OT - GG Spammers

Discussion in 'Java' started by Andrew Thompson, Mar 31, 2007.

  1. I started a thread on Google Groups - asking why Google
    could not do more to suppress the torrent of spam to the
    comp.lang.java.* hierarchy groups, coming from Google
    Groups posters.
    <http://groups.google.com/group/Groups-Suggestions/browse_frm/thread/
    2a5e4a9399cb8be7/#>

    A GG apologist challenged me as to what proof I had
    that these spammers were using GG. My 'best guess'
    was the 'X-trace' shown in the full listing of the post. So
    far, *8/8* of the most recent spam posts to c.l.j.p. have
    had an X-Trace indicating ..

    X-Trace: posting.google.com ...

    Is that correct? Is the X-trace the best indication of
    where a post originates?

    Sorry, I was hoping the GGA challenger might have clarified
    on the original thread, but they have been conspicuous in
    their absence, since I started posting links to examples..

    Andrew T.
     
    Andrew Thompson, Mar 31, 2007
    #1
    1. Advertisements

  2. Some amusing* things happened since then.
    - I began assembling the proof, by way of linking
    to each spam post and quoting the 'X-trace' line.
    So far, 10/11 show an origin of GG.
    - The apologist slunk off into the shadows
    - I got terse with them, asking if they were good
    for anything besides weak challenges/apologies
    - I myself was blocked by GG for making 'too many
    posts'
    - I opened an account with JavaKB so I could
    continue posting.
    - GG has since restored my posting abilities
    (through mechanisms entirely unrelated to me,
    since there own 'click this if you think it
    is wrong' link was broken).

    I will probably continue using JavaKB for the
    time being** - I have been in contact with the
    JavaKB staff and they have already indicated
    an interest in making further changes to their
    WITUN, in exchange for me promoting it over GG.

    If that proceeds as hoped, the end advice will
    probably be words to the effect of..
    "You might want to change over to a WITUN that
    is *not* the source of >90% of all spam to these
    usenet newsgroups, so that users of news clients
    who filter *all* posts from GG, might also see
    your message."

    Note that JavaKB not only a offers access to
    a much more Java focused set of groups (so
    they are inherently of less interest to the
    spammers that wish to multi-post widely) but
    the first comment below *every* reply to a
    post, states..
    "Do not post SPAM or messages that violate
    any laws. Violation of this requirement will
    result in account deactivation. "

    * OK.. amusing to me, anyway. ;-)
    ** Failing posts to GGG's (Google Groups groups,
    like the one linked above) ..and this post,
    since strangely I could not find it in the
    JavaKB listing - I will have to look further
    into that. I suspect it was filtered, and I
    do not agree that the WITUN should do that
    (short of an user initiated *choice* to filter
    spam).

    Andrew T.
     
    Andrew Thompson, Apr 2, 2007
    #2
    1. Advertisements

  3. Andrew Thompson

    Wojtek Guest

    Andrew Thompson wrote :
    Well, from a recent posting, here is the entire header group:

    Path:
    edtnps91!newsfeed2.telusplanet.net!newsfeed.telus.net!news.glorb.com!postnews.google.com!d57g2000hsg.googlegroups.com!not-for-mail
    From:
    Newsgroups: comp.lang.java.programmer
    Subject: Web-based personal development co. looking for programmers
    Date: 30 Mar 2007 17:07:48 -0700
    Organization: http://groups.google.com
    Lines: 65
    Message-ID: <>
    NNTP-Posting-Host: 71.204.145.237
    Mime-Version: 1.0
    Content-Type: text/plain; charset="utf-8"
    Content-Transfer-Encoding: quoted-printable
    X-Trace: posting.google.com 1175299670 857 127.0.0.1 (31 Mar 2007
    00:07:50 GMT)
    X-Complaints-To:
    NNTP-Posting-Date: Sat, 31 Mar 2007 00:07:50 +0000 (UTC)
    User-Agent: G2/1.0
    X-HTTP-UserAgent: Mozilla/5.0 (Macintosh; U; PPC Mac OS X Mach-O;
    en-US; rv:1.8.0.11) Gecko/20070312 Firefox/1.5.0.11,gzip(gfe),gzip(gfe)
    Complaints-To:
    Injection-Info: d57g2000hsg.googlegroups.com;
    posting-host=71.204.145.237;
    posting-account=7dWL_w0AAACvNT_8mV9yNiXdDZIctp49
    Xref: newsfeed2.telusplanet.net comp.lang.java.programmer:768648

    There are Google fingerprints all through the headers. The best one I
    think is the Message-ID.
     
    Wojtek, Apr 10, 2007
    #3
  4. Andrew Thompson

    Chris Uppal Guest

    If some sort of proof is required, the GG posting account (part of the
    Injection-Info: field that Google adds) looks as if it's probably a crypto-hash
    of the account name (or something related to it), so that might serve as a
    non-repudiable token (although one hopes that only Google can verify it).

    Actually, I'm not too sure about Message-ID, that is one of the fields that can
    be generated by the client rather than always being added/overwritten by NTTP
    servers. As such, it's not so useful for this specific purpose, since we are
    trying to find fields which people cannot forge to make it look as if they are
    posting via Google. I don't have the experience of NNTP servers to know which
    (if any) fields they strip/replace from untrusted submissions (which would make
    them more difficult for spammers to forge). Perhaps the X-Trace field ?

    -- chris
     
    Chris Uppal, Apr 10, 2007
    #4
    1. Advertisements

Ask a Question

Want to reply to this thread or ask your own question?

You'll need to choose a username for the site, which only take a couple of moments (here). After that, you can post your question and our members will help you out.