Hello,

It is with some regret that I am posting here to clarify a problem
that your newsgroup and I as the administrator of tsbbearings.net are
experiencing.

You are seeing a lot of annoying, nonsensical, very rude, explicit
post with the following headers:

Organization: TSB Bearings USA
X-Trace: tsbbearings.net 209.51.186.226
Original-NNTP-Posting-Host: 209.51.186.226
X-Complaints-To:
Lines: 61
Newsgroups: microsoft.public.test.here,rec.photo.digital
NNTP-Posting-Host: host32.200-117-180.telecom.net.ar 200.117.180.32

These posts did not originated for tsbbearings.net.
The IP in question is one of our web servers and does not accept or
propagate nntp connections at all. Port 119 is closed.

The person who is doing this is exploiting a computer that has been
compromised by a trojan. that computer is on a dynamic IP address that
belongs to telecom.net.ar. If you would like to compalint to them the
abuse address is:

I apologize for the disruption that has inadvertently been attributed
to my server.

On Tue, 27 Jun 2006 13:21:12 -0400, admin
opined:
Hello,

It is with some regret that I am posting here to clarify a problem
that your newsgroup and I as the administrator of tsbbearings.net
are experiencing.

I, for one, very much appreciate your courtesy in addressing this
issue.

--
Displayed Email Address is a SPAM TRAP
Our DNSRBL - Eliminate Spam at the Source: http://www.TQMcube.com
Don't Subsidize Criminals: http://boulderpledge.org
SPEWS Delisting FAQ: http://tqmcube.com/spews.php

"Gary L. Burnore" wrote in message
...
On Tue, 27 Jun 2006 13:21:12 -0400, admin
wrote:

Hello,

It is with some regret that I am posting here to clarify a problem
that your newsgroup and I as the administrator of tsbbearings.net are
experiencing.

You are seeing a lot of annoying, nonsensical, very rude, explicit
post with the following headers:

Organization: TSB Bearings USA
X-Trace: tsbbearings.net 209.51.186.226
Original-NNTP-Posting-Host: 209.51.186.226
X-Complaints-To:
Lines: 61
Newsgroups: microsoft.public.test.here,rec.photo.digital
NNTP-Posting-Host: host32.200-117-180.telecom.net.ar 200.117.180.32

These posts did not originated for tsbbearings.net.
The IP in question is one of our web servers and does not accept or
propagate nntp connections at all. Port 119 is closed.

The person who is doing this is exploiting a computer that has been
compromised by a trojan. that computer is on a dynamic IP address that
belongs to telecom.net.ar. If you would like to compalint to them the
abuse address is:

I apologize for the disruption that has inadvertently been attributed
to my server.

Bowtie doesn't do anything inadvertently. You must have said
something to upset him.

--
gburnore at DataBasix dot Com
---------------------------------------------------------------------------
How you look depends on where you go.
---------------------------------------------------------------------------
Gary L. Burnore | ÝÛ³ºÝ³Þ³ºÝ³³Ýۺݳ޳ºÝ³Ý³Þ³ºÝ³ÝÝÛ³
| ÝÛ³ºÝ³Þ³ºÝ³³Ýۺݳ޳ºÝ³Ý³Þ³ºÝ³ÝÝÛ³
Official .sig, Accept no substitutes. | ÝÛ³ºÝ³Þ³ºÝ³³Ýۺݳ޳ºÝ³Ý³Þ³ºÝ³ÝÝÛ³
| ÝÛ 0 1 7 2 3 / Ý³Þ 3 7 4 9 3 0 Û³
Black Helicopter Repair Services, Ltd.| Official Proof of Purchase
================================================== =========================

Could Lamie have done this?

--
GNUEMAIL Postmaster
postmasteratgnuemail.com
---

"David Cary Hart" wrote in message...

I, for one, very much appreciate your courtesy in addressing this
issue.

I only hope they DO help address the issue. This is a lot more informative
than the '****-off, it's not our IP' response that I got earlier. I'm not a web
guru, I was just looking for help to stop the problem.

In article 1oeog.26995$Xn.10585@trnddc05,
David Morgan \(MAMS\) wrote:

"David Cary Hart" wrote in message...

I, for one, very much appreciate your courtesy in addressing this
issue.

I only hope they DO help address the issue. This is a lot more informative
than the '****-off, it's not our IP' response that I got earlier. I'm not a web
guru, I was just looking for help to stop the problem.

In general, the telecom.net.ar guys aren't going to address anything, and
getting a UDP organized these days is a major pain. This is the sad state
that Usenet has fallen into today.

Talk to your news admin and have him run cleanfeed. Cleanfeed is a wonderful
thing and drops all binary posts to discussion groups on the ground, as well
as multiposts and all kinds of spam. It comes bundled with INN and I think
you can install it even with old CNEWS servers. Cleanfeed makes Usenet a
much better place and if more sites ran it, nobody would be seeing any of
this junk.
--scott
--
"C'est un Nagra. C'est suisse, et tres, tres precis."

"Scott Dorsey" wrote in message ...
In article 1oeog.26995$Xn.10585@trnddc05,
David Morgan \(MAMS\) wrote:

"David Cary Hart" wrote in message...

I, for one, very much appreciate your courtesy in addressing this
issue.

I only hope they DO help address the issue. This is a lot more informative
than the '****-off, it's not our IP' response that I got earlier. I'm not a web
guru, I was just looking for help to stop the problem.

In general, the telecom.net.ar guys aren't going to address anything, and
getting a UDP organized these days is a major pain. This is the sad state
that Usenet has fallen into today.

Talk to your news admin and have him run cleanfeed. Cleanfeed is a wonderful
thing and drops all binary posts to discussion groups on the ground, as well
as multiposts and all kinds of spam. It comes bundled with INN and I think
you can install it even with old CNEWS servers. Cleanfeed makes Usenet a
much better place and if more sites ran it, nobody would be seeing any of
this junk.

I wrote Verizon at 3:30 am.... the same time I write to TSB Bearings USA.
Apparently the perp either got tired and went to bed or the ISP took action.
There were no more posts here after 9:30 am.

DM

Le 27 Jun 2006, "GNUEMAIL Postmaster" a écrit :

Could Lamie have done this?

Unfortunately, no, he’s far too stupid.

--
My little NANAE hangout: http://etaoin.zapto.org
To e-mail me KEEP THE ".nospam" portion of my address !!!

NSA snoop trigger: “When he was a kid, the president of the United Cigar
Stores liked to kill time by throwing water bombs at anthills”.

Have you hugged a cat today???

admin wrote:
Hello,

It is with some regret that I am posting here to clarify a problem
that your newsgroup and I as the administrator of tsbbearings.net are
experiencing.

You are seeing a lot of annoying, nonsensical, very rude, explicit
post with the following headers:

Organization: TSB Bearings USA
X-Trace: tsbbearings.net 209.51.186.226
Original-NNTP-Posting-Host: 209.51.186.226
X-Complaints-To:
Lines: 61
Newsgroups: microsoft.public.test.here,rec.photo.digital
NNTP-Posting-Host: host32.200-117-180.telecom.net.ar 200.117.180.32

These posts did not originated for tsbbearings.net.
The IP in question is one of our web servers and does not accept or
propagate nntp connections at all. Port 119 is closed.

The person who is doing this is exploiting a computer that has been
compromised by a trojan. that computer is on a dynamic IP address that
belongs to telecom.net.ar. If you would like to compalint to them the
abuse address is:

I apologize for the disruption that has inadvertently been attributed
to my server.



Is there anyway we can block his posts?
Dave Cohen

In article , says...

In article 1oeog.26995$Xn.10585@trnddc05,
David Morgan \(MAMS\) wrote:

"David Cary Hart" wrote in message...

I, for one, very much appreciate your courtesy in addressing this
issue.

I only hope they DO help address the issue. This is a lot more informative
than the '****-off, it's not our IP' response that I got earlier. I'm not a
web
guru, I was just looking for help to stop the problem.

In general, the telecom.net.ar guys aren't going to address anything, and
getting a UDP organized these days is a major pain. This is the sad state
that Usenet has fallen into today.


I'd blame the goof that runs the usenet abuse group heirarchy. It's impossible
to post according to the formatting required for the filter to not reject
postings to the 'reporting' group, and if you email the guy to ask what gives,
he replies in an attatchment he sends to you! Who put that retard in charge is
anyone's guess but I assume he is a tool of the bulk spamming advertisement
industry. Usenet flooders used to have their entire ISPs blocked, which caused
those ISPs to respond to being blocked. ISPs must've got together and
destroyed the usenet abuse reporting system...

In article o5hog.1399$%67.355@trndny02, Dave Cohen wrote:
Is there anyway we can block his posts?

1. Ask your ISP to run cleanfeed, or get their feed from someone who does.

2. Put /^Path:*telecom.net.ar*/ in your killfile.
--scott

--
"C'est un Nagra. C'est suisse, et tres, tres precis."

"Scott Dorsey" wrote in message
...
In article o5hog.1399$%67.355@trndny02, Dave Cohen
wrote:
Is there anyway we can block his posts?

1. Ask your ISP to run cleanfeed, or get their feed from someone who does.

2. Put /^Path:*telecom.net.ar*/ in your killfile.
--scott

--
"C'est un Nagra. C'est suisse, et tres, tres precis."

For me I found it a trivial exercise to simply delete them.

"Pete D" wrote ...
For me I found it a trivial exercise to simply delete them.

While most of the subject lines were clearly garbage, some of them
were realistic enought to fool me. The malware writers are getting
better (unfortunately :-(

"Richard Crowley" wrote in message
...
"Pete D" wrote ...
For me I found it a trivial exercise to simply delete them.

While most of the subject lines were clearly garbage, some of them
were realistic enought to fool me. The malware writers are getting
better (unfortunately :-(

I am not really sure what the idea of swamping a newsgroup with rubbish but
I guess they have a reason, they probably just need to take the red pill!

Further information with regard to the abusive messages posted here.

We have further determined that the posts trojan computer is being
controlled from a US IP address, 71.244.99.41, a Verizon wireless address as
well as 71.123.37.227, a Verizon non-wireless address.

A search has revealed previous posts from an individual to these groups, and
discussions are underway with administrators at Verizon to determine the
culprit involved. The trojan looks to have been shut down, however others
may be in place and so determining the exact source of the abuse is
continuing.

If anyone has further additional information we would be happy to receive
it.


Hello,

It is with some regret that I am posting here to clarify a problem
that your newsgroup and I as the administrator of tsbbearings.net are
experiencing.

You are seeing a lot of annoying, nonsensical, very rude, explicit
post with the following headers:

Organization: TSB Bearings USA
X-Trace: tsbbearings.net 209.51.186.226
Original-NNTP-Posting-Host: 209.51.186.226
X-Complaints-To:
Lines: 61
Newsgroups: microsoft.public.test.here,rec.photo.digital
NNTP-Posting-Host: host32.200-117-180.telecom.net.ar 200.117.180.32

These posts did not originated for tsbbearings.net.
The IP in question is one of our web servers and does not accept or
propagate nntp connections at all. Port 119 is closed.

The person who is doing this is exploiting a computer that has been
compromised by a trojan. that computer is on a dynamic IP address that
belongs to telecom.net.ar. If you would like to compalint to them the
abuse address is:

I apologize for the disruption that has inadvertently been attributed
to my server.

Pete D wrote:


"Richard Crowley" wrote in message
...
"Pete D" wrote ...
For me I found it a trivial exercise to simply delete them.

While most of the subject lines were clearly garbage, some of them
were realistic enought to fool me. The malware writers are getting
better (unfortunately :-(

I am not really sure what the idea of swamping a newsgroup with rubbish
but I guess they have a reason, they probably just need to take the red
pill!

I'd prefer that they take the Black Capsule.

--
--John
to email, dial "usenet" and validate
(was jclarke at eye bee em dot net)