On Wed, 24 May 1995 16:32:48 PDT Melvin Klassen said: >No thanks, I'm not interested. Cyberspam NNTP-software, indeed! > >* Filter=Also,*@RTD.COM > >----------Original message from Netnews: bit.listserv.cmspip-l---------- >Distribution: local >Lines: 61 >X-Sender: 83060.4266394158 (Your Lifetime Health Planner) >Approved: [log in to unmask] >NNTP-Posting-Host: seagull.rtd.com >News-Posting-Software: Cyberspam >Message-ID: <[log in to unmask]> >Newsgroups: bit.listserv.cmspip-l >Date: Wed, 24 May 1995 05:12:31 GMT >Sender: VM/SP CMS Pipelines Discussion List <[log in to unmask]> >Comments: RFC822 error: <W> Incorrect or incomplete address field found and > ignored. >Comments: RFC822 error: <W> Incorrect or incomplete address field found and > ignored. >From: Netnews Server <[log in to unmask]> >Organization: Your Lifetime Health Planner >Subject: The Key To Organizing Your Health Records >Comments: To: [log in to unmask], > [log in to unmask], [log in to unmask] > > THE KEY TO ORGANIZING YOUR HEALTH RECORDS > ... 59 lines mercifully deleted ... Here's what is returned if you try to email trasoff or dsiegel: ======================================================================= 97 Return-Path: <[log in to unmask]> Received: from CMUVM (NJE origin SMTP@CMUVM) by CMUVM.CSV.CMICH.EDU (LMail V1.2a/1.8a) with BSMTP id 0488; Wed, 24 May 1995 20:37:17 -0400 Received: from seagull.rtd.com by CMUVM.CSV.CMICH.EDU (IBM VM SMTP V2R2) with TCP; Wed, 24 May 95 20:37:15 EDT Received: (from daemon@localhost) by seagull.rtd.com (8.6.12/8.6.9.1) id RAA13500 for [log in to unmask]; Wed, 24 May 1995 17:38:39 -0700 Date: Wed, 24 May 1995 17:38:39 -0700 Message-Id: <[log in to unmask]> From: [log in to unmask] (Mark Beeson) Subject: NOTICE: Free Health Spam INFO Organization: [ Neural InterNetworking ] Apparently-To: [log in to unmask] PLEASE NOTE: this article was posted to news.admin.net-abuse.misc. Let me introduce myself. I'm Mark Beeson, the one who generated the cancel messages for the Free Health Spam. You may reach me at [log in to unmask] I am, more or less, news administrator for RTD Systems & Networking, Inc., a Tucson-Arizona based Internet Provider. All comments about this ordeal should be directed to me. Yes, I know the cancel messages were possibly broken, and I'm sorry, but I'm sort of a newbie at auto-cancelling messages. Anyways.. a little information.. FIRST: David Siegel is in no way related to Martha Siegel. So all the "conspiracy theories" can be thrown out the window. Okay, now for the real info: - Last night at approximately 9PM MST I received e-mail from one of our users complaining about a message in comp.infosystems.www.authoring. I sighed and looked at the message. - 9:15 PM -- This same user complains that the message is showing up "everywhere in the rec.* hierarchy". At this point my heart rate begins to go on a rollercoaster ride. - 9:30 PM -- I am logged into the news machine (baygull.rtd.com) and executing a find . -print | xargs grep baygull on each of the major news hierarchies. Results of that: - comp.* was the worst hit, with 790 groups hit. - rec.*, sci.*, soc.*, bit.*, biz.*, and misc.* each got about 150 groups hit. - Unfortunately I was not able to target the alt.* groups because the command you see above always terminated with a broken pipe. (Probably because of the enormous amount of newsgroups one step away from the top level). I am told, however, that someone is working on auto-cancelling the alt.* messages. - 10:00 PM -- I have hastily written up a perl script to generate cancel messages and pipe them into inews. Yes, I know this perl script had errors in it, and unfortunately it cancelled approximately 20 articles that did not appear at our site. For that, I'm sorry, but again, I was rather rushed. - 10:15 PM -- I do another grep on the sci.* hierarchy, and find that the output is _larger_. Much to my horror, I realize what has happened and quickly execute (as superuser) top, look and see who is doing what on the system, and find user "trasoff" running a ".may" command, and also a few instances of inews. I kill these in a heartbeat, and disable the account. - 3:00 AM -- The perl scripts finish up with the last of the comp.* messages and I go home and fall asleep in a cold sweat, sensing impending doom. IMPORTANT INFO HERE: - 9:00 AM -- I am awakened by the phone. Our office has called me, and according to them, the user [log in to unmask] is part of a company who contacted CyberSell (Lawrence Canter and Martha Siegel, who we all know and love). I apparently caught this script in the middle of rec.*. The veracity of whether CyberSell is actually responsible for this or not is unknown (by me at this time). - 10:00 AM -- I log in from home, to find 1400 messages in my inbox. It's currently 11:08, and I'm sure I'll have more details for everyone as I get them. Speaking for RTD Systems & Networking, Inc., --Mark -- Mark Beeson | Same Broken (MB178) President, Neural InterNetworking "I've seen the enemy, and the enemy is me." -- Sister Machine Gun URL: <a href="http://www.nin.com/">here</a>. - If you have to ask, you'll never know. - ---------------------------------------------------------------- Elliott Parker Bitnet: 3ZLUFUR@CMUVM List Owner, SEASIA-L and CARR-L Internet: [log in to unmask] Department of Journalism Less certain possibilities: Central Michigan University [log in to unmask] Mt. Pleasant, MI 48859 USA CompuServe: 70701,520 Office tele: +1 517 774 3196 The WELL: [log in to unmask]