likely way to much
work for a small group of individuals manually sending reports.


[...]

And if the answer is yes, then UDP makes sense.

Might be appropriate for com.googlegroups.is-something-broken

Why not a Facebook page? Schmidt might be more responsive to
competition than customers.

/Posted through GG, which has facilitated the bulk spam pollution and
deterioration of USENET.

I think I'll add that to my signature.

1. http://en.wikipedia.org/wiki/Eric_Schmidt

 

[dhtml]

On 6/10/11 7:22 AM, John Nagle wrote:> Can you even look at headers from Google Groups?

[...]

Today I reported ordercis and qpaltinic, both from a network in
Uzbekistan. Let's see what happens.

I've reported yet another to Comcast. More spambots keep popping up
like zombies. Though to be fair, it seems that it is Google's
responsibility to be a good netizen and rectify the abuse that they're
abetting ("they" not "it"; Google is a corporation of employees who
are people).

I think Google is technically a person in corporation law. Corporate
culture comes from the top, it isn't a ground-up thing, so you can
think of the CEO as the corporation in this case - Eric Schmidt[1].
Perhaps direct appeals to him might have some effect.

Is there a way to automate the reporting process? Stopping the
spammers through existing processes is a start but likely way to much
work for a small group of individuals manually sending reports.

[...]

And if the answer is yes, then UDP makes sense.

Might be appropriate for com.googlegroups.is-something-broken

Why not a Facebook page? Schmidt might be more responsive to
competition than customers.

Sure, especially when the group was closed and probably due to a large
number complaints about Google ignoring its own TOS and abusing the
Internet.

http://markmail.org/message/v6uayzfq632dddwr

Google doesn't take abuse seriously. Coincidentally, my friend's site
was recently hacked and the hackers use google's Blogger to brag about
it.
www.google.com/support/forum/p/blogger/thread?fid=4550c888ab8fb07f0004ae86c2162202&hl=en

 

[Tim Streater]

I think Google is technically a person in corporation law.

Whose corporation law?

 

[RobG]

Sure, especially when the group was closed and probably due to a large
number complaints about Google ignoring its own TOS and abusing the
Internet.

http://markmail.org/message/v6uayzfq632dddwr

When I click on that link in GG I get "

Google doesn't take abuse seriously. Coincidentally, my friend's site
was recently hacked and the hackers use google's Blogger to brag about
it.www.google.com/support/forum/p/blogger/thread?fid=4550c888ab8fb07f000...

When I click on that link in GG I get:

"The requested URL /www.google.com/support/forum/p/blogger/thread?
fid=4550c888ab8fb07f0004ae86c2162202&hl=en was not found on this
server"

But when I put the address directly into my browser, I get the site.

 

[RobG]

Whose corporation law?

"Technically" was probably the wrong word, "practically" was probably
mor appropriate. Where I live and, as far as I know, the US,
corporations are treated largely as artificial persons.

But my point was that companies can be considered persons because they
behave like a person in many respects, and reflect the character of
the management.

 

[dhtml]

"Technically" was probably the wrong word, "practically" was probably
mor appropriate. Where I live and, as far as I know, the US,
corporations are treated largely as artificial persons.

But my point was that companies can be considered persons because they
behave like a person in many respects, and reflect the character of
the management.

Right.

According to some comments posted here:
http://www.velocityreviews.com/forums/t685417-p4-ot-more-google-groups-brain-damage.html

| Google actually gets advertising money for every post. Every
| post including spam. Now, how do you think they will act?

If this is true, is a disincentive for Google to enforce it's TOS for
spam.

Since this thread, there seems to be more spam. We now have spam in
replies to very old posts, which is something I had not seen yet.

Is there any official discussion for "UDP for Google Groups"? Where
can support for "UDP for Google Groups" be expressed?