31 March 2017

Social aspects of newsgroup moderation and mailing list administration

How do those of us (tinw) who run non-commercial mailing lists or newsgroups as a hobby view that role?

What motivates you?

My guess is that at least those who have operated many such forums, done it during a long period of time or supported large user bases tend to be driven by a kind of public good. Of course, this is a generalisation, but if your motive isn’t altruism, what is it that makes you tick? (A sense of power? That would seem particularly unlikely after the first five or ten years of toiling. Material gain? Nonexistent, as far as I know.)

Hobby or mortal combat?

Leisure activities should be fun and relaxing, and running a discussion forum may indeed offer occasional humorous moments. (If it would not, how many administrators would put up with the darker side, such as legal or physical threats?) Let’s try to keep it fun as well. You probably get your fair share of controversy at your day job, so why become all worked up over a hobby?

Take it easy, and your heart will thank you. Spend your free time online with a chip on your shoulder, and become a cardiac fatality with ‘They never missed an opportunity to get back at someone’ engraved on your tombstone. If a newsgroup or mailing list is starting to look like a power game to you, why not take a leave of absence. Go for a walk, smell the flowers. Whether it’s for a week or a month, it will also help you run the forum in a more balanced way when you return.

The rule of first impressions

Newsgroups and mailing lists do not exist in isolation from ‘real life’. If you lose your cool online, people will assume that you suffer from anger management problems in other environments as well, particularly if you are known to be past puberty. Remember that sites such as Google Groups create public (and potentially eternal) archives of various forums. People with notoriously inadequate self-control may even receive their own ‘fan sites’ displaying their writings. – Speaking of fan culture:

Don’t try to turn a forum into your fan club

Any literate person can set up a mailing list, and no matter how good you are, no one is irreplaceable. Users are mainly interested in discussing whatever is on topic for the list or group; they are unlikely to care much about the team that handles the background work, at least as long as those worker bees are competent enough not to break too much too often. (It’s not like most list administrators or newsgroup moderators would receive e.g. 10,000 holiday gifts each year from their user community.) Set an example by posting objective, on-topic articles, but if you feel the need to rant about something irrelevant, not to mention engage in ad hominem attacks, consider doing it elsewhere, if at all.

30 March 2017

Writing style on Usenet

This article is based on material authored by members of the news.newusers.questions Moderation Board and nnq-workers mailing list.

If your posts are hard to decipher, some people just won't even attempt to read them &ndash which means nobody will write back &ndash so try these helpful hints!


Ahem… please do not ‘shout’. No need to use ALL CAPS, as it is hard to read.

Do not use all lowercase, either. Try to use correct grammar and punctuation.

Quote judiciously

When posting a reply to someone else’s message, carefully checking the ‘attributes’ of any quoted text that your posting includes is wise. In other words, be sure that what your posting says that what someone else said actually is what that person, not someone else, said in a previous posting.

Please keep your lines less than 70 or 75 characters wide

If you do not, they tend to wrap around poorly and are hard to read. In case you are unsure how much space 70 characters take up, it is about six inches:

  • If your program allows it, set your line wrap for every 70 characters. This will allow your text to ‘hit return’ for itself every 70 characters or so, so you do not have to do it.
  • If your program allows it, use a monospaced font like Courier or System. With these fonts, spaces and W’s and i’s and l’s all take up one unit of space. When every line of 70 characters takes up the same amount of space, it is a lot easier to figure out when you have reached 70 characters.
  • You might have to do it the old-fashioned way: hit return at the end of each line. It’s a pain, but it makes your posts a lot easier to read.

Please remember that many people do not speak the same languages you do

They also may not speak your language as well as you do. So please try to write your questions so that they are clear and easy to read. Moreover, please do not use foul language. People of all ages and all backgrounds read newsgroups. You will get a much better response if you speak politely than if you are rude to others.

29 March 2017

How websites can find out which other sites you visit

When a web browser renders a page that includes hyperlinks to other pages, one of two different colours is normally used for each link, depending on whether you already have visited the page to which the link points. To make this feature work, the browser needs a history file, in other words a list of all websites you have visited within a certain period. Browsers usually save this file on the local hard disk drive.

The history file can be a privacy threat to you. You probably know that other persons, such as co-workers or family members, could use your web history to gain information on which sites you have visited. However, it is often also possible for web servers to determine whether you have visited a particular page, for example that of a competitor.

This can be done by using CSS styles that e.g. apply a background image to visited links; when the browser displays such a link, it downloads the background image, and this download creates an entry in the server log, from which the web site operator can then retrieve the results. Also, note that if you allow your browser to run scripts (JavaScript, actually ECMAScript), you provide additional options to websites wanting to detect your browsing history.

The method described above does not actually read your history file, but rather asks e.g. "Is www.blogger.com out there? What about www.google.com and www.facebook.com?" and so on. Still, it can be quite effective. The best solution is probably to disable and delete the history file.

28 March 2017

Where to post your very first message

This article is based on material authored by members of the news.newusers.questions Moderation Board and nnq-workers mailing list.

Eventually, every newcomer to the Internet gets tired of just reading news, and wants to post something. Since news.newusers.questions often seems to be part of default subscription lists, a lot of these first postings end up there, whether they’re really appropriate or not.

Herewith, some tips on where to post your first message, depending on what kind of message it is:

If you just want to practice the mechanics of posting (which are sometimes not trivial)

...and verify that your messages really do go out to the rest of the world, you should post to misc.test or alt.test.

A site might monitor these newsgroups and automatically send email responses to all messages that appear in them. (Greetings from beautiful Contra Costa County, California!) These groups are also nice for practicing how to write messages with your text editor, because you do not have to worry about real people seeing your typing mistakes and formatting blunders.

If you want to exchange messages with people

...but do not have anything in particular to talk about ("Hi, I'm Wally in Podunk, Iowa. Please send me mail!"), try the newsgroup soc.penpals, which is intended specifically for this sort of thing.

If you actually want to ask a question

...then news.newusers.questions may be the right place. Strictly speaking, this newsgroup is for questions about Usenet in general, but most of us do not mind questions about other network services. If your question is rather specialized, though, be prepared to be referred to another newsgroup where real experts hang out.

Exception: If you have a question of the form ‘Is there a newsgroup about xxx?’

You should post it in news.groups.questions, which was created specifically for this purpose.

Finally, before you post a question in news.newusers.questions

Please scan through all the message titles in this newsgroup first. Certain questions get asked (and answered) repeatedly. There is a chance that your answer may already be sitting in your news server. Remember to check the ‘previously-read’ messages, too (how you do this depends on the software you are using).

If you can’t see what you’re looking for, and you are not in a life-or-death hurry, you might consider waiting and watching for a few days, especially if you suspect that your question might be an FAQ (Frequently Asked Question). – Examples:

  • ‘How do I view the pictures that are posted in some groups?’
  • ‘Where can I get a complete list of newsgroups?’
  • ‘How do I make a signature file?’
  • ‘How do I set up a home page?’
  • ‘How can I create a new newsgroup?’
  • ‘Why does my message disappear right after I post it?’
  • ‘How do I chat in real time with other people on the net?’
  • ‘Don't these people who answer questions have a real life?’ ☺

27 March 2017

Improve your online privacy by trimming the headers your browser sends

The EFF runs a very useful web-based service that estimates the uniqueness of the HTTP header lines that your browser sends to every web server from which you request a page or other content.

Especially if you allow all sites to run JavaScript on your computer, I suggest that you visit EFF’s Panopticlick site and note the results. Chances are that the information on plug-in details, time zone, screen size, colour depth and system fonts that JavaScript (officially ECMAScript) gives away go a significant way towards making your browser fingerprint unique.

In addition to avoiding JavaScript, similar steps you can take to improve your online privacy are to disable cookies and to use only one entry in your Accept-Language header (which enumerates your preferred languages for web content). Accept-Language: en would probably be the safest choice.

Many Panopticlick users have unique headers, even though the service does not pay attention to all information that a browser could provide.

Generally, the less opportunity your browser provides for running active content, the safer you are. Of course, this does not apply only to browser fingerprinting, but also to software vulnerabilities that can be used e.g. for loading so called drive-by malware.

Panopticlick exists at http://panopticlick.eff.org/.

26 March 2017

Public news servers

This article is based on material authored by members of the news.newusers.questions Moderation Board and nnq-workers mailing list.

If your news server does not carry a particular newsgroup that you want to read, you may be able to read that group on a news server that allows access from the public (and not just its own customers).

Free lunches are scarce

Before you set out to find a so-called public news server, you should be aware that many such servers are not intentionally public. Inadvertently configuring a news server so that outsiders can connect to it is a mistake inexperienced administrators often make. Eventually, they will notice their error and shut off outside access. This is especially likely to happen if the server carries any alt.binaries groups.

Most organizations that run news servers do not want usage by outsiders to degrade service to their own employees, students or customers. In addition, most organizations do not appreciate being used as a conduit for unsavoury activities. Therefore, if you do find a ‘public’ news server carrying newsgroups that you want, please:

  • Do not hog that server’s resources by downloading scores of articles, especially large binaries.
  • Do not use that server to disguise your identity and location so that you can post abusive messages, spam newsgroups with advertisements, etc.
  • Do not be surprised when you eventually get the message, ‘sorry, this server can’t talk to you’.

If you want reliable access to a large number of newsgroups, including binaries, then you should look for a commercial service provider that carries what you want, and pay for it.

25 March 2017

Unable to open a winmail.dat attachment?

If you use non-Microsoft software to read your email, chances are you eventually will receive a message that appears to include an attached file named winmail.dat. This occurs when the sender uses a Microsoft email client with settings that are incompatible with those of the recipient’s client software.

The message, including its attachments, can often be read without difficulty when using a Microsoft email client. This is due to Microsoft software being able to decode the message’s TNEF encoding. Non-Microsoft clients typically lack this ability, as TNEF is proprietary to Microsoft. The issue does not indicate a fault with the recipient's email client or with any of the email servers involved.

Potential solutions

First, evaluate whether the issue actually causes loss of relevant information. If, on the other hand, the winmail.dat file constitutes but a cosmetic fault, you might decide simply to ignore it.

If the issue does need to be remedied, the sender may experiment with various settings in his or her email client until a combination is found that results in messages usable to the recipient. As adjusting the most obvious settings may not be enough, this task can daunt even an experienced user.

Microsoft has published knowledge base articles on this phenomenon. The article ‘How e-mail message formats affect Internet e-mail messages in Outlook’ includes technical information that may be useful in troubleshooting the issue. ‘Email received from a sender using Outlook includes a Winmail.dat attachment’ is another, much briefer article; unfortunately, it is also an over-simplification that often does not resolve the problem.

Various third-party software tools promise to decode winmail.dat attachments. Caveat emptor.

Should all else fail, you may decide to use a Microsoft email client (such as Outlook) to read the affected messages.

24 March 2017

Fraudulent email messages

Have you received a suspicious message?

Please make sure the message is genuine before you reply to it or take any other action requested therein. Remember that fraudulent messages may be backed by elaborate arrangements, such as fake websites.

Genuine representatives for an organisation use the organisation’s domain name in email and other communications, while criminals typically solicit replies to free throwaway addresses that Microsoft (Hotmail), Yahoo and their ilk cheerfully provide with no identity check. Even if a legitimate-looking domain name is used, beware of misspellings and fake companies. For example, the address mcgregor_collin@aliance-finance-uk.com may look genuine at first glance, but a Whois lookup reveals that the domain name is registered to a private person in Indiana. The spelling ‘aliance’ is also extremely suspect.

On a similar note: legitimate businesses make and receive payments in accordance with generally accepted business practice, not through MoneyGram, Western Union or other ‘abandon hope all ye who pay here’ services. If you are unsure of whether an offer you have received is genuine, contact your local law enforcement agency or consult a security professional who is familiar with online fraud.

Never reply to a fraudulent message

Online fraud is typically perpetrated by criminal organisations. Once the mobsters have received a reply from a potential victim, they can be very persistent. A number of advance-fee fraud victims who have bitten the bait and agreed to meet the perpetrators, for instance in Nigeria, have even been kidnapped or murdered. In addition, any personal information you provide may be used to steal your identity. Advice on how to report spam is available in the article ‘Composing abuse reports’.

Be on your guard for harmful attachments and websites

Office software such as Adobe Acrobat, Adobe Reader and Microsoft Office often contain vulnerabilities that can allow an attacker to take over your computer. Criminals try to exploit such flaws by enticing spam victims to open harmful PDF, Microsoft Office and other documents. Similarly, visiting a website scammers have set up or hijacked can cause harmful software to be installed on your computer – automatically, without further user interaction; this type of attack is known as ‘drive-by downloading’. Security software can protect against such threats.

Read more about…

advance-fee fraud and other common types of fraud into which victims are recruited by email.

23 March 2017

Looking for Ethernet segment peers

A brief set of instructions for checking whether there are any other Ethernet hosts on the same segment as you.


  • a computer running Microsoft Windows
  • an Ethernet IPv4 network
  • nothing prevents you from sending ping requests
  • nothing prevents any other hosts on your segment from receiving ping requests (this is a likely point of failure, since firewalls often reject or discard ping packets)


  1. Go to your Windows box. Find out your own IP address and subnet mask; this is done by typing ipconfig. Example: IP address, net mask
  2. Look up the broadcast address for your network in RFC 1878. Continuing the above example, the broadcast address would be
  3. Ping the broadcast address by typing e.g. ping (using the broadcast address you found above). This should make all hosts on your segment advertise their MAC addresses to you.
  4. View your ARP cache by typing arp -a. You should see the IP address of your router. Any other IP addresses are other hosts on your segment.

22 March 2017

How to test an Ident server by using telnet

What you need

  • The host name of an Ident server (for use in the telnet command)
  • The remote port number on the server
  • The local port number to query for

What to do

The initial telnet: > symbolises your shell prompt.

telnet: > telnet server.example.com auth
client: 22, 3216
server: 22 , 3216 : USERID : UNIX :root

21 March 2017

Four quick tests to help translatees choose

I would like to propose a few things to look for when selecting a translation provider.

Location relative to language

As an extremely near-fetched example, if you need a translation from or to a Nordic language, your best supply of skilful translators is likely found in or near a Nordic country.

Promotional content

Would you be satisfied with the quality of your translation if it equated that of the provider's own web pages? The same test can also be applied to correspondence, such as email.

Substance knowledge

Ask how the translator who would handle your assignment has demonstrated his or her subject matter competence in the domain of your text.

You may not find a brain surgeon to translate your text on neurosurgery. However, in such a case, your translator should at least be familiar with health care.

Authoring capability

Translating a text is not always the best way to get your message across. Cultural, legislative or other differences may cause a situation in which the best plan of action is rewriting the text more or less from scratch.

Your language service provider should be able to recognize and handle such a challenge.

20 March 2017

Ways to avoid spam email

On mail exchangers


If you run SMTP servers for incoming mail, use e.g. the SpamCop and Zen blacklists. They are extensive, continuously updated, designed for general use and available in DNSBL format. Also, reject mail from any IP address that does not have matching (‘full circle’) reverse DNS data. These measures provide a basic level of protection; without them, your servers and your customers will most likely be swamped by malware and other spam sent through botnet zombies, rogue providers and open proxies.

You may also want to maintain a local blacklist, perhaps in order to deal with spam sources that mainstream DNSBL publishers consider too big to list or simply have not yet got around to adding. You can even have entries created and removed automatically: as an example, a script could blacklist IP addresses that engage in recipient address guessing, and remove those listings after a predetermined time.

You can reduce the load on your mail exchangers by blocking spam-supporting networks at a suitable router. Create a local access list to deny traffic from the worst offenders and/or use the DROP, extended DROP and botnet C&C lists that Spamhaus offers as a BGP feed.

Greylisting and whitelisting

Temporarily rejecting mail from unknown sources will block some spam and improve the efficiency of DNSBL usage, but also tends to cause delays and user confusion. In any case, remember to whitelist the networks and domain names from which you always want to receive mail, such as those of your major clients and service providers.

On personal computers, mobile phones etc.

As an end user, you are rather stuck with whatever spam your email provider decides to deliver into your mailbox. There may be a special junk mail folder, but you will nevertheless have to check it for desired mail, so-called false positives. The cumulative amount of time this scan-and-delete chore requires can add up to something huge over the years. Because of this, it is very important to choose an email provider that observes sensible anti-spam policies (see above) to protect its customers.

18 March 2017

How to test an HTTP proxy by using telnet

What you need

  • A proxy-server host name (for use in the telnet command)
  • The port number of the proxy server (for use in the telnet command)
  • The target server’s host name (for use in the CONNECT request)
  • The port number of the target server (for use in the CONNECT request)

What to do

The initial telnet: > symbolises your shell prompt.

We will contact an SMTP server, but this is just an example; we could just as well connect to a POP, NNTP or other service.

telnet: > telnet proxy.example.com 8080
telnet: Trying
telnet: Connected to
telnet: Escape character is '^]'.
client: CONNECT mx1.example.com:25 HTTP/1.0

server: HTTP/1.0 200 Connection established

server: 220 mx1.example.com ESMTP server ready Thu, 5 Feb 2004 00:38:22 +0200

17 March 2017

Creating new newsgroups

This article is based on material authored by members of the news.newusers.questions Moderation Board and nnq-workers mailing list.

Think twice

Before you get too far into trying to create a newsgroup, you should first make sure that you really want to do this. Learn about the various kinds of forums that you can create on the net, and decide which kind fits your purposes best.

Choose your hierarchy

If you’re still set on creating a newsgroup, you need to decide next what kind of newsgroup you want to create. More technically, you need to decide in which top-level hierarchy you want to put the group. That is, will it be a comp group, a rec group, an alt group, a us group, or what? Different hierarchies of newsgroups have different rules for creating new groups.

Guidelines for choosing a hierarchy

International topics

If the topic is of broad international interest, then the logical place is an international hierarchy such as one of the Big Eight (comp, humanities, misc, news, rec, sci, soc, and talk) or alt.

The choice between the Big Eight and alt is a trade-off between ease of creation and speed of propagation of the new group (that is, how rapidly it is created on the tens of thousands of news servers all over the globe). Creating a new group in the Big Eight can be a rather drawn-out and politicized process (figure at least two or three months from start to finish), but once you’ve completed the process successfully, most servers will add the new group fairly rapidly. Creating a new alt group can be very quick (perhaps a couple of weeks), but it can take a long time for a significant number of servers to add the group, and they may need prodding from their own users. In addition, some smaller servers don’t carry alt groups at all.

Regional or local topics

If the topic is of local or regional interest, you should look for an appropriate national, regional or local newsgroup hierarchy. We list sources of information for some of these below; for others, look for a *.general or *.config group in the hierarchy and look for, or ask about, the proper procedures.

How groups are technically created

Fundamentally, no matter what the hierarchy, the process of technically creating a new group starts when someone posts a newgroup control message. This special kind of message asks news server administrators everywhere to create the group locally on their servers.

Depending on the hierarchy, the sender and the server configuration, the server may do one of the following:

  • Create the group automatically
  • Forward the request to the server administrator, who then decides whether to create the group manually
  • Ignore the request completely

Most hierarchies have a designated maintainer who, by general custom and/or agreement, is the official source of newgroup control messages for that hierarchy. The single most important exceptions are the alt and free hierarchies, where (in principle) anyone can post a control message. In most cases, there is a widely accepted procedure that one must – or at least should – follow in order to have an official control message posted or to post a control message oneself.

Newsgroup creation in various hierarchies

International hierarchies

Big Eight Usenet newsgroups

The Big Eight management policies were reformed in 2006. Guidelines for creating new groups are available on the Big Eight management board’s web site.

alt newsgroups

In the alt hierarchy, you should post a proposal for the group in alt.config, and give some justification for it. Listen to suggestions and advice. Make any changes that seem appropriate (e.g. regarding the name of the group). When you get to a point where there are no significant objections, post the newgroup control message yourself, or ask someone in alt.config to do it for you.

There is no official source of newgroup control messages in alt. If you post a newgroup control message against significant objections, you can expect that someone will post rmgroup control messages (requests for servers to remove a group) to try to block the effects of your newgroup messages.

Before you try to make a proposal yourself, you should read alt.config for a while and see what happens there. You might also want to read the &lquo;So you want to create an alt newsgroup’ FAQ written by David Barr.

biz newsgroups

The biz hierarchy is for commercial and business-related newsgroups. See the biz FAQ.

free newsgroups

free is a hierarchy where the only rule is ‘do whatever you want, as long as you’re not destroying somebody else’s words’. Consequently, there are no rules against creating new groups. Of course, there is also no guarantee that any news server will carry your group.

More information is available in the free FAQ.

Language-based hierarchies

de newsgroups

The de hierarchy is for newsgroups with discussions in German. It is not restricted to Germany-specific topics.

fr newsgroups

The fr hierarchy is for newsgroups with discussions in French. It is not restricted to France-specific topics.

The newsgroup creation process for fr is explained Рin French, naturally Рon the page Comment cr̬er un forum fr.

Regional hierarchies

aus newsgroups

The aus hierarchy is a national hierarchy for Australia.

be newsgroups

The be hierarchy is a national hierarchy for Belgium. Its primary languages are Dutch (Flemish) and French.

es newsgroups

The es hierarchy is a national newsgroup hierarchy for Spain. Its primary language is Spanish.

nl newsgroups

The nl hierarchy is a national hierarchy for the Netherlands. Its primary language is Dutch.

sfnet newsgroups

The sfnet hierarchy is a national hierarchy for Finland. Its primary language is Finnish.

uk newsgroups

The uk hierarchy is a regional hierarchy for the United Kingdom.

us newsgroups

The us hierarchy is a national hierarchy for the United States.

Moderated newsgroups

If you are thinking of creating a moderated newsgroup (in which all postings are automatically forwarded to a moderator for approval before being posted), you should read the following:

  • Denis McKeon’s Moderated Groups FAQ, which discusses general and technical aspects of newsgroup moderation
  • Russ Allbery’s Pitfalls of Newsgroup Moderation FAQ, which discusses such things that can go wrong with moderating a newsgroup as of which prospective newsgroup moderators should be aware. Russ is a moderator himself, and he has witnessed the discussion of many proposals for moderated groups.

16 March 2017

Don’t lose your pet this spring

As the days get warmer, more and more pets see an opportunity to make a run for freedom. Animal protection societies are warning owners not to underestimate the resourcefulness of their furry companions.

Even turtles have an uncanny tendency to disappear if left momentarily unattended in the open – many are good at burrowing into the ground, often to the surprise of their owners. Turtles should therefore be kept outdoors only in cages that extend well below ground level.

Cats and dogs, in turn, most often escape through open windows and doors, which should therefore be fitted with mesh in order to allow ventilation while keeping pets safely inside. Also, spring is a great time of year for checking the condition of fences, and fixing any gaps and holes.

Fresh water and protection from direct sunshine are important for any caged animal. Never leave a pet alone in a car.

15 March 2017

Confused by personal information published on the ‘Stophaus’ website?

A website labelled ‘The Stophaus Movement’ has published a number of pages containing information about various persons and organisations involved in combating fraud and cybercrime. Each such page typically contains the name of a person as well as other data, e.g. contact details, photos (such as of the person’s family members and homes) etc. Much of the data is outdated or otherwise incorrect, but the pages nevertheless appear intended to convey some kind of ‘we know where you live’ message. Indeed, one of the pages vows, ‘We Are Coming for You’.

However, a reader who just briefly glances at the Stophaus website or views a search engine result pointing to that site may get the erroneous impression that the persons listed would be affiliated with the Stophaus organisation in some way. This is a good example of why web users need the ability to read critically; everything found on the web should be taken with a grain of salt, especially if the publisher is unknown (or, indeed, infamous).

The Stophaus organisation has been described as a group of spam and malware hosters seeking retaliation against anti-spam service provider Spamhaus for listing various cybercrime networks on the Spamhaus Block List. Stophaus has claimed responsibility for a major denial-of-service attack against Spamhaus as well as threatened to carry out further DoS attacks. In addition, Wikipedia has been threatened with vandalisation of 1,000 articles each day until Stophaus is allowed to rewrite the English Wikipedia article about Spamhaus.

14 March 2017

Mail transfer agents need adequate PTR records

MTA operators, please remember that a lack of PTR records may cause false positives in regard to spam filtering.

As RFC 1912 put it, back in 1996:

Make sure your PTR and A records match. For every IP address, there should be a matching PTR record in the in-addr.arpa domain. If a host is multi-homed, (more than one IP address) make sure that all IP addresses have a corresponding PTR record (not just the first one). Failure to have matching PTR and A records can cause loss of Internet services similar to not being registered in the DNS at all. Also, PTR records must point back to a valid A record, not a (sic) alias defined by a CNAME.

Obviously, if a mail admin is not competent enough to set up reverse DNS, the outside world will assume that his machine is not legitimately intended to serve mail, but rather is being abused by a botnet operator or similar villain.

13 March 2017

Abusable tell-a-friend scripts considered harmful

Many websites provide ‘tell-a-friend’ forms allowing visitors to recommend a page to an acquaintance. Unfortunately, fraudsters and other spammers constantly abuse such forms.


Here is a typical advance-fee scam that was spammed through a haplessly operated website:

Received: from allthingsformom.modwest.com (allthingsformom.modwest.com []) (using TLSv1 with cipher DHE-RSA-AES256-SHA (256/256 bits)) (No client certificate requested) by virusscan-2.nebula.fi (Postfix) with ESMTP id 99802A4D70B for (email address removed); Thu, 13 Oct 2011 08:21:50 +0300 (EEST)
Received: (qmail 30137 invoked by uid 33); 12 Oct 2011 14:53:56 +0000
Date: 12 Oct 2011 14:53:54 +0000
Message-ID: <20111012145354.30099.qmail@allthingsformom.modwest.com>
To: (647 [sic] email addresses removed)
Subject: Mr. David Robert Miller has sent you a message from All Things For Mom
From: ciaukllp9246@hotmail.com
MIME-Version: 1.0
Content-type: text/html; charset=utf-8

All Things For Mom <http://www.allthingsformom.com/>
Mr. David Robert Miller <mailto:ciaukllp9246@hotmail.com> thought you would like to see the All Things For Mom web site.
Message from Sender:
Capstone Investment Advisors UK LLP A symbol of entrepreneurial relationship and growth, 21, St. Thomas St, London, SE1 9RY. Dear Director, I write to you based on a request by an investor and his need for investment/funding in your country. My name is Mr. David Robert Miller, the chief financial consultant of Capstone Investment Advisors UK LLP. My company most times represents the interests of very wealthy investors. Due to the sensitivity of the position they hold in their society and the unstable investment environment of their country, they evacuate majority of their funds into more stable economies and developed nations where they can get good yield for their funds. A Reserved Client, whom I had personally worked with few years ago with a proposal, recently, approached me that he wants an individual in your country who will assist him to invest $328.2 Million US Dollars on his behalf in a good profitable business in your country for a period of 10 years for a start. We extend hands of investment to you with the intend of making good profit for us all and all we need from you to accomplish this is your total commitment, cooperation and trust. Looking forward to hear from you soon, Best regards, Mr. David Robert Miller Chief Consultant, CIA UK LLP.
Click here to visit our site <http://www.allthingsformom.com/forward//email_ref>

This is a great service for criminals – apparently, the fraudster was able to spam 647 email addresses with a single HTTP request. Consider how many recipients a spammer can victimise by sending e.g. one such request per second for an hour or a week.

How to avoid being part of the problem

Here are a few things you can do to avoid having your tell-a-friend facility abused:

  • Consider whether you need a server-side application at all. Alternatives include sharing services such as AddThis as well as dynamically generated mailto: links allowing the visitor to send mail through his or her email client software.
  • If you do want to enable visitors to send mail through an application hosted your website, only allow them to enter their own email address and that of the recipient. Have your application add the name, description and URI of the page. Free-form text fields, whether you intend them to contain the visitor’s name, a message or something else, can be used to carry a message from a fraudster or other spammer. To avoid backscatter, set the reverse-path (the address to which non-delivery reports are sent) to one of your addresses, not to the address the visitor provides.
  • Also, ensure that the application is coded in a secure fashion. Remember that attackers are not confined to the web form you provide; they can use customised HTTP requests to exploit any feature or bug in your application.

12 March 2017

Meat curry

Quick to prepare. Warming but not burning.

Serving suggestions

  • rice


  • toasted sesame oil, two tablespoons
  • three chopped garlic cloves
  • chili powder, one teaspoon
  • beef sirloin, julienned, 600 grams
  • one coarsely chopped onion
  • one sliced leek
  • one chopped summer squash
  • curry paste, two tablespoons
  • garam masala, one tablespoon
  • vegetable stock, one teacup


  1. Heat the sesame oil in your wok. Fry the garlic together with the chili powder.
  2. Add the beef. Fry until brown.
  3. Add and fry the onion, leek and squash.
  4. Mix in the curry paste and garam masala. Cook for a while.
  5. Add the vegetable stock. Heat and serve.

11 March 2017

‘Make money fast’ schemes

This article is based on material authored by members of the news.newusers.questions Moderation Board and nnq-workers mailing list.

Many people on the Internet will try to get rich quick, and will try to get you to send them money with attempts to get you some quick cash.

Don’t do it. If you get in at the bottom of a pyramid scheme, you will not make any money. They are also illegal in many countries. As an example, pyramid schemes are considered mail fraud when conducted through US mail.

‘Get rich quick’ schemes often tell you to crosspost their advertisements to between 10 and 200 newsgroups. Don’t do that!

Consequences of inappropriate behaviour

  • People who read news will report you to your news admininstrator, postmaster or abuse desk.
  • Many schools and ISPs will cancel your account if you send unwelcome advertisements using newsgroups or email.
  • While you wait for your account to be terminated, you will receive indignant email messages as well as ‘flaming’ newsgroup replies from people who are angered by your actions.
  • You will gain a very bad reputation that may haunt you for decades through publicly available newsgroup archives.
  • People may also report your endeavours to your local tax authority, so that any unreported income can be investigated.

So be safe – just say no to fast-money schemes.

10 March 2017

Why newsgroups aren’t email

This article is based on material authored by members of the news.newusers.questions Moderation Board and nnq-workers mailing list.

Many newcomers to the net use ‘mail’ as a universal term for any message that you send to other people via computer. However, in reality mail and news are two fundamentally different systems which occasionally intersect in confusing ways.

Mail is private communication

When you send an email message, you determine exactly who is supposed to receive it, whether it be one person or a specific group of people. Your outgoing email server uses a set of rules called the Simple Mail Transfer protocol (SMTP) to forward your message either directly to the recipient’s incoming mail server, or to an intermediary server that, in turn, forwards the message in the recipient’s direction.

The final result is one copy of the email message in each specified recipient’s private mailbox.

News is public communication

When you send a newsgroup article (message), you have no control over who will receive it, except by your choice of newsgroup. Your news server exchanges articles with its ‘neighbouring’ servers using the Network News Transfer Protocol (NNTP).

Your article should appear on every news server that carries the newsgroup, scattered all over the globe.

Types of client software

Separate programs for news and email

People sometimes use email and news with two different software packages:

  • If you send someone email, you use an email program, and the reply (if any) appears in your mailbox; you have to use the email program to read it.
  • If you post a news article, you use a newsreader program, and any follow-ups (public responses) appear in the newsgroup in which you posted originally; you have to use your newsreader program to read them.

Even if you use such a separate newsreader program, it may allow you to send email in response to a news article, directly to the author, instead of posting a public response. Some programs even allow you to do both simultaneously, that is, post a public response and email a copy to the original author. The terminology for doing this varies from one newsreader program to another.

One unified program for both email and news

Many people use the same program for both news and email, perhaps even for browsing the web. For example, Mozilla Thunderbird and Pine handle both news and email.

When you use such a software suite, news articles and email messages usually look almost the same, both when reading and when writing. When replying to a news article, you typically have the choice of posting a news article, sending an email message to the original poster, or both. One of these may be a default setting.

You therefore need to be very careful when replying to a message, to make sure that it goes where you want it to go. Accidentally broadcasting a private message to an entire newsgroup can be very embarrassing, and impossible to undo.

9 March 2017

What newsgroups are and how they work

This article is based on material authored by members of the news.newusers.questions Moderation Board and nnq-workers mailing list.

Concisely, newsgroups are a means of public discussion. Newsgroup articles (messages) look like email, but millions of people all over the world can read them.

This note describes how newsgroups work in the sense of what happens to articles after they are posted. In order to find out how newsgroups work in the sense of how to use your news-reading software, please look for documentation for that software or post a question to an appropriate newsgroup.

Questions and answers

Can someone give a brief, not-too-technical description of where a message goes when I post it into a newsgroup?

Newsgroup articles are distributed via news servers, which contain databases of articles. Internet service providers (ISPs), schools and other organisations operate news servers.

Do all the messages travel to a central site, and do all the sites that want it pick it up there?

No, there is no central server on Usenet. A newsgroup article propagates from one server to another, starting from the server where it is first posted.

Moderated newsgroups are sort of an exception, in that all articles are first forwarded via email to a moderator for approval. The moderator posts them on his or her news server; from there, they propagate as described below. Different moderators use different news servers.

Do all messages travel to all news servers?

Ideally, all articles in a newsgroup would travel to all news servers that carry the newsgroup. When you post an article, the result is tens of thousands of copies, all over the world.

More specifically, when you post an article, it goes first to your local news server (operated e.g. by your ISP or school). Your server then sends copies of the article to its ‘neighbours’, that is, to servers with which it has agreed to exchange articles. Those servers, in turn, send copies to their neighbours. Eventually, every server that carries the newsgroup has a copy.

In what order?

Most servers normally forward articles more or less in the order of arrival. This sequence can become scrambled for various reasons, which is why you often see responses before the original article arrives.

How do they know which servers want them?

News server administrators arrange among themselves which newsgroups they exchange. The receiving server’s admin tells the sending server’s admin which newsgroups he or she wants to receive. The sending server’s admin then configures his or her server to send only those newsgroups.

How do they know which sites they have already visited? How does a message avoid the same site twice?

There are two methods. Servers usually use both of them, in sequence:

  1. The Path: header line shows the sites that the article has travelled through, so far, between the originating server and the current server. If the receiving server appears in the Path: line, the sending server does not try to send the article, because it knows that the receiving server already has received a copy.
  2. The Message-ID: header line contains an identifying code that is different for every article. Before transmitting the article, the sending server asks the receiving server, in effect, ’Do you have an article with Message-ID such-and-such?’ The receiving server responds either ’No, please send me a copy’ or ’Yes, I have it already’, whereupon the sending server either sends the article or goes on to the next one.

How long do messages stay posted?

Each news server removes old articles, usually once a day, to make space for new ones. This is called expiring. Most servers do this based on the number of days an article has been on that server. The expiration time varies from one server to another, and can vary from one newsgroup to another on the same server. It might be less than a day (such as for groups that carry binary content), or it might be two weeks or more. Therefore, even after an article expires from your own server, it is probably still visible on many other servers.

Note, however, that even though you cannot see an article any more, it may still be present on your server. Most news-reading software keeps track of which articles you have read, and shows those articles to you only once. This way, you do not have to wade through the same articles repeatedly. There should be a command, button or something that ‘shows all’, ‘shows previously-read’ or ‘unmarks’ articles so that you can see all the articles that have not yet expired from your server.

Behind the scene, how does a newsreader communicate with a news server?

An example of how an article posting takes place on the news transfer protocol level is available on the ‘How to test an NNTP (news) server using telnet’ page. You can score guru points with your friends by reading and posting news without using a newsreader ☺

8 March 2017

Pretty Good Privacy (PGP) basics

Email sent in plain text is about as secure as a pencilled postcard; it is susceptible to eavesdropping, falsification and fraudulent repudiation. Public key cryptography can protect against these risks.

Why using PGP is important

By default, Internet email is unencrypted. This means that email messages can be read and modified by anyone who has access to a network along the way.

We have taken precautions to encrypt our outbound email between the workstation from which it is sent and our email server. Similarly, our inbound email is encrypted between our email server and the workstation on which the message is read. Accordingly, our email environment is more secure than most.

However, it is beyond our control that email is likely to travel unencrypted between your mail server and ours. Unless you have taken steps similar to the ones mentioned above, email is also likely to travel unencrypted between your email server and your workstation. Because of this, we recommend that you use PGP end-to-end encryption, especially when sending non-public information.

About PGP

OpenPGP is the industry standard protocol for securing email. In order to use it, you need a locally installed copy of PGP or GnuPG. (Running the program on a remote machine is technically possible, but less secure.) For simplicity, in this document, I will refer to the entire system as PGP.

PGP is a public key infrastructure. This means that every user has one or more public keys, which can be freely distributed (public key servers make this particularly easy), as well as corresponding private keys, which must be kept secret.

PGP allows you to create your own keys, and back them up, as you deem necessary. Many other public key infrastructures ignore these important requirements of confidentiality and availability.

Basic PGP functions

Digital signing and verification

Hash: SHA1

You can sign a message (using your private key) by having PGP create a
digital signature that corresponds to the message in question. When a
signature successfully verifies (using the sender's public key), you can
be sure that the message was signed with the key in question, and that it
has not been altered since.

Signatures are easy to apply to everyday email, even when one does not
know whether the recipient uses PGP. They are also used e.g. to protect
downloadable software from tampering, as well as for time stamping.

Version: PGP 8.1


Data encryption and decryption

PGP empowers you easily to encrypt a message with the recipient's public key, so that only someone who holds his or her private key can decrypt the message. This means that you can send non-public information in ordinary Internet email messages. For additional security, you should also sign your messages.

Key administration

Create, modify and revoke key pairs and signatures. Retrieve, sign, store and disseminate public keys.

The global PGP web of trust wants you!

Using PGP does not require that you pay or trust a commercial certificate authority such as VeriSign. Instead, the PGP community relies on a distributed model in which anyone can sign any key, but every user will decide whose signatures to trust.

In practice, you should sign the key of another user when (and only when) you have checked, first-hand, that the owner of that key is the person described by the user ID on the key. His or her key then becomes valid for you to use.

However, you might not be able to perform this kind of check personally on everyone to whom you send mail. This is where trust signatures come in – you can assign trust to keys you have signed so that your copy of PGP will consider keys signed by those users as valid as if you would have signed them yourself. To take the same concept a step further, you can also designate meta-introducers, who will be able to introduce new introducers. PGP keeps track of your signatures and calculates key validity and trust for you.

7 March 2017

How to test an NNTP (news) server by using telnet

What you need

  • The host name of the news server (for use in the telnet command)
  • The name of the newsgroup for which you want to test (for use in the GROUP command)
  • An article (to send after receiving a positive response to the POST command)

What to do

Please post test messages only in test groups.

The initial telnet: > symbolises your shell prompt.

The empty line between the headers and the body is important, as is the line containing only a full stop at the end of the article body.

telnet: > telnet news.example.com nntp
telnet: Trying
telnet: Connected to news.example.com.
telnet: Escape character is '^]'.
server: 200 news.example.com DNEWS Version 5.5d1, S0, posting OK
client: POST
server: 340 Ok, recommended ID <400da85b@news.example.com>
client: From: sender@example.com
client: Newsgroups: misc.test
client: Subject: Test article
client: Message-ID: <400da85b@news.example.com>
client: This is a test.
client: .
server: 240 article posted ok
client: GROUP misc.test
server: 211 24 269620 269643 misc.test selected
client: ARTICLE 269643
server: 220 269643 <400da85b@news.example.com> article retrieved - head and body follows
server: From: sender@example.com
server: Newsgroups: misc.test
server: Subject: Test article
server: Message-ID: <400da85b@news.example.com>
server: NNTP-Posting-Host: client.example.com
server: Date: 21 Jan 2004 00:16:08 +0200
server: X-Trace: news.example.com 1074636968 client.example.com (21 Jan 2004 00:16:08 +0200)
server: Lines: 2
server: Path: news.example.com
server: Xref: news.example.com misc.test:269643
server: This is a test.
server: .
client: quit
server: 205 closing connection - goodbye!

How to test a Whois server by using telnet

Whois is a very simple text-based protocol. It has traditionally been used to retrieve information about domain names and related resources, but a Whois server can also be implemented to provide other information.

To use the Whois protocol, the client connects to port 43/tcp on the server and sends a request, which is terminated by ␍␊. As the protocol is so straightforward, the value added by dedicated Whois clients and by web-based lookup services is often minor. As long as your firewall allows outbound traffic on port 43/tcp and you know the host name of the Whois server, you should be able to do nicely with a telnet client (most popular operating systems include one).

What you need

  • The host name of the Whois server (for use in the telnet command)
  • A string of text for which to request information

What to do

The initial telnet: > symbolises your shell prompt.

telnet: > telnet whois.internic.net nicname
telnet: Trying
telnet: Connected to whois.internic.net (
telnet: Escape character is '^]'.
client: anta.net
server: Whois Server Version 2.0
server: Domain names in the .com and .net domains can now be registered
server: with many different competing registrars. Go to http://www.internic.net
server: for detailed information.
server:    Domain Name: ANTA.NET
server:    Whois Server: whois.domaininfo.com
server:    Referral URL: http://www.domaininfo.com
server:    Name Server: NS.NEBULA.FI
server:    Name Server: NS2.NEBULA.FI
server:    Status: clientDeleteProhibited
server:    Status: clientTransferProhibited
server:    Status: clientUpdateProhibited
server:    Updated Date: 02-oct-2010
server:    Creation Date: 24-sep-1998
server:    Expiration Date: 23-sep-2013
server: >>> Last update of whois database: Sun, 03 Oct 2010 18:33:59 UTC <<<
server: NOTICE: The expiration date displayed in this record is the date the 
server: registrar's sponsorship of the domain name registration in the registry is 
server: currently set to expire. This date does not necessarily reflect the expiration 
server: date of the domain name registrant's agreement with the sponsoring 
server: registrar.  Users may consult the sponsoring registrar's Whois database to 
server: view the registrar's reported date of expiration for this registration.
server: TERMS OF USE: You are not authorized to access or query our Whois 
server: database through the use of electronic processes that are high-volume and 
server: automated except as reasonably necessary to register domain names or 
server: modify existing registrations; the Data in VeriSign Global Registry 
server: Services' ("VeriSign") Whois database is provided by VeriSign for 
server: information purposes only, and to assist persons in obtaining information 
server: about or related to a domain name registration record. VeriSign does not 
server: guarantee its accuracy. By submitting a Whois query, you agree to abide 
server: by the following terms of use: You agree that you may use this Data only 
server: for lawful purposes and that under no circumstances will you use this Data 
server: to: (1) allow, enable, or otherwise support the transmission of mass 
server: unsolicited, commercial advertising or solicitations via e-mail, telephone, 
server: or facsimile; or (2) enable high volume, automated, electronic processes 
server: that apply to VeriSign (or its computer systems). The compilation, 
server: repackaging, dissemination or other use of this Data is expressly 
server: prohibited without the prior written consent of VeriSign. You agree not to 
server: use electronic processes that are automated and high-volume to access or 
server: query the Whois database except as reasonably necessary to register 
server: domain names or modify existing registrations. VeriSign reserves the right 
server: to restrict your access to the Whois database in its sole discretion to ensure 
server: operational stability.  VeriSign may restrict or terminate your access to the 
server: Whois database for failure to abide by these terms of use. VeriSign 
server: reserves the right to modify these terms at any time. 
server: The Registry database contains ONLY .COM, .NET, .EDU domains and
server: Registrars.

As you can see, all you needed to do after connecting to the server was type the search string and press ⏎. The server then returned the information it had, and terminated the connection.

6 March 2017

A Sender Policy Framework (SPF) primer

The SPF is one of the many solutions nowadays used for avoiding unsolicited bulk email (also known as ‘spam’, although this actually means excessively multiposted Netnews articles). SPF works by determining whether the purported sender address matches the IP address from which mail is arriving. This is possible because domain owners publish SPF records that list the systems from which users may send mail. As junk mail usually carry falsified sender addresses, SPF can be effective in distinguishing legitimate messages from junk mail.

SPF records

You can find out the SPF record for your domain name by doing a DNS lookup, e.g. using the dig, host or nslookup tools. (nslookup is deprecated, and may be removed from future releases of whatever software you use. Consider using dig or host instead.) Here are fictitional example queries and responses for an example domain (some output lines have been wrapped for legibility):


$ dig example.com txt

; <<>> DiG 9.3.3rc2 <<>> example.com txt
;; global options:  printcmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 38859
;; flags: qr rd ra; QUERY: 1, ANSWER: 1, AUTHORITY: 2, ADDITIONAL: 2

;example.com.                      IN      TXT

example.com.               1800    IN      TXT     "v=spf1 ip4: ip4: ptr ptr:elisa.fi
 ptr:elisa-laajakaista.fi ptr:elisa-mobile.fi ptr:kolumbus.fi include:elisa.fi include:kolumbus.fi ~all"

example.com.               1800    IN      NS      ns.nebula.fi.
example.com.               1800    IN      NS      ns2.nebula.fi.

ns.nebula.fi.           11      IN      A
ns2.nebula.fi.          33      IN      A

;; Query time: 6 msec
;; WHEN: Sun Dec 23 00:47:11 2007
;; MSG SIZE  rcvd: 280


$ host -t txt example.com
example.com descriptive text "v=spf1 ip4: ip4: ptr ptr:elisa.fi
 ptr:elisa-laajakaista.fi ptr:elisa-mobile.fi ptr:kolumbus.fi include:elisa.fi include:kolumbus.fi ~all"


$ nslookup -q=txt example.com

Non-authoritative answer:
example.com        text = "v=spf1 ip4: ip4: ptr ptr:elisa.fi ptr:elisa-laajakaista.fi
 ptr:elisa-mobile.fi ptr:kolumbus.fi include:elisa.fi include:kolumbus.fi ~all"

Authoritative answers can be found from:
example.com        nameserver = ns2.nebula.fi.
example.com        nameserver = ns.nebula.fi.
ns.nebula.fi    internet address =
ns2.nebula.fi   internet address =
The record v=spf1 ip4: ip4: ptr ptr:elisa.fi ptr:elisa-laajakaista.fi ptr:elisa-mobile.fi ptr:kolumbus.fi include:elisa.fi include:kolumbus.fi ~all should be read as follows: ‘Mail with an example.com sender address may be received, without cause for concern…
  • from the IP address ranges– and–
  • from any IP address that resolves into an example.com, elisa.fi, elisa-laajakaista.fi, elisa-mobile.fi or kolumbus.fi domain
  • from all the same IP addresses allowed in the SPF records for elisa.fi and kolumbus.fi.
Additionally, mail might be received from any other IP address; this is suspicious, but not necessarily malicious.’ Overwhelmed? Never mind – your domain name administrator should have taken care of this nitty-gritty. If, however, there is no SPF record for the domain name of your email address, I suggest that you ask your provider to publish such records, so that recipients may determine that your mail is legitimate.

Forwarded mail, a potential problem

One important issue regarding SPF is that of mail forwarding. Assume that you possess a second email address, from which you have all incoming mail automatically forwarded to your main address (so that you need to read only one mailbox). If I send mail to your secondary address, the message will pass the first SPF check with flying colors, because it comes from one of the IP addresses listed in the example.com SPF record. However, when the forwarded message arrives at the server for your main address, the check will likely fail, since the IP address of the server for your secondary address probably is not listed in that same example.com record. As noted above, ~all means a ‘soft fail’ for those IP addresses not explicitly listed, including your secondary mail server in the above example. This means that my example message might not have be flagged as junk after all. Would the record instead read -all, the message would have failed the SPF check. This is why SPF doesn’t work well with automatic forwarding. Apart from using the soft fail method mentioned above, another way to accommodate SPF in the case of forwarded messages is to rewrite the sender address when forwarding the message. If this is done, the SPF check at the message’s final destination will be done against the domain name of the forwarding party (i.e. your secondary mail address), not the one of the original sender. From the final server’s point of view, the message is sent from the forwarder’s email address, and should therefore pass SPF validation.

What does the future hold for SPF?

Although junk mailers have an enormous number of Internet-connected computers at their disposal, they still want to use those resources as efficiently as possible, in other word pump out as many messages per second as they can. As long as relatively few domains use SPF, junk mail senders can afford to disregard it – although they lose a small amount of mail, it is still worthwhile to “blindly” blast away mail using arbitrary sender addresses. However, should SPF one day be adopted by a large majority of providers, junk mail senders would themselves need to perform SPF lookups in order to find legitimate sender addresses. SPF would then no longer work as a junk mail filter, only as a means to slow down junk mailers.

5 March 2017

Indonesian pork

Quick to prepare.

Serving suggestions

  • rice


  • toasted sesame oil, four tablespoons
  • pork sirloin, sliced, 500 grams
  • two onions, cut into rings
  • one sliced carrot
  • curry powder, two tablespoons
  • one sliced leek
  • vegetable stock, one coffeecup
  • soy sauce, one tablespoon
  • balsamic vinegar, two teaspoons
  • one chopped garlic clove
  • ginger paste, one tablespoon


  1. Using your wok, heat two tablespoons of the oil. Fry the meat and set it aside.
  2. Add the remaining oil. Fry the onion, carrots, and curry powder.
  3. Add
    • the pork sirloin
    • the leek
    • the vegetable stock
    • the soy sauce
    • the balsamic vinegar
    • the garlic
    • the ginger paste
  4. Mix. Simmer for a few minutes. Serve.

4 March 2017

Filtering name resolution using a hosts file

The IP suite includes a useful configuration file named hosts. It is one of the methods your computer uses in order to find out the IP addresses for the computers you want to contact, such as when sending email or browsing the web.

Historically, name resolution on the Internet was performed exclusively using hosts files. Every administrator had to download a copy of the file from the network information centre. The copy, however, became stale as soon as a host name was added to, or deleted from, the master file, so downloads had to be frequent, which caused congestion.

After the DNS was introduced, hosts files shrank to near zero size. They are now used mostly utilized for resolving the name ‘localhost’ to the IP address regardless of DNS server availability, since the hosts file is checked prior to the DNS.

This order is important, as it allows us to make name-to-address mappings no matter what the DNS would say. In other words, if a matching entry is found in the hosts file, the DNS is not queried at all. This feature can be put to use also for dealing with domain names you do not want to contact; list those unwanted names in your hosts file, and point them to somewhere safe!

How would this be useful? When you open an HTML email message, especially one of the unsolicited variant, the message often makes your mail program request things from web servers. Similarly, when you browse to a web page, the web server may instruct your browser to download things from other servers. These third-party downloads can be annoying, they may invade your privacy, or they can be downright dangerous to your computer and to the information on it. Your email, web, antivirus and firewall programs may be able to avoid them, but it does not hurt to stack the odds, especially if you have been burned by malicious downloads in the past.

Assume it is your opinion that foo.example.com should be avoided and that you therefore have added it to your hosts file (I will tell you how in a moment). When your web browser tries to download something from foo.example.com, the protocol stack tries to resolve foo.example.com, finds your safe-haven IP address in the hosts file and attempts a connection to that address. A moment later, the lower-lever layers will inform your browser that the HTTP request has failed. Your page will then load without whatever foo.example.com would have had in store for it.

There are ready-made hosts files available for download on the web. Some are several hundreds of kilobytes in size. You can use such a file as a starting point, or you can start from scratch, building your own file as you go.

Either way, in order to get started, you need to locate the hosts file on your system. Do a search for it. On Windows systems, the hosts file is usually located at %SystemRoot%\system32\drivers\etc\hosts, where %SystemRoot% stands for the Windows directory (often C:\Windows). You must use an account with sufficient permissions; on a Windows system, you would typically need to be a member of the Administrators group.

Now open the file in your favourite text editor. On a Windows system, you must launch the editor using the ‘Run as administrator’ option; just being logged in with administrative rights is not enough. Make the additions you want. For example, assuming you would like to add foo.example.com, create a new line and type, for instance, foo.example.com on the empty line.

When you are done, your file might look something like this:

# Lines beginning with the pound sign are comments.
# They are not parsed.
# localhost
# The above line is important. If you erase the contents of the file in
# order to start anew, be sure to begin with an entry that points localhost
# to foo.example.com # Comments can also begin in mid-line. bar.example.com

Now for the restrictions: wildcards, such as *.example.com, will not work. In addition, if the access attempts are made directly to an IP address, with no name resolution involved, the hosts file is obviously powerless. Still, a good hosts file can stop a lot of undesirable traffic.

About the choice of IP address: you can any address from up to, at which point you could continue at, and so on all the way to! The entire network (– is reserved for loopback, in other words for ‘this’ computer.

Note that if you run a personal web server on your workstation, you could potentially run into surprising results such as error messages or authentication prompts. I therefore suggest careful planning if you intend to use both a personal web server and the hosts filtering described here. Maybe you could use a non-loopback address, in which case you would need to consider at least the timeout issue; or maybe you could tune your web server configuration to handle these HTTP requests in some special manner.

A hosts file is not an adequate replacement for antivirus and firewall software or for responsible usage. However, there are some good reasons for using a tuned hosts file in addition to antivirus and firewall software:

  • Adding a domain name to a text file is often easier than going through the graphical user interface of the firewall.
  • The hosts file is easy to copy across workstations, such as for backup or distribution purposes.
  • Hosts files are easy to share and download on the net.
  • Even if your firewall receives automatic access list updates, there is no guarantee that a particular host which you wish to avoid ever makes it onto those updates.
  • The access list of your firewall might accept only IP addresses, not domain names.

3 March 2017

How to ‘Finger’ using telnet

Finger is a very simple text-based protocol for retrieving information about a system’s users. To use the Finger protocol, the client connects to port 79/tcp on the server and sends a request, which is terminated by ␍␊. The request may be an empty string.

Pursuant to RFC 1288, if the request is a user name, the response must include at least the full name of that user. If the request is an empty string, the server must either refuse the request or provide a list of all online users. Such a list must at least include the full names of those users.

It is common for servers not to provide Finger service. Such disinclination may be due to e.g. privacy concerns or a general principle of only running essential services.

What you need

  • A Finger server host name (for use in the telnet command)
  • Optional: a user name to ‘Finger’

What to do

The initial telnet: > symbolises your shell prompt.

telnet: > telnet server.example.com finger
telnet: Trying
telnet: Connected to server.example.com.
telnet: Escape character is '^]'.
client: root
server: Login: root                             Name: Charlie Root
server: Directory: /root                        Shell: /bin/sh
server: Never logged in.
server: No Mail.
server: No Plan.

As you can see, all you needed to do after connecting to the server was type the search string and press ⏎. The server then returned the information it had, and terminated the connection.

2 March 2017

Where to find lists of newsgroups

This article is based on material authored by members of the news.newusers.questions Moderation Board and nnq-workers mailing list.

Your newsreader software should have a way of listing all the newsgroups that your news server carries. After the list has been downloaded from your server (it may take a while), you can browse for groups that interest you. When you find one that you want to keep, you can subscribe to it so that it will reappear automatically the next time you open the news window.

Probably no server carries all newsgroups in existence, so you may find it useful to get a comprehensive list. However, please note that these lists are very long, and it can be difficult to use them to find newsgroups on specific topics. For that purpose, you will probably find it much easier to use a newsgroup search engine such as Google Groups.

For the "official" list of newsgroups in the Big-8 hierarchies (comp, humanities, misc, news, rec, sci, soc and talk), see the article labeled Subject: List of Big Eight Newsgroups in the news.announce.newgroups newsgroup. You can also find the list on the ISC FTP site.

You can find a large list of newsgroups in many hierarchies (including the Big-8, alt.*, and many national, local and regional hierarchies), at ftp://ftp.isc.org/pub/usenet/CONFIG/newsgroups. This list is about 2.5 MB in size as of February 2017; appending .gz will get you a compressed version in gzip format. This is supposed to be authoritative for the Big-8; it’s not authoritative for any other hierarchy.

1 March 2017

Common types of fraud into which victims are recruited by email


Phish typically comes in the form of spam containing a link to a spoofed website that nevertheless appears legitimate to the casual eye. The objective is usually to deceive the victim into entering his or her login details or other personal information on the spoofed site.

  • We recently upgraded our Online Service to provide a good services for all our Online Banking Users in order not to be experiencing any difficulties when signing to your Online Account. due to this upgrade we sincerely call your attention to follow below link and reconfirm your online account details. Failure to confirm the online banking details will suspend you from accessing your account online.
  • You haven't been back to Facebook recently.You have received notifications while you were gone.
    1 message
    2 friend requests
    The Facebook Team
    Sign in to Facebook and start connecting

If the perpetrators obtain your online banking credentials, they can empty your account. Usernames and passwords for email accounts or social networking sites can be abused to harvest contact information and send spam.Other personal information can be abused to commit identity theft, etc.

Even services you have signed up for may request unrelated credentials. As an example, some social networking sites ask their users for their email passwords. When a user falls for such an attempt, the party who receives the password gains full access to the user’s email account – including messages as well as any calendars, contact lists and similar information it may contain – and can spam the email addresses found. Also note that the terms of service of your provider may prohibit you from disclosing your passwords to any third party.

Money muling

In this kind of scheme, the perpetrators spam a recruitment ad. Respondents are offered a job that involves receiving payments, deducting a commission and wiring the balance to the next person in the chain.

  • Presently we are experiencing difficulties in receiving payment from our overseas customers in Canada and USA. However if you are the type that like or prefer working from the house you can grab this opportunity by becoming one of our privilege directors. Your duty will be base on clearing and receiving our due payments in your location have it noted that for every transfer to your account that is cleared or payment receive by you, you will be entitle to 10 percentage of the total sum.
  • Presently, I have just been granted funding to head a research project in the Vale do Javari of AMAZON JUNGLE (spreads across Brazil, Peru and Bolivia) We are studying and protecting the location of a community of ancient and uncontacted tribespeople in one of the remotest corners of the Amazon rainforest. However my funding is being provided by American and Canadian privately owned Firms. These philanthropic U.S. and Canadian Firms has agreed to send to me payments mostly in the form of check payments. . I would be willing to employ you on contract basis to be my payment receiver/representative, this way I could instruct the financiers to issue the checks to your name and send the checks to you.

The money comes from criminal activities, and the forwarding chain is intended to obscure the origin of the funds as well as the identity of the gang leaders who ultimately receive them. The persons who perform the forwarding are referred to as money mules. The crime they commit by conveying illegally obtained funds is usually punishable by imprisonment. Ignorance is not a plausible defence – look at the millions of search engine hits for ‘money mule’.

Cheque fraud

This form of fraud involves the perpetrators making a payment by cheque and asking the recipient to return part of the amount to them. As an example, the perpetrators may purchase an item or a service from the victim (‘mystery shopper’ job offers are one such kind of bait), send the victim a cheque whose amount exceeds the agreed price and request that the victim wire the excess back to the perpetrators. The cheque eventually ‘bounces’, but by that time, the victim will already have remitted the requested amount to the perpetrators.

  • This is an oppoturnity to be a member of model-mayhem model agency and be in the front page of our magazine (Hello Magazine). You have 5 different Fashion outfits to cover, outfit will be provided by our wardrobe and stylist on the day of the shooting and the photo session will be for two days and you will be paid $1100 for the whole project, the Job is Urgent so you are to get back to me as soon as possible so that we can arrange on how to get you the part payment,and you can meet other crew members. You would be paid the initial payment of $200 to guarantee your participation in the session, as part of our working policy and ethics of our company,Balance will be payed immediately after the work.The part payment would be mailed directly to you. NOTE: As soon as you get the payment, you will deduct $200 and wire the balance to the wardrobe and stylist.

Do not expect a cheque to be worth anything unless your bank has irrevocably cleared it. To avoid ambiguity, ask your bank whether there is any danger of the cheque being returned unpaid, and document the reply you receive. If your bank just advances you the amount on the assumption that the cheque will clear, you will lose those funds if the cheque ‘bounces’.

Impersonation of an authority

This variant tries to convince you that a payment is required to avoid arrest or other trouble with the law.

  • Also we are hereby to notify by the federal bureau of investigation Cotonou department of the insult you imposed on them by failing to comply by their requirements.Your full residential address has been forwarded to us for your immediate arrest to face your charge but I deemed it fit to give you one more chance to save yourself from this mess. We have been told that you have failed to dance by the rule of the FBI which will warrant 2 years jail sentence. Now I john Francis Pikus the special agent in charge of the FBI Albany department I am giving you 24 working hours to effect the payment of the $250.00 usd. To the FBI in republic of Benin

Extortion through death threat

This kind of extortion has much in common with advance-fee fraud.

  • We have being paid US$50,000.00 in advance to terminate you with some reasons listed to us by our employer, its one we believe you call a friend, we have monitored you closely for one week and three days now and have seen that you are innocent of the accusation, Do not contact the Police or F.B.I. or try to send a copy of this to them, because if you do we will know, and might be pushed to do what we have being paid to do, beside, this is the first time we turned out to be a betrayer in our job, Because we found out you are innocent. Now, listen, we will arrange for us to meet face to face but before that we need the amount of US$80,000.00 and you will have nothing to be afraid of. We will be coming to meet you in your office or home determine where you wish we meet, do not set any camera to cover us or set up any tape to record our conversation, our employer is in our control for now, You will need to pay US$20,000.00 through Account details or western union information that we will provide for you, before we can set our first meeting, after you have make the first advance payment, we will give you the tape that contains his request for us to terminate you, which will be enough evidence for you to take him to court (if you wish to), then the balance will be paid later.
  • Someone you call a friend wants you Dead by all means, and the person have spent a lot of money on this, the person also came to us and told me that he want you dead and he provided us with your name ,picture and other necessary information's we needed about you. So I sent my boys to track you down and they have carried out the necessary investigation needed for the operation on you, and they have done that but I told them not to kill you that I will like to contact you and see if your life is Important to you or not since their findings shows that you are innocent. As someone has paid us the sum of $15,000usd to kill you and we are willing to tell you that you have to pay us the sum of $2,500usd for the first payment so we can legit your attention so we can forward the tape to you we shall send it through DHl or FedEx for you to view the video and discussion between both of us okay. Get back to me now if you are ready to pay some fees to spare your life, If you are not ready for my help, then I will carry on with my job straight-up.

These threats are usually generic and spammed to a number of email addresses. However, should you receive a threat that seems to be aimed at a specific person or group, contact your local law enforcement agency.

‘Pump and dump’ securities fraud

This form of fraud involves purchasing a company’s stock, then spamming positive statements about that company in the hope of inflating (pumping) the share price. If the perpetrators succeed at this, they proceed to sell (dump) their shares at a profit. As this causes the share price to fall, the victims lose part or all of their investment.

  • Introducing a new winner pick C SOC!
    Trading: C SOC
    Short-term: $3
    Trade shares on Tue Sep 21!

Phony charities

Giving money to a bogus charity only benefits the criminals operating it.

  • I, Comrade Jackson Amaniee, on behalf of the above mention Non- Governmental Charity organization wishes to solicit for your financial support in our effort to see that we put smile on the faces of the following people in the society; (1) The less privileged, Hurricane, Earthquake, Flood Victims and the Aged etc. We are pleading for the support of your own widow's might, Remember that GOD LOVES A CHEERFUL GIVER AND ALSO GIVERS NEVER LACK. As your spirit led you to donate to this category of displaced individuals, Our God almighty who sees in secret and rewards openly, in His infinite mercy and goodness will surely reward you abundantly in Jesus Unbeatable Name we Pray, Amen. For the purpose of quick receipt of your donation, send it through Western Union Money Transfer on the name of our account clerk Alicia Woodgate.

Fraudulent purchases

Criminals often spam queries for various products, such as electronic devices that can be easily exchanged for cash. The perpetrators may use a stolen or forged credit card to pay for the products, which they typically want to have delivered to Africa. Also beware of cheque fraud and advance-fee fraud!

  • Projects Development Of Ghana Has Launches 2011/12 Rural & Community Development Project (RCDP), To Improve Development Throughout The Country In All Sectors. Now They (GPD) Is Looking For A Suppliers, Building And Road Contractors Who Can Handle The Supply Of Any Two Of Listed Items Below:

    1.Name: Led Fluorescent: $69:00. Each
    2.A4- Paper- Target Price $7:25.Per Ream
    3.Wall Socket.
    4.Name: T-Shirt. - Target Price $6:85 a Piece.
    5.Bed Sheets: Target Price: $.13:80 per piece
    6.Medical/Surgical Equipments.
    7.Name: Solar Street Light.
    8.Hospital Towels. $17.70 per piece
    9.Name: Bulbs & Bulb-Holder.
    10.Knapsack Sprayer.
    11.Student Notebook Blinded: $11.80 Per Dozen
    13.Name: Rice
    14.Ceramice Tiles
    15.Standing Fan
    16.Ceiling Lights
    17.Energy Saving Bulbs
    18.Micro Cameras
    19.Conference seats.