spammer using cancel evading technique

Tomasz R. Surmacz tsurmacz at
Thu Dec 4 12:57:55 UTC 2003

Paul Tomblin wrote on Wed, Dec 03, 2003 at 10:06:34PM -0500:
> Quoting Tomasz R. Surmacz (tsurmacz at
> > The convention of using <cancel.MSGID> allows multiple bots to cooperate
> > without generating tons of unnecessary messages. But this works on an
> > assumption, that the cancel message will eventually hit all servers,
> > from one bot or another. If somebody is poisoning news servers with
> So somebody needs to make a smarter bot that if it sees in
> history, but but foo is still uncancelled, it issues a (but
> only if isn't in the history as well).

This will only escalate problem with race between bots creating more
cancel messages and spammers creating more forged cancels.
Making sure that <cancel.MSGID> really cancels <MSGID> otherwise it is
not accepted, will solve it permanently.


(_   _' __) Tomasz R. Surmacz,
  |  (__  \ The wonderful thing about standards is that
  |__(____/ there are so many of them to choose from.

More information about the inn-bugs mailing list