Rocksolid Light

Welcome to novaBBS (click a section below)

mail  files  register  newsreader  groups  login

Message-ID:  

To be is to be related. -- C. J. Keyser.


aus+uk / uk.comp.os.linux / Re: Who?

SubjectAuthor
* Who?Davey
`* Re: Who?Martin Gregorie
 `* Re: Who?Davey
  `- Re: Who?Martin Gregorie

1
Who?

<sv5189$j56$2@dont-email.me>

 copy mid

https://www.novabbs.com/aus+uk/article-flat.php?id=645&group=uk.comp.os.linux#645

 copy link   Newsgroups: uk.comp.os.linux
Path: i2pn2.org!i2pn.org!eternal-september.org!reader02.eternal-september.org!.POSTED!not-for-mail
From: dav...@example.invalid (Davey)
Newsgroups: uk.comp.os.linux
Subject: Who?
Date: Wed, 23 Feb 2022 10:11:21 +0000
Organization: A noiseless patient Spider
Lines: 7
Message-ID: <sv5189$j56$2@dont-email.me>
Mime-Version: 1.0
Content-Type: text/plain; charset=US-ASCII
Content-Transfer-Encoding: 7bit
Injection-Date: Wed, 23 Feb 2022 10:11:21 -0000 (UTC)
Injection-Info: reader02.eternal-september.org; posting-host="bdafb7a8bbe24c6e3eed067e7430eb0f";
logging-data="19622"; mail-complaints-to="abuse@eternal-september.org"; posting-account="U2FsdGVkX18q0s4tYMrBzkiiutyFFIY2"
Cancel-Lock: sha1:eqFtGgFYjHW80U4ISJdlvJBn3Kg=
X-Newsreader: Claws Mail 3.16.0 (GTK+ 2.24.32; x86_64-pc-linux-gnu)
 by: Davey - Wed, 23 Feb 2022 10:11 UTC

I got an e-mail from some place called britereyes.site, saying that i
have been chosen! I have not allowed Preferences to open up, and I can
find very little info. on it. Does anyone know what this spam is about?
It will get deleted anyway, just curious.
--
Davey.

Re: Who?

<sv52rh$5j7$2@dont-email.me>

 copy mid

https://www.novabbs.com/aus+uk/article-flat.php?id=647&group=uk.comp.os.linux#647

 copy link   Newsgroups: uk.comp.os.linux
Path: i2pn2.org!i2pn.org!eternal-september.org!reader02.eternal-september.org!.POSTED!not-for-mail
From: mar...@mydomain.invalid (Martin Gregorie)
Newsgroups: uk.comp.os.linux
Subject: Re: Who?
Date: Wed, 23 Feb 2022 10:38:41 -0000 (UTC)
Organization: A noiseless patient Spider
Lines: 28
Message-ID: <sv52rh$5j7$2@dont-email.me>
References: <sv5189$j56$2@dont-email.me>
Mime-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit
Injection-Date: Wed, 23 Feb 2022 10:38:41 -0000 (UTC)
Injection-Info: reader02.eternal-september.org; posting-host="59988af8af5638b0750a6fe386181b43";
logging-data="5735"; mail-complaints-to="abuse@eternal-september.org"; posting-account="U2FsdGVkX19eBObZkWpRoDe2idF/HDInOu9oFLSG8uY="
User-Agent: Pan/0.149 (Bellevue; 4c157ba git@gitlab.gnome.org:GNOME/pan.git)
Cancel-Lock: sha1:gTYkdVeZVvzW07IJkbu4LSVr5Js=
 by: Martin Gregorie - Wed, 23 Feb 2022 10:38 UTC

On Wed, 23 Feb 2022 10:11:21 +0000, Davey wrote:

> I got an e-mail from some place called britereyes.site, saying that i
> have been chosen! I have not allowed Preferences to open up, and I can
> find very little info. on it. Does anyone know what this spam is about?
> It will get deleted anyway, just curious.

FWIW I have a copy of the Lynx browser installed for exactly this sort of
investigation - its very simple: basically stripped to the essentials of
just displaying the text on a page and gives yo complete control over
what, if anything, you'll accept in the ways of cookies.

When I find a dodgy URL I do approximately this:

- ping it to see it its real
- use 'host' so see what IPs, mail servers, etc the URL points to
- do a 'host' reverse lookup to check that the IP(s) point to the
expected domain name
- use 'whois' to see who claims to own the site
- use Lynx to see if there's a web page at the URL and if so, to read
what it says about the website. A lot of dodgy sites just display a
generic, uninformative set of boiler-plate HTML pages. To me this says
DODGY SITE but ymmv.
Consider what those show to decide whether the site is dodgy or not and
act accordingly.

Re: Who?

<sv58c4$cnc$1@dont-email.me>

 copy mid

https://www.novabbs.com/aus+uk/article-flat.php?id=648&group=uk.comp.os.linux#648

 copy link   Newsgroups: uk.comp.os.linux
Path: i2pn2.org!i2pn.org!eternal-september.org!reader02.eternal-september.org!.POSTED!not-for-mail
From: dav...@example.invalid (Davey)
Newsgroups: uk.comp.os.linux
Subject: Re: Who?
Date: Wed, 23 Feb 2022 12:12:52 +0000
Organization: A noiseless patient Spider
Lines: 40
Message-ID: <sv58c4$cnc$1@dont-email.me>
References: <sv5189$j56$2@dont-email.me>
<sv52rh$5j7$2@dont-email.me>
Mime-Version: 1.0
Content-Type: text/plain; charset=US-ASCII
Content-Transfer-Encoding: 7bit
Injection-Date: Wed, 23 Feb 2022 12:12:52 -0000 (UTC)
Injection-Info: reader02.eternal-september.org; posting-host="bdafb7a8bbe24c6e3eed067e7430eb0f";
logging-data="13036"; mail-complaints-to="abuse@eternal-september.org"; posting-account="U2FsdGVkX1/UidOFJ/2Gvj0mDRB1TrB6"
Cancel-Lock: sha1:sWPmOklpTrZK52ghXz1JJ/HNWUQ=
X-Newsreader: Claws Mail 3.16.0 (GTK+ 2.24.32; x86_64-pc-linux-gnu)
 by: Davey - Wed, 23 Feb 2022 12:12 UTC

On Wed, 23 Feb 2022 10:38:41 -0000 (UTC)
Martin Gregorie <martin@mydomain.invalid> wrote:

> On Wed, 23 Feb 2022 10:11:21 +0000, Davey wrote:
>
> > I got an e-mail from some place called britereyes.site, saying that
> > i have been chosen! I have not allowed Preferences to open up, and
> > I can find very little info. on it. Does anyone know what this spam
> > is about? It will get deleted anyway, just curious.
>
> FWIW I have a copy of the Lynx browser installed for exactly this
> sort of investigation - its very simple: basically stripped to the
> essentials of just displaying the text on a page and gives yo
> complete control over what, if anything, you'll accept in the ways of
> cookies.
>
> When I find a dodgy URL I do approximately this:
>
> - ping it to see it its real
> - use 'host' so see what IPs, mail servers, etc the URL points to
> - do a 'host' reverse lookup to check that the IP(s) point to the
> expected domain name
> - use 'whois' to see who claims to own the site
> - use Lynx to see if there's a web page at the URL and if so, to read
> what it says about the website. A lot of dodgy sites just display a
> generic, uninformative set of boiler-plate HTML pages. To me this
> says DODGY SITE but ymmv.
>
> Consider what those show to decide whether the site is dodgy or not
> and act accordingly.
>
>

Thanks. I looked at the site, and it was indeed a faceless generic page
that gave away nothing.
I'll note your process, thanks.
A 'whois' gives some strange information.
--
Davey.

Re: Who?

<sv5aq4$8l0$1@dont-email.me>

 copy mid

https://www.novabbs.com/aus+uk/article-flat.php?id=649&group=uk.comp.os.linux#649

 copy link   Newsgroups: uk.comp.os.linux
Path: i2pn2.org!i2pn.org!eternal-september.org!reader02.eternal-september.org!.POSTED!not-for-mail
From: mar...@mydomain.invalid (Martin Gregorie)
Newsgroups: uk.comp.os.linux
Subject: Re: Who?
Date: Wed, 23 Feb 2022 12:54:28 -0000 (UTC)
Organization: A noiseless patient Spider
Lines: 19
Message-ID: <sv5aq4$8l0$1@dont-email.me>
References: <sv5189$j56$2@dont-email.me> <sv52rh$5j7$2@dont-email.me>
<sv58c4$cnc$1@dont-email.me>
Mime-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit
Injection-Date: Wed, 23 Feb 2022 12:54:28 -0000 (UTC)
Injection-Info: reader02.eternal-september.org; posting-host="59988af8af5638b0750a6fe386181b43";
logging-data="8864"; mail-complaints-to="abuse@eternal-september.org"; posting-account="U2FsdGVkX18fm/L7LXkjXzctvzhgNRBwOuf4Sv4/jmQ="
User-Agent: Pan/0.149 (Bellevue; 4c157ba git@gitlab.gnome.org:GNOME/pan.git)
Cancel-Lock: sha1:iWOmGeqsdt9QQUX+qZEY5XLxP6Y=
 by: Martin Gregorie - Wed, 23 Feb 2022 12:54 UTC

On Wed, 23 Feb 2022 12:12:52 +0000, Davey wrote:

> Thanks. I looked at the site, and it was indeed a faceless generic page
> that gave away nothing.
> I'll note your process, thanks.
> A 'whois' gives some strange information.

'whois' is only occasionally useful these days.

It used to be an essential tool, back when you could use it to find
contact details for a site's sysadmins if they weren't published on their
web page. That changed when blackhats started using it to find spam
targets. As a result most of the info about a domain name owner
disappeared from view thanks to decisions made by ICANN back in the
noughties and their failure to design and implement a secure replacement,
apparently because that would have cost money and reduced operating
PROFITS.

1
server_pubkey.txt

rocksolid light 0.9.7
clearnet tor