FYI, I've just implemented this
http://onestepback.org/index.cgi/General/CautiouslyOptimistic.rdoc. 
Let's see how long it might be effective. With this patch, pages with
previously valid links WILL NOT SAVE unless you uppercase the
protocol:// section of the link.  That'll be annoying for a while but
hopefully not as much as the spam (and hopefully this will have an
effect for a while).

The real-time blacklists and any other blacklisting measure seem to be
almost 0% effective.  Practically none of the spammers that have hit
us have been listed, and we can't keep up a manual list fast enough.

Next step is authentication.  I'm ready to put this one to bed.

-- 

Chad Fowler
http://chadfowler.com
http://rubycentral.org 
http://rubygarden.org 
http://rubygems.rubyforge.org (over 20,000 gems served!)

Chad Fowler <chadfowler@gmail.com> treated the lovely people of
comp.lang.ruby with the following stuff: 

> FYI, I've just implemented this
> http://onestepback.org/index.cgi/General/CautiouslyOptimistic.rdo
> c. Let's see how long it might be effective. With this patch,
> pages with previously valid links WILL NOT SAVE unless you
> uppercase the protocol:// section of the link.  That'll be
> annoying for a while but hopefully not as much as the spam (and
> hopefully this will have an effect for a while).
> 
> The real-time blacklists and any other blacklisting measure seem
> to be almost 0% effective.  Practically none of the spammers
> that have hit us have been listed, and we can't keep up a manual
> list fast enough. 
> 
> Next step is authentication.  I'm ready to put this one to bed.
> 

Hi Chad, should I be seeing these links?:

Administration: Lock page | Delete this page | Edit Banned List | 
Run Maintenance | Edit/Rename pages | Lock site

-- 
Phil Roberts | Deedle Doot Doo Dee Dee | http://www.flatnet.net/

Chad Fowler wrote:

>
>The real-time blacklists and any other blacklisting measure seem to be
>almost 0% effective.  Practically none of the spammers that have hit
>us have been listed, and we can't keep up a manual list fast enough.
>
>  
>

Then you wouldn't mind giving out the server logs for us to confirm you 
are telling the truth. Taking that last time you spoke without studying 
on w RBL exactly means. Plus, the IP was listed in the RBLs , so wheres 
the loags? taking that most hits were probbly around 80% despite a few 
like from rr.com, most *are * blacklisted, and it *does* work fine.

David Ross
-- 
Hazzle free packages for Ruby?
RPA is available from http://www.rubyarchive.org/

Oh, give it a rest, you.  He's got nothing to gain from lying.

On Fri, 29 Oct 2004 22:13:51 +0900, David Ross <dross@code-exec.net> wrote:
> Then you wouldn't mind giving out the server logs for us to confirm you
> are telling the truth.

Bill Atkins wrote:

>Oh, give it a rest, you.  He's got nothing to gain from lying.
>
>On Fri, 29 Oct 2004 22:13:51 +0900, David Ross <dross@code-exec.net> wrote:
>  
>
>>Then you wouldn't mind giving out the server logs for us to confirm you
>>are telling the truth.
>>    
>>
>
>
>  
>
I'm not the one that is telling lies, and yes he does. He thinks he has 
some type of authority over security. He doesn't prolly even know what 
an ankon does. He has no experience and yet he makes remarks about 
implementations not working. I've experience to identify when people are 
lying, plenty of it. The truth is that RBLs are more than just mail 
servers, they are lists of abusive hosts for different reasons. If chad 
wants to be blnd because I came up with the idea and he didn't, fine. 
There are other smarter people out there with wikis that have an open mind.

There was the beginning email about Rubygarden spam which had the IP 
listed on RBL servers since last year. There was also another person who 
replied to the [SOLUTION] thread which even said some of the IPs were in 
the blacklists as well.
even from 221.15.71.32 which spammed 
http://rubygarden.org/ruby?action=history&id=MySQL
I never said RBLs were the ultimate solution, of course they are 
supposed to be used in other means as mail servers use them. Mail 
servers take use of RBLs, AV, grep engines, sender identification by 
mail/rcpt tag, and many other ways.

I've been searching through.. there are also IPs like 61.149.119.74, 61.50.242.197, 68.40.176.215,200.56.233.5, and many many others which have had a god contribution to spam.
I was checking most of the pages like.. http://rubygarden.org/ruby?action=history&id=PragDave for the ips.

Hosts like.. www.bhmassociates.com are open proxies (this one is a squid proxy on port 3128) that is on the page above.

I think there should also be prox scanner checks done on the common ports at start, have a database of hosts. 

The RBLs will block about 80%
The Scanners will block another 10% of the spam that gets past the RBL
Implementing the RBL access is simple, and what would be nice is to have access in a wiki to submit abusive hosts with the IP and revision page to the blacklists for people to check, like dsbl, which has open relays, open proxies, or some other vulnerability. 

There are other ways to bundle a better security method. My way is the easiest for blocking people who love spamming the wikis instead of applying ill-minded restrictions to the wiki pages.

If he wants to be so foolish as to not listen to my advice, fine. Its his loss, and everyone elses in the Ruby community since there will probably still be spam. Logins can be automated, captachas can be read by smart bots as autoaim bots for video games are created. The real solution is not obfuscation, its security.

David Ross

David Ross wrote:

> Bill Atkins wrote:
>
>> Oh, give it a rest, you.  He's got nothing to gain from lying.
>>
>> On Fri, 29 Oct 2004 22:13:51 +0900, David Ross <dross@code-exec.net> 
>> wrote:
>>  
>>
>>> Then you wouldn't mind giving out the server logs for us to confirm you
>>> are telling the truth.
>>>   
>>
>>
>>
>>  
>>
> I'm not the one that is telling lies, and yes he does. He thinks he 
> has some type of authority over security. He doesn't prolly even know 
> what an ankon does. He has no experience and yet he makes remarks 
> about implementations not working. I've experience to identify when 
> people are lying, plenty of it. The truth is that RBLs are more than 
> just mail servers, they are lists of abusive hosts for different 
> reasons. If chad wants to be blnd because I came up with the idea and 
> he didn't, fine. There are other smarter people out there with wikis 
> that have an open mind.
>
> There was the beginning email about Rubygarden spam which had the IP 
> listed on RBL servers since last year. There was also another person 
> who replied to the [SOLUTION] thread which even said some of the IPs 
> were in the blacklists as well.
> even from 221.15.71.32 which spammed 
> http://rubygarden.org/ruby?action=history&id=MySQL
> I never said RBLs were the ultimate solution, of course they are 
> supposed to be used in other means as mail servers use them. Mail 
> servers take use of RBLs, AV, grep engines, sender identification by 
> mail/rcpt tag, and many other ways.
>
> I've been searching through.. there are also IPs like 61.149.119.74, 
> 61.50.242.197, 68.40.176.215,200.56.233.5, and many many others which 
> have had a god contribution to spam.
> I was checking most of the pages like.. 
> http://rubygarden.org/ruby?action=history&id=PragDave for the ips.
>
> Hosts like.. www.bhmassociates.com are open proxies (this one is a 
> squid proxy on port 3128) that is on the page above.
>
> I think there should also be prox scanner checks done on the common 
> ports at start, have a database of hosts.
> The RBLs will block about 80%
> The Scanners will block another 10% of the spam that gets past the RBL
> Implementing the RBL access is simple, and what would be nice is to 
> have access in a wiki to submit abusive hosts with the IP and revision 
> page to the blacklists for people to check, like dsbl, which has open 
> relays, open proxies, or some other vulnerability.
> There are other ways to bundle a better security method. My way is the 
> easiest for blocking people who love spamming the wikis instead of 
> applying ill-minded restrictions to the wiki pages.
>
> If he wants to be so foolish as to not listen to my advice, fine. Its 
> his loss, and everyone elses in the Ruby community since there will 
> probably still be spam. Logins can be automated, captachas can be read 
> by smart bots as autoaim bots for video games are created. The real 
> solution is not obfuscation, its security.
>
> David Ross
>
>
>
>
oh btw, besides the common ports, there are special ports that change 
each week in infections of windows computer viruses for proxy ports 
which could be scanned as well. You've no idea how insecure the internet 
really can be for everybody. Its really insecure, the best way is to 
have a real security plan, identify spammers, and block them as others 
do to crackers.

David Ross

If you have issues with Chad's decisions, then communicate with him
personally, and stop trolling about.  Your arrogance and your
vendettas don't do much to resolve the spam issue.

Bill

On Fri, 29 Oct 2004 23:34:56 +0900, David Ross <dross@code-exec.net> wrote:
> David Ross wrote:
> 
> 
> 
> > Bill Atkins wrote:
> >
> >> Oh, give it a rest, you.  He's got nothing to gain from lying.
> >>
> >> On Fri, 29 Oct 2004 22:13:51 +0900, David Ross <dross@code-exec.net>
> >> wrote:
> >>
> >>
> >>> Then you wouldn't mind giving out the server logs for us to confirm you
> >>> are telling the truth.
> >>>
> >>
> >>
> >>
> >>
> >>
> > I'm not the one that is telling lies, and yes he does. He thinks he
> > has some type of authority over security. He doesn't prolly even know
> > what an ankon does. He has no experience and yet he makes remarks
> > about implementations not working. I've experience to identify when
> > people are lying, plenty of it. The truth is that RBLs are more than
> > just mail servers, they are lists of abusive hosts for different
> > reasons. If chad wants to be blnd because I came up with the idea and
> > he didn't, fine. There are other smarter people out there with wikis
> > that have an open mind.
> >
> > There was the beginning email about Rubygarden spam which had the IP
> > listed on RBL servers since last year. There was also another person
> > who replied to the [SOLUTION] thread which even said some of the IPs
> > were in the blacklists as well.
> > even from 221.15.71.32 which spammed
> > http://rubygarden.org/ruby?action=history&id=MySQL
> > I never said RBLs were the ultimate solution, of course they are
> > supposed to be used in other means as mail servers use them. Mail
> > servers take use of RBLs, AV, grep engines, sender identification by
> > mail/rcpt tag, and many other ways.
> >
> > I've been searching through.. there are also IPs like 61.149.119.74,
> > 61.50.242.197, 68.40.176.215,200.56.233.5, and many many others which
> > have had a god contribution to spam.
> > I was checking most of the pages like..
> > http://rubygarden.org/ruby?action=history&id=PragDave for the ips.
> >
> > Hosts like.. www.bhmassociates.com are open proxies (this one is a
> > squid proxy on port 3128) that is on the page above.
> >
> > I think there should also be prox scanner checks done on the common
> > ports at start, have a database of hosts.
> > The RBLs will block about 80%
> > The Scanners will block another 10% of the spam that gets past the RBL
> > Implementing the RBL access is simple, and what would be nice is to
> > have access in a wiki to submit abusive hosts with the IP and revision
> > page to the blacklists for people to check, like dsbl, which has open
> > relays, open proxies, or some other vulnerability.
> > There are other ways to bundle a better security method. My way is the
> > easiest for blocking people who love spamming the wikis instead of
> > applying ill-minded restrictions to the wiki pages.
> >
> > If he wants to be so foolish as to not listen to my advice, fine. Its
> > his loss, and everyone elses in the Ruby community since there will
> > probably still be spam. Logins can be automated, captachas can be read
> > by smart bots as autoaim bots for video games are created. The real
> > solution is not obfuscation, its security.
> >
> > David Ross
> >
> >
> >
> >
> oh btw, besides the common ports, there are special ports that change
> each week in infections of windows computer viruses for proxy ports
> which could be scanned as well. You've no idea how insecure the internet
> really can be for everybody. Its really insecure, the best way is to
> have a real security plan, identify spammers, and block them as others
> do to crackers.
> 
> David Ross
> 
>

Bill Atkins wrote:

>If you have issues with Chad's decisions, then communicate with him
>personally, and stop trolling about.  Your arrogance and your
>vendettas don't do much to resolve the spam issue.
>
>Bill
>
>On Fri, 29 Oct 2004 23:34:56 +0900, David Ross <dross@code-exec.net> wrote:
>  
>
>>David Ross wrote:
>>
>>
>>
>>    
>>
>>>Bill Atkins wrote:
>>>
>>>      
>>>
>>>>Oh, give it a rest, you.  He's got nothing to gain from lying.
>>>>
>>>>On Fri, 29 Oct 2004 22:13:51 +0900, David Ross <dross@code-exec.net>
>>>>wrote:
>>>>
>>>>
>>>>        
>>>>
>>>>>Then you wouldn't mind giving out the server logs for us to confirm you
>>>>>are telling the truth.
>>>>>
>>>>>          
>>>>>
>>>>
>>>>
>>>>
>>>>        
>>>>
>>>I'm not the one that is telling lies, and yes he does. He thinks he
>>>has some type of authority over security. He doesn't prolly even know
>>>what an ankon does. He has no experience and yet he makes remarks
>>>about implementations not working. I've experience to identify when
>>>people are lying, plenty of it. The truth is that RBLs are more than
>>>just mail servers, they are lists of abusive hosts for different
>>>reasons. If chad wants to be blnd because I came up with the idea and
>>>he didn't, fine. There are other smarter people out there with wikis
>>>that have an open mind.
>>>
>>>There was the beginning email about Rubygarden spam which had the IP
>>>listed on RBL servers since last year. There was also another person
>>>who replied to the [SOLUTION] thread which even said some of the IPs
>>>were in the blacklists as well.
>>>even from 221.15.71.32 which spammed
>>>http://rubygarden.org/ruby?action=history&id=MySQL
>>>I never said RBLs were the ultimate solution, of course they are
>>>supposed to be used in other means as mail servers use them. Mail
>>>servers take use of RBLs, AV, grep engines, sender identification by
>>>mail/rcpt tag, and many other ways.
>>>
>>>I've been searching through.. there are also IPs like 61.149.119.74,
>>>61.50.242.197, 68.40.176.215,200.56.233.5, and many many others which
>>>have had a god contribution to spam.
>>>I was checking most of the pages like..
>>>http://rubygarden.org/ruby?action=history&id=PragDave for the ips.
>>>
>>>Hosts like.. www.bhmassociates.com are open proxies (this one is a
>>>squid proxy on port 3128) that is on the page above.
>>>
>>>I think there should also be prox scanner checks done on the common
>>>ports at start, have a database of hosts.
>>>The RBLs will block about 80%
>>>The Scanners will block another 10% of the spam that gets past the RBL
>>>Implementing the RBL access is simple, and what would be nice is to
>>>have access in a wiki to submit abusive hosts with the IP and revision
>>>page to the blacklists for people to check, like dsbl, which has open
>>>relays, open proxies, or some other vulnerability.
>>>There are other ways to bundle a better security method. My way is the
>>>easiest for blocking people who love spamming the wikis instead of
>>>applying ill-minded restrictions to the wiki pages.
>>>
>>>If he wants to be so foolish as to not listen to my advice, fine. Its
>>>his loss, and everyone elses in the Ruby community since there will
>>>probably still be spam. Logins can be automated, captachas can be read
>>>by smart bots as autoaim bots for video games are created. The real
>>>solution is not obfuscation, its security.
>>>
>>>David Ross
>>>
>>>
>>>
>>>
>>>      
>>>
>>oh btw, besides the common ports, there are special ports that change
>>each week in infections of windows computer viruses for proxy ports
>>which could be scanned as well. You've no idea how insecure the internet
>>really can be for everybody. Its really insecure, the best way is to
>>have a real security plan, identify spammers, and block them as others
>>do to crackers.
>>
>>David Ross
>>
>>
>>    
>>
>
>
>  
>
Trolling? excuse me. Everytime anyone argues its called trolling. Grow up.

He made a bad decision.

David Ross
-- 
Hazzle free packages for Ruby?
RPA is available from http://www.rubyarchive.org/

On Sat, Oct 30, 2004 at 12:26:07AM +0900, David Ross wrote:
> Bill Atkins wrote:
> 
> >If you have issues with Chad's decisions, then communicate with him
> >personally, and stop trolling about.  Your arrogance and your
> >vendettas don't do much to resolve the spam issue.
> >

Well said.

[snip a *lot* of text - how about removing un-needed text before
replying?]

> Trolling? excuse me. Everytime anyone argues its called trolling. Grow up.
> 
> He made a bad decision.

Come on - stop being so damn hostile and let it rest. You're not really
helping out promoting the "helpful and friendly" ruby community.

//Anders

-- 
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
 Anders Engstr�m         aengstrom@gnejs.net
 http://www.gnejs.net    PGP-Key: ED010E7F
 [Your mind is like an umbrella. It doesn't work unless you open it.]  

>
>  
>
>>Trolling? excuse me. Everytime anyone argues its called trolling. Grow up.
>>
>>He made a bad decision.
>>    
>>
>
>Come on - stop being so damn hostile and let it rest. You're not really
>helping out promoting the "helpful and friendly" ruby community.
>
>//Anders
>
>  
>
I agree. Often people jump in and back someone up without studying the 
facts. I'll try to not respond these type of people from now on.

David Ross
-- 
Hazzle free packages for Ruby?
RPA is available from http://www.rubyarchive.org/

David Ross wrote:
> 
> I agree. Often people jump in and back someone up without studying the 
> facts. I'll try to not respond these type of people from now on.
> 

No, David, YOU are the problem here, you and no one else.

I have never killfiled anyone on ruby-talk. You are a centimeter
from being the first.


Hal

On Fri, 29 Oct 2004 22:13:51 +0900
David Ross <dross@code-exec.net> wrote:

> Then you wouldn't mind giving out the server logs for us to confirm you 
> are telling the truth.

PLONK

-- 
Brian Schr�der
http://www.brian-schroeder.de/

Brian Schr�der wrote:

>On Fri, 29 Oct 2004 22:13:51 +0900
>David Ross <dross@code-exec.net> wrote:
>
>  
>
>>Then you wouldn't mind giving out the server logs for us to confirm you 
>>are telling the truth.
>>    
>>
>
>PLONK
>
>  
>
/me blinks

what does "PLONK" mean?

David Ross
-- 
Hazzle free packages for Ruby?
RPA is available from http://www.rubyarchive.org/

David Ross <dross@code-exec.net> writes:

> Brian Schr�der wrote:
> 
> >On Fri, 29 Oct 2004 22:13:51 +0900
> >David Ross <dross@code-exec.net> wrote:
> >
> >
> >> Then you wouldn't mind giving out the server logs for us to confirm
> >> you are telling the truth.
> >>
> >
> >PLONK
> >
> >
> /me blinks
> 
> what does "PLONK" mean?

Well, metaphorically, it means dumping your hostile allegations against
the provider of a free service where it rightfully belongs: the trash.
Technically, it means you're killfiled.

On Saturday 30 October 2004 09:40 am, Mikael Brockman wrote:
| David Ross <dross@code-exec.net> writes:
| > Brian Schröder wrote:
| > >On Fri, 29 Oct 2004 22:13:51 +0900
| > >
| > >David Ross <dross@code-exec.net> wrote:
| > >> Then you wouldn't mind giving out the server logs for us to confirm
| > >> you are telling the truth.
| > >
| > >PLONK
| >
| > /me blinks
| >
| > what does "PLONK" mean?
|
| Well, metaphorically, it means dumping your hostile allegations against
| the provider of a free service where it rightfully belongs: the trash.
| Technically, it means you're killfiled.

Killfile?

Well, we all know D. Ross is about as rude as they come. I've sort of just 
come to accept it as a personality "disability", if you will. Between all his 
bravado their is some valuable info though.

But I'm wondering why Chad hasn't as least made a statement on the matter. I 
can understand that he might not want get into it with Ross. I wouldn't 
either. But the rest of us might like to know about his work on the RBL 
matter. I for one do not really want authentication --if at all avoidable.

Hopefully the cap-letters trick will help for while.

T.
"Pride is terrible thing; learn to waste it."

Mikael Brockman wrote:

>David Ross <dross@code-exec.net> writes:
>
>  
>
>>Brian Schr�der wrote:
>>
>>    
>>
>>>On Fri, 29 Oct 2004 22:13:51 +0900
>>>David Ross <dross@code-exec.net> wrote:
>>>
>>>
>>>      
>>>
>>>>Then you wouldn't mind giving out the server logs for us to confirm
>>>>you are telling the truth.
>>>>
>>>>        
>>>>
>>>PLONK
>>>
>>>
>>>      
>>>
>>/me blinks
>>
>>what does "PLONK" mean?
>>    
>>
> <>
> Well, metaphorically, it means dumping your hostile allegations against
> the provider of a free service where it rightfully belongs: the trash.
> Technically, it means you're killfiled.
>
>
<>Oh, Thanks Mikael, I'm not great with sound recognition. I asked 
others on irc and they had no idea what it meant. I've to disagree about 
them being in the trash though. Chad lied, thats worse than arguing. He 
lied about having a RBL, and he lied about the 0%. I don't care if I 
look like a bad guy on this one, becasue I just plainly don't care, but 
I am 100% right. I spent an hour checking spammer IPs on RubyGarden, it 
would certainly get over 80%, and the people who spammed from hosts not 
listed were mostly proxies(common and elite ports) or gone by the time I 
checked them from being Dynamic IP adrresses. Sorry you feel that way 
about the truth, not many people can have deep knowledge in security or 
have the experience. Laters,

David Ross
-- 
Hazzle free packages for Ruby?
RPA is available from http://www.rubyarchive.org/

trans. (T. Onoma) wrote:

>On Saturday 30 October 2004 09:40 am, Mikael Brockman wrote:
>| David Ross <dross@code-exec.net> writes:
>| > Brian Schröder wrote:
>| > >On Fri, 29 Oct 2004 22:13:51 +0900
>| > >
>| > >David Ross <dross@code-exec.net> wrote:
>| > >> Then you wouldn't mind giving out the server logs for us to confirm
>| > >> you are telling the truth.
>| > >
>| > >PLONK
>| >
>| > /me blinks
>| >
>| > what does "PLONK" mean?
>|
>| Well, metaphorically, it means dumping your hostile allegations against
>| the provider of a free service where it rightfully belongs: the trash.
>| Technically, it means you're killfiled.
>
>Killfile?
>
>Well, we all know D. Ross is about as rude as they come. I've sort of just 
>come to accept it as a personality "disability", if you will. Between all his 
>bravado their is some valuable info though.
>
>But I'm wondering why Chad hasn't as least made a statement on the matter. I 
>can understand that he might not want get into it with Ross. I wouldn't 
>either. But the rest of us might like to know about his work on the RBL 
>matter. I for one do not really want authentication --if at all avoidable.
>
>Hopefully the cap-letters trick will help for while.
>
>T.
>"Pride is terrible thing; learn to waste it."
>
>
>  
>
I've actually bee thinking of writing some code for usemod to check RBL, 
and DSBL.. though it might be best to just write a checker daemon in 
Ruby and set up a unix pipe. Since there are the other percent which are 
running proxies on the computers(common and elite port) which I have to 
dread. Whcih means... scanning selected ports and then trying to see if 
they are open proxies(whether it be HTTP, SOCKS, etc) This is s big 
problem to those who dislike being scanned. To many (even me) its like 
knocking on someones door to see if anyone is home. This is the best way 
to identify spammers though. Authentication, HTTP limiting is 
obfuscation, its a horrible way to block. When I think obfuscation I 
think compiling. Just because you compile a C application with a exploit 
you know in the program doesnt mean anyone will find it, people look at 
it anyway. So therefore obfuscation can easily be overridden, even if 
there are captachas. Hiding the problem doesn't help., but fixing the 
problem will help.

David Ross
-- 
Hazzle free packages for Ruby?
RPA is available from http://www.rubyarchive.org/

trans. (T. Onoma) wrote:

>On Saturday 30 October 2004 09:40 am, Mikael Brockman wrote:
>| David Ross <dross@code-exec.net> writes:
>| > Brian Schröder wrote:
>| > >On Fri, 29 Oct 2004 22:13:51 +0900
>| > >
>| > >David Ross <dross@code-exec.net> wrote:
>| > >> Then you wouldn't mind giving out the server logs for us to confirm
>| > >> you are telling the truth.
>| > >
>| > >PLONK
>| >
>| > /me blinks
>| >
>| > what does "PLONK" mean?
>|
>| Well, metaphorically, it means dumping your hostile allegations against
>| the provider of a free service where it rightfully belongs: the trash.
>| Technically, it means you're killfiled.
>
>Killfile?
>
>Well, we all know D. Ross is about as rude as they come. I've sort of just 
>come to accept it as a personality "disability", if you will. Between all his 
>bravado their is some valuable info though.
>
>But I'm wondering why Chad hasn't as least made a statement on the matter. I 
>can understand that he might not want get into it with Ross. I wouldn't 
>either. But the rest of us might like to know about his work on the RBL 
>matter. I for one do not really want authentication --if at all avoidable.
>
>Hopefully the cap-letters trick will help for while.
>
>T.
>"Pride is terrible thing; learn to waste it."
>
>
>  
>
What can I say.. Efnet and certain gruops rubbed off on me. I've tried 
but its unfixable since I've been like it for a while. I guess its more 
of a habit to be rude than anything. I apologize "T."

David Ross
-- 
Hazzle free packages for Ruby?
RPA is available from http://www.rubyarchive.org/

David Ross <dross@code-exec.net> writes:

> Mikael Brockman wrote:
> 
> >David Ross <dross@code-exec.net> writes:
> >
> >
> >>Brian Schr�der wrote:
> >>
> >>
> >>>On Fri, 29 Oct 2004 22:13:51 +0900
> >>>David Ross <dross@code-exec.net> wrote:
> >>>
> >>>
> >>>
> >>>>Then you wouldn't mind giving out the server logs for us to confirm
> >>>>you are telling the truth.
> >>>>
> >>>>
> >>>PLONK
> >>>
> >>>
> >>>
> >>/me blinks
> >>
> >>what does "PLONK" mean?
> >>
> > <>
> > Well, metaphorically, it means dumping your hostile allegations against
> > the provider of a free service where it rightfully belongs: the trash.
> > Technically, it means you're killfiled.
> >
> >
> <>Oh, Thanks Mikael, I'm not great with sound recognition. I asked
> others on irc and they had no idea what it meant. I've to disagree
> about them being in the trash though. Chad lied, thats worse than
> arguing. He lied about having a RBL, and he lied about the 0%. I don't
> care if I look like a bad guy on this one, becasue I just plainly
> don't care, but I am 100% right. I spent an hour checking spammer IPs
> on RubyGarden, it would certainly get over 80%, and the people who
> spammed from hosts not listed were mostly proxies(common and elite
> ports) or gone by the time I checked them from being Dynamic IP
> adrresses. Sorry you feel that way about the truth, not many people
> can have deep knowledge in security or have the experience. Laters,

You say you can't escape your habit of rudeness.  Here's a simple
procedure.  You can write it on a post-in note and stick it to your
monitor.

Before sending a message, read it over and answer these questions:

 - Is the ostensible point of my message to help or to slander?

 - Is it possible that I am assuming the worst?

 - Is there a way to change my message so that the consequences will
   smell less of sulphur and more of actual improvement?

If I were to apply this procedure to your mail, I'd come up with
something like this:

| Oh, thanks Mikael, I'm not great with sound recognition.  I asked
| others on IRC and they had no idea what it meant.  I've to disagree
| about them being in the trash though.
| 
| Chad was using an RBL, but I spent an hour checking spammer IPs on
| RubyGarden, and it looks like something wasn't set up properly,
| because most of the spam I saw would have been caught by a good RBL.
| If you want to continue down the RBL road -- and I think that'd be a
| good idea, because [reasons here] -- I'd be happy to help.
|
| Laters,

That's better, because it still conveys all pertinent information, but
avoids looking like an attempt at slander, tries not to assume bad
things, and isn't likely to be followed up with a long thread of flames.

Please try it.  You seem to know stuff about spam prevention.  That
stuff would be a lot more helpful if provided in a friendly package.

Mikael Brockman wrote:

>David Ross <dross@code-exec.net> writes:
>
>  
>
>>Mikael Brockman wrote:
>>
>>    
>>
>>>David Ross <dross@code-exec.net> writes:
>>>
>>>
>>>      
>>>
>>>>Brian Schr�der wrote:
>>>>
>>>>
>>>>        
>>>>
>>>>>On Fri, 29 Oct 2004 22:13:51 +0900
>>>>>David Ross <dross@code-exec.net> wrote:
>>>>>
>>>>>
>>>>>
>>>>>          
>>>>>
>>>>>>Then you wouldn't mind giving out the server logs for us to confirm
>>>>>>you are telling the truth.
>>>>>>
>>>>>>
>>>>>>            
>>>>>>
>>>>>PLONK
>>>>>
>>>>>
>>>>>
>>>>>          
>>>>>
>>>>/me blinks
>>>>
>>>>what does "PLONK" mean?
>>>>
>>>>        
>>>>
>>><>
>>>Well, metaphorically, it means dumping your hostile allegations against
>>>the provider of a free service where it rightfully belongs: the trash.
>>>Technically, it means you're killfiled.
>>>
>>>
>>>      
>>>
>><>Oh, Thanks Mikael, I'm not great with sound recognition. I asked
>>others on irc and they had no idea what it meant. I've to disagree
>>about them being in the trash though. Chad lied, thats worse than
>>arguing. He lied about having a RBL, and he lied about the 0%. I don't
>>care if I look like a bad guy on this one, becasue I just plainly
>>don't care, but I am 100% right. I spent an hour checking spammer IPs
>>on RubyGarden, it would certainly get over 80%, and the people who
>>spammed from hosts not listed were mostly proxies(common and elite
>>ports) or gone by the time I checked them from being Dynamic IP
>>adrresses. Sorry you feel that way about the truth, not many people
>>can have deep knowledge in security or have the experience. Laters,
>>    
>>
>
>You say you can't escape your habit of rudeness.  Here's a simple
>procedure.  You can write it on a post-in note and stick it to your
>monitor.
>
>Before sending a message, read it over and answer these questions:
>
> - Is the ostensible point of my message to help or to slander?
>
> - Is it possible that I am assuming the worst?
>
> - Is there a way to change my message so that the consequences will
>   smell less of sulphur and more of actual improvement?
>
>If I were to apply this procedure to your mail, I'd come up with
>something like this:
>
>| Oh, thanks Mikael, I'm not great with sound recognition.  I asked
>| others on IRC and they had no idea what it meant.  I've to disagree
>| about them being in the trash though.
>| 
>| Chad was using an RBL, but I spent an hour checking spammer IPs on
>| RubyGarden, and it looks like something wasn't set up properly,
>| because most of the spam I saw would have been caught by a good RBL.
>| If you want to continue down the RBL road -- and I think that'd be a
>| good idea, because [reasons here] -- I'd be happy to help.
>|
>| Laters,
>
>That's better, because it still conveys all pertinent information, but
>avoids looking like an attempt at slander, tries not to assume bad
>things, and isn't likely to be followed up with a long thread of flames.
>
>Please try it.  You seem to know stuff about spam prevention.  That
>stuff would be a lot more helpful if provided in a friendly package.
>
>
>
>  
>
You don't know how hard I've tried, even lilo(head of Freenode IRC) has 
talked to me(just about every staff on Freenode) except 3 which I've 
never heard of. I'm socially inept. He just accepts it though. Unfixable 
unfixable, as well as my dingy short replies.

David Ross
-- 
Hazzle free packages for Ruby?
RPA is available from http://www.rubyarchive.org/

Mikael Brockman wrote:
> David Ross <dross@code-exec.net> writes:

> Please try it.  You seem to know stuff about spam prevention.  That
> stuff would be a lot more helpful if provided in a friendly package.

I, for one, am surprised that people continue to reply to David's 
"messages". I killfiled him a long time ago, and he remains the one and 
only person I've ever killfiled, on any of the numerous mailing lists 
I'm on. It really is too bad he hangs out on ruby-talk, because it is 
otherwise one of the nicest communities I have the honor of 
participating in.

I killfiled David because he hides behind the excuse "yes, I'm rude, and 
I can't help it." You can ALWAYS help it. If he gives that excuse, it is 
because he doesn't WANT to change. He delights in being rude and 
obnoxious. Let's just acknoledge that, and cease to rise to David's 
trolls. If you, like me, don't like reading his bile, do like I did, and 
try the killfile.

- Jamis

-- 
Jamis Buck
jgb3@email.byu.edu
http://www.jamisbuck.org/jamis

David Ross wrote:

> trans. (T. Onoma) wrote:
>
>> On Saturday 30 October 2004 09:40 am, Mikael Brockman wrote:
>> | David Ross <dross@code-exec.net> writes:
>> | > Brian Schröder wrote:
>> | > >On Fri, 29 Oct 2004 22:13:51 +0900
>> | > >
>> | > >David Ross <dross@code-exec.net> wrote:
>> | > >> Then you wouldn't mind giving out the server logs for us to 
>> confirm
>> | > >> you are telling the truth.
>> | > >
>> | > >PLONK
>> | >
>> | > /me blinks
>> | >
>> | > what does "PLONK" mean?
>> |
>> | Well, metaphorically, it means dumping your hostile allegations 
>> against
>> | the provider of a free service where it rightfully belongs: the trash.
>> | Technically, it means you're killfiled.
>>
>> Killfile?
>>
>> Well, we all know D. Ross is about as rude as they come. I've sort of 
>> just come to accept it as a personality "disability", if you will. 
>> Between all his bravado their is some valuable info though.
>>
>> But I'm wondering why Chad hasn't as least made a statement on the 
>> matter. I can understand that he might not want get into it with 
>> Ross. I wouldn't either. But the rest of us might like to know about 
>> his work on the RBL matter. I for one do not really want 
>> authentication --if at all avoidable.
>>
>> Hopefully the cap-letters trick will help for while.
>>
>> T.
>> "Pride is terrible thing; learn to waste it."
>>
>>
>>  
>>
> I've actually bee thinking of writing some code for usemod to check 
> RBL, and DSBL.. though it might be best to just write a checker daemon 
> in Ruby and set up a unix pipe. Since there are the other percent 
> which are running proxies on the computers(common and elite port) 
> which I have to dread. Whcih means... scanning selected ports and then 
> trying to see if they are open proxies(whether it be HTTP, SOCKS, etc) 
> This is s big problem to those who dislike being scanned. To many 
> (even me) its like knocking on someones door to see if anyone is home. 
> This is the best way to identify spammers though. Authentication, HTTP 
> limiting is obfuscation, its a horrible way to block. When I think 
> obfuscation I think compiling. Just because you compile a C 
> application with a exploit you know in the program doesnt mean anyone 
> will find it, people look at it anyway. So therefore obfuscation can 
> easily be overridden, even if there are captachas. Hiding the problem 
> doesn't help., but fixing the problem will help.
>
> David Ross

wrong. The ruby scanner won't work, it will have to be done in C/C++ 
since Ruby has lack of support for Socket. It only has CONNECT, not SYN, 
FIN. Something would need to be written at a lower level.

David Ross
-- 
Hazzle free packages for Ruby?
RPA is available from http://www.rubyarchive.org/

Jamis Buck wrote:
> I, for one, am surprised that people continue to reply to David's 
> "messages". I killfiled him a long time ago, and he remains the one and 
> only person I've ever killfiled, on any of the numerous mailing lists 
> I'm on. It really is too bad he hangs out on ruby-talk, because it is 
> otherwise one of the nicest communities I have the honor of 
> participating in.
> 
> I killfiled David because he hides behind the excuse "yes, I'm rude, and 
> I can't help it." You can ALWAYS help it. If he gives that excuse, it is 
> because he doesn't WANT to change. He delights in being rude and 
> obnoxious. Let's just acknoledge that, and cease to rise to David's 
> trolls. If you, like me, don't like reading his bile, do like I did, and 
> try the killfile.

Wholeheartedly concur. I plonked dross a long time ago and haven't 
missed him. Now I only have to read his drivel when people reply to him.

Steve

Jamis Buck wrote:
> 
> I, for one, am surprised that people continue to reply to David's 
> "messages". I killfiled him a long time ago, and he remains the one and 
> only person I've ever killfiled, on any of the numerous mailing lists 
> I'm on. It really is too bad he hangs out on ruby-talk, because it is 
> otherwise one of the nicest communities I have the honor of 
> participating in.
> 
> I killfiled David because he hides behind the excuse "yes, I'm rude, and 
> I can't help it." You can ALWAYS help it. If he gives that excuse, it is 
> because he doesn't WANT to change. He delights in being rude and 
> obnoxious. Let's just acknoledge that, and cease to rise to David's 
> trolls. If you, like me, don't like reading his bile, do like I did, and 
> try the killfile.

Thank you.

I, too, killfiled Mr. Ross (twice now , actually).

I resisted commenting on this thread because of the catch-22 of 
trolling: Publicly asking people not to publicly respond.

But there you go.

I'm amazed at how much traffic is generated by people repeatedly 
pointing out the obvious.  Mr. Ross will not change. Please stop 
expecting otherwise.  Please simply either ignore him, or correspond in 
private.

Maybe this belongs in the FAQ:

q. Are some people rude, thoughtless, and/or spiteful?
a. Yes.
q. Will they ever change?
a. Don't hold your breath.
q. Even if I repeatedly point out the error of their ways?
a. You're turning blue.

James

On Sat, 30 Oct 2004 22:57:15 +0900, David Ross <dross@code-exec.net> wrote:
> <>Oh, Thanks Mikael, I'm not great with sound recognition. I asked
> others on irc and they had no idea what it meant. I've to disagree about
> them being in the trash though. Chad lied, thats worse than arguing. He
> lied about having a RBL, and he lied about the 0%.

You're an ass, David, and you do more harm for the things that you suggest than
you could ever believe because you revel in being a first-class ass.

There is no evidence that Chad lied. You're pretending that RBLs are ideal
solutions. As I've told you before, they're not. There are various RBLs to
query -- and you don't know what list(s) that Chad is/was querying (nor does it
*matter*). New ones appear regularly, old ones disappear regularly. Various
RBLs have varying political policies (such as the list you mentioned that
blocks all dynamic IPs) that make them inappropriate. RBLs must be managed as
often as not. When Ruwiki supports RBL querying, the RBL will be disabled
unless you have three RBLs that you query and then it requires a majority vote
between the RBLs.

Frankly, I'm far more willing to believe Chad on this than I'd ever believe
you, because you're not necessarily querying the RBLs that Chad is querying --
and you're not necessarily querying it at the same time that RubyGarden's wiki
was doing so.

>I don't care if I look like a bad guy on this one, becasue I just plainly
>don't care, but I am 100% right.

No, you're not. Even if you had a 5% chance of being right, your attitude has
made you 1000% wrong. You want to do something with it? Start your own Ruby
wiki website and run it according to the policies that you prefer. And listen
to the crickets.

> I spent an hour checking spammer IPs on RubyGarden, it would certainly get
> over 80%, and the people who spammed from hosts not listed were mostly
> proxies (common and elite ports) or gone by the time I checked them from
> being Dynamic IP adrresses. Sorry you feel that way about the truth, not many
> people can have deep knowledge in security or have the experience.

And you obviously have neither the knowledge nor the experience. RBLs aren't
even acknowledged as a 100% solution by the people who run them. What makes you
think that you know better?

-austin
-- 
Austin Ziegler * halostatue@gmail.com
               * Alternate: austin@halostatue.ca
: as of this email, I have [ 5 ] Gmail invitations

On Sat, 30 Oct 2004 23:56:05 +0900, Jamis Buck <jgb3@email.byu.edu> wrote:

> I killfiled David because he hides behind the excuse "yes, I'm rude, and
> I can't help it." You can ALWAYS help it. If he gives that excuse, it is
> because he doesn't WANT to change. He delights in being rude and
> obnoxious. Let's just acknoledge that, and cease to rise to David's
> trolls. If you, like me, don't like reading his bile, do like I did, and
> try the killfile.

This is certainly true. Even folks with Tourette's syndrome can help it.

-austin
-- 
Austin Ziegler * halostatue@gmail.com
               * Alternate: austin@halostatue.ca
: as of this email, I have [ 5 ] Gmail invitations

     Maybe we just need to think creatively here.  With a bit of
rule-tweaking something like Spam Assassin could be modified for use as
a bile filter (look for phrases like "I am 100% correct" and "Are you a
_____?").

     Posts that have too much bile could be run through the Swedish Chef
filter before being sent to the list.

     It wouldn't solve the problem, but it might change it into
something that wasn't so much like deja vue all over again.

    -- Markus

Austin Ziegler wrote:

>On Sat, 30 Oct 2004 23:56:05 +0900, Jamis Buck <jgb3@email.byu.edu> wrote:
>
>  
>
>>I killfiled David because he hides behind the excuse "yes, I'm rude, and
>>I can't help it." You can ALWAYS help it. If he gives that excuse, it is
>>because he doesn't WANT to change. He delights in being rude and
>>obnoxious. Let's just acknoledge that, and cease to rise to David's
>>trolls. If you, like me, don't like reading his bile, do like I did, and
>>try the killfile.
>>    
>>
>
>This is certainly true. Even folks with Tourette's syndrome can help it.
>
>-austin
>  
>
No, they can't. I had Tourettes, I'll fax you my medical record if you 
really want it. And just to be clear Tourettes isn't just swearing, it 
has to do with ticks, involuntary movements.

David Ross
-- 
Hazzle free packages for Ruby?
RPA is available from http://www.rubyarchive.org/

On Sun, 31 Oct 2004 01:35:27 +0900, David Ross <dross@code-exec.net> wrote:
> Austin Ziegler wrote:
> >On Sat, 30 Oct 2004 23:56:05 +0900, Jamis Buck <jgb3@email.byu.edu> wrote:
> >>I killfiled David because he hides behind the excuse "yes, I'm rude, and
> >>I can't help it." You can ALWAYS help it. If he gives that excuse, it is
> >>because he doesn't WANT to change. He delights in being rude and
> >>obnoxious. Let's just acknoledge that, and cease to rise to David's
> >>trolls. If you, like me, don't like reading his bile, do like I did, and
> >>try the killfile.
> >This is certainly true. Even folks with Tourette's syndrome can help it.
> No, they can't. I had Tourettes, I'll fax you my medical record if you
> really want it. And just to be clear Tourettes isn't just swearing, it
> has to do with ticks, involuntary movements.

No, David, they can. The tics and involuntary movements is the primary
point of Tourette's. One doesn't have to be an ass. There is a
difference between the events in Tourette's (even the swearing or
other random words) and simply being an ass. And to be quite clear:
the swearing and bad attitude quite commonly associated with
Tourette's shouldn't be manifesting itself on the 'net.

I strongly suggest that you wait fifteen minutes before responding to
anything, and then edit what you send -- because you're coming across
like a hormonal fifteen year old who claims to know far more than he
does.

-austin
-- 
Austin Ziegler * halostatue@gmail.com
               * Alternate: austin@halostatue.ca
: as of this email, I have [ 5 ] Gmail invitations

Austin Ziegler wrote:

>On Sat, 30 Oct 2004 22:57:15 +0900, David Ross <dross@code-exec.net> wrote:
>  
>
>><>Oh, Thanks Mikael, I'm not great with sound recognition. I asked
>>others on irc and they had no idea what it meant. I've to disagree about
>>them being in the trash though. Chad lied, thats worse than arguing. He
>>lied about having a RBL, and he lied about the 0%.
>>    
>>
>
>There is no evidence that Chad lied. You're pretending that RBLs are ideal
>solutions. As I've told you before, they're not. There are various RBLs to
>query -- and you don't know what list(s) that Chad is/was querying (nor does it
>*matter*). New ones appear regularly, old ones disappear regularly. Various
>RBLs have varying political policies (such as the list you mentioned that
>blocks all dynamic IPs) that make them inappropriate. RBLs must be managed as
>often as not. When Ruwiki supports RBL querying, the RBL will be disabled
>unless you have three RBLs that you query and then it requires a majority vote
>between the RBLs.
>  
>

Yes, there is which I pasted below. He said he used blask listing. Even 
some of the IPs listed in RubyGarden were on some of the best RBL 
servers out there on the net.
http://blade.nagaokaut.ac.jp/cgi-bin/scat.rb/ruby/ruby-talk/118249
http://blade.nagaokaut.ac.jp/cgi-bin/scat.rb/ruby/ruby-talk/117680

RBLs are part of a good solution. What you are getting confused with one 
of dsbl's servers called the dup list. The list I *never* will recommend 
nor use. RBLs don't block dynamic IP ranges like you are thinking. I 
tried to explain this on IRC, but failed because I can't explain well 
unless I take much time doing so.. So, no. The RBL/DSBLs are appropriate 
to use for the wiki application.

 > New ones appear regularly, old ones disappear regularly.
Which is why there are special checks performed to eliminate any.. 
inconsistancies in the RBL/or DSBL's databases.

 >political policies

Sure.. for instance.. one of the BL servers has a list dedicated to 
people who attack them by sendnig spam, which I never use asa well. The 
Blacklist services out there are not going to be against people, because 
no one would use them. Also, in dsbl if you do and you are a trusted 
user you get your account pulled.

>Frankly, I'm far more willing to believe Chad on this than I'd ever believe
>you, because you're not necessarily querying the RBLs that Chad is querying --
>and you're not necessarily querying it at the same time that RubyGarden's wiki
>was doing so.
>
>  
>

The IP that James Britt submitted to R-T, one of the first posts talked 
about spam, listed an IP that was listed in the Single Hop, which is 
tested by trusted users. Very good source of blocking, and I might 
recieve 1 spam a week. It includes open proxies etc.

>>I don't care if I look like a bad guy on this one, becasue I just plainly
>>don't care, but I am 100% right.
>>    
>>
>
>No, you're not. Even if you had a 5% chance of being right, your attitude has
>made you 1000% wrong. You want to do something with it? Start your own Ruby
>wiki website and run it according to the policies that you prefer. And listen
>to the crickets.
>
>  
>

Attitude doesn't make the results right or wrong. The information proves 
the credibility of the result.

>>I spent an hour checking spammer IPs on RubyGarden, it would certainly get
>>over 80%, and the people who spammed from hosts not listed were mostly
>>proxies (common and elite ports) or gone by the time I checked them from
>>being Dynamic IP adrresses. Sorry you feel that way about the truth, not many
>>people can have deep knowledge in security or have the experience.
>>    
>>
>
>And you obviously have neither the knowledge nor the experience. RBLs aren't
>even acknowledged as a 100% solution by the people who run them. What makes you
>think that you know better?
>  
>

Right.. thats why I must have been confused when I was first in 
computers until I learned about ethics and law. Yes, it will  part of a 
solution, the other part is having something scan the host for known 
ports. What makes me better.. well you see I've the experience from 
being confused, I'm just glad I was taught ethics before I turned evil.

>-austin
>  
>


David Ross
-- 
Hazzle free packages for Ruby?
RPA is available from http://www.rubyarchive.org/

Austin Ziegler wrote:

>On Sun, 31 Oct 2004 01:35:27 +0900, David Ross <dross@code-exec.net> wrote:
>  
>
>>Austin Ziegler wrote:
>>    
>>
>>>On Sat, 30 Oct 2004 23:56:05 +0900, Jamis Buck <jgb3@email.byu.edu> wrote:
>>>      
>>>
>>>>I killfiled David because he hides behind the excuse "yes, I'm rude, and
>>>>I can't help it." You can ALWAYS help it. If he gives that excuse, it is
>>>>because he doesn't WANT to change. He delights in being rude and
>>>>obnoxious. Let's just acknoledge that, and cease to rise to David's
>>>>trolls. If you, like me, don't like reading his bile, do like I did, and
>>>>try the killfile.
>>>>        
>>>>
>>>This is certainly true. Even folks with Tourette's syndrome can help it.
>>>      
>>>
>>No, they can't. I had Tourettes, I'll fax you my medical record if you
>>really want it. And just to be clear Tourettes isn't just swearing, it
>>has to do with ticks, involuntary movements.
>>    
>>
>
>No, David, they can. The tics and involuntary movements is the primary
>point of Tourette's. One doesn't have to be an ass. There is a
>difference between the events in Tourette's (even the swearing or
>other random words) and simply being an ass. And to be quite clear:
>the swearing and bad attitude quite commonly associated with
>Tourette's shouldn't be manifesting itself on the 'net.
>
>I strongly suggest that you wait fifteen minutes before responding to
>anything, and then edit what you send -- because you're coming across
>like a hormonal fifteen year old who claims to know far more than he
>does.
>
>-austin
>  
>
No, they cannot. Even if you hold the throat or arm muscle, it *will* 
still tick. I should know. I had it for a really long time. Its not 
medically possible for you to stop your heart from beating(unless you 
actually know hw to meditate and stop it :P). Tourettes, is the same way.

David Ross
-- 
Hazzle free packages for Ruby?
RPA is available from http://www.rubyarchive.org/

>>>>> "D" == David Ross <dross@code-exec.net> writes:

D> Yes, it will  part of a solution,

 Associate it with another test (captcha, or what you want)

 * positive response from a majority of RBL, the user need to pass a test
   (captcha, ..)

 * otherwise he is accepted

D> the other part is having something scan the host for known 
D> ports.

 This is not the purpose of xbl.spamhaus.org (exploits block list) to
 detect such hosts ?


Guy Decoux

ts wrote:

>>>>>>"D" == David Ross <dross@code-exec.net> writes:
>>>>>>            
>>>>>>
>
>D> Yes, it will  part of a solution,
>
> Associate it with another test (captcha, or what you want)
>
> * positive response from a majority of RBL, the user need to pass a test
>   (captcha, ..)
>
> * otherwise he is accepted
>
>D> the other part is having something scan the host for known 
>D> ports.
>
> This is not the purpose of xbl.spamhaus.org (exploits block list) to
> detect such hosts ?
>
>
>Guy Decoux
>
>
>
>  
>
oops, I mean real-time scanning like Freenode networks. Sure, the lists 
have some open relays, etc. Computers are infected all the time, so its 
up to a scanning to see who is infected. There are HTTP1.1 proxies which 
use CONNECT, SOCKS4/5 servers, other types of servers which are 
constructed for use in attacks. Hell, some people attack using over 50 
hops(computers one after another connecting to the next just to attack). 
For Freenode to block some "kiddies" I had to help freenode with the 
current ports they were scanning and  sent over a list of (elite) ports 
because somene accessed the list and wanted to act stupid so they 
decided to launch bot attacks. It was interersting how many attacks 
there are now since I gave them a list. Of course there are still the 
ocasion irc-trojan attacks which are not commanded by port 
communication, but a virus infects a computer to get information off a 
designated IRC server. Join the channel, and the master of a botnet 
attacks. Unless someone actually wants to be that stupid to attack a 
wiki, which is less likely. <finish for now, time ended for tea>

David Ross
-- 
Hazzle free packages for Ruby?
RPA is available from http://www.rubyarchive.org/