I am starting this thread to document complaints to Google to resolve
the tsunami of Usenet spam originating with their servers. The spam
flood attack has persisted for a very long time.

Since 8/31 the last 10000 messages I polled from Usenet group
'sci.crypt' are mostly automated spam originating with google path
headers.

Only 44 messages were found that are not spam. This means that roughly
99.56% of all messages in the group are spam originating with google
servers.

I suggest others file abuse complaints with Google, then post copies of
those complaints as follow-ups to this thread in news.admin.peering.
This way we can document efforts to request Google cease enabling the
spam abuse.

--
SugarBug | https://sybershock.com | NNTP | Usenet | Forum
Fediverse | https://syfershock.com/users/syfershock
NightBulb | https://nightbulb.net | Flip the night switch.

From: "sybershock.com" <admin@sybershock.com>
To: network-abuse@google.com
Cc: abuse@google.com, abusecomplaints@markmonitor.com
Subject: Usenet Abuse Complaint - Spam Denial of Service Attack
Date: Thu, 14 Sep 2023 15:29:59 -0500

Since 8/31 the last 10000 messages I polled from Usenet group
'sci.crypt' are mostly automated spam originating with google path
headers.

Only 44 messages were found that are not spam. This means that roughly
99.56% of all messages in the group are spam originating with google
servers.

This flood attack has persisted for months.

Please put an end to this flood attack.

Google groups users have been running a long-term spam flood attack on
newsgroup 'sci.crypt' for a long time. This spam flood is causing a
sustained denial of service attack on the group. The google groups
service is enabling a months-long denial of service attack to persist.

The attackers are flooding thousands of spam messages into the
newsgroup. In the last two weeks it appears they spammers have flooded
at least 10,000 messages into the newsgroup.

This spam attack of thousands of spam messages has rendered the Usenet
group unusable. It is not feasible to filter out these many spam
messages by sender names. The nymshifters just keep nymshifting and
their flood continues unabated. This is just so far beyond ridiculous
that I have no words for it.

The messages are for illegal pharmaceutical sales and bitcoin scams,
illegal blackhat services and similar garbage. They are not legitimate
messages. They are not 'protected speech'.

Please analyze the flood of spam in 'sci.crypt' and terminate the
offending accounts. The only right action against these network abusers
is outright account termination. Please also note that many of the spam
ads advertise drugs and illegal computer penetration services which may
violate laws in jurisdictions involved.

Please in the future severely throttle all user posts to the
group sci.crypt and Usenet in general. It seems cheap and easy for
spammers to utilize google services as a vector for DDoS spamming
against Usenet. Long-time users of the group, 'sci.crypt' are either
being denied service, or severely annoyed by the endless flood of spam.

In the time it took me to write this short email dozens more spam
messages have flooded the newsgroup. Almost all of those messages
originate from google services in the Path headers. This flood attack
is ongoing 24/7 and is clearly an automated attack and it must be
stopped.

I also request that google post nocem and cancel messages for the last
50 thousand or so sci.crypt spam posts originating from google servers.
Please clean up the mess.

Thank you for your attention to this matter. I look forward to a valid
response indicating action to resolve this matter.

--
SugarBug | https://sybershock.com | NNTP | Usenet | Forum
Fediverse | https://syfershock.com/users/syfershock
NightBulb | https://nightbulb.net | Flip the night switch.

On 14/09/2023 21:47, Syber Shock wrote:
> I am starting this thread to document complaints to Google to resolve
> the tsunami of Usenet spam originating with their servers. The spam
> flood attack has persisted for a very long time.
>
> Since 8/31 the last 10000 messages I polled from Usenet group
> 'sci.crypt' are mostly automated spam originating with google path
> headers.
>
> Only 44 messages were found that are not spam. This means that roughly
> 99.56% of all messages in the group are spam originating with google
> servers.
>
> I suggest others file abuse complaints with Google, then post copies of
> those complaints as follow-ups to this thread in news.admin.peering.
> This way we can document efforts to request Google cease enabling the
> spam abuse.
>

What's the CEO of Google's email? Forward it all to him.

It's only going to annoy his PA - but, since they seem to ignore the
'report abuse' button - maybe it'll get thier attention.

On Thu, 14 Sep 2023 22:19:43 +0100
Richard Harnden <richard.nospam@gmail.com> wrote:

> On 14/09/2023 21:47, Syber Shock wrote:
> > I am starting this thread to document complaints to Google to
> > resolve the tsunami of Usenet spam originating with their servers.
> > The spam flood attack has persisted for a very long time.
> >
> > Since 8/31 the last 10000 messages I polled from Usenet group
> > 'sci.crypt' are mostly automated spam originating with google path
> > headers.
> >
> > Only 44 messages were found that are not spam. This means that
> > roughly 99.56% of all messages in the group are spam originating
> > with google servers.
> >
> > I suggest others file abuse complaints with Google, then post
> > copies of those complaints as follow-ups to this thread in
> > news.admin.peering. This way we can document efforts to request
> > Google cease enabling the spam abuse.
> >
>
> What's the CEO of Google's email? Forward it all to him.
>
> It's only going to annoy his PA - but, since they seem to ignore the
> 'report abuse' button - maybe it'll get thier attention.

If I must head to the top I'd like to have documented steps so they
can see exactly where the problems and failures are. If many people
file complaints and follow-ups and document it, then Google management
can piece together a picture of why their abuse reporting system fails,
and fix that, too.

--
SugarBug | https://sybershock.com | NNTP | Usenet | Forum
Fediverse | https://syfershock.com/users/syfershock
NightBulb | https://nightbulb.net | Flip the night switch.

I notified Hacker News.

https://news.ycombinator.com/item?id=37514999

Maybe someone there might know someone who knows someone ...

--
SugarBug | https://sybershock.com | NNTP | Usenet | Forum
Fediverse | https://syfershock.com/users/syfershock
NightBulb | https://nightbulb.net | Flip the night switch.

Via fediverse: https://syfershock.com/notice/AZlzdB0gaxGseGDHuK

@arstechnica@mastodon.social
@theregister@geeknews.chat

At over 40 years old, Usenet is the oldest sharing network in
continuous operation. Today Usenet is under sustained attack from
malicious spammers and con artists. Most newsgroup charters prohibit
commercial advertisement or solicitation. Yet the upstream providers do
nothing to block such messages. What's worse, the services advertised
in many of the spam messages are illegal and fraudulent.

Maybe some investigators at the tech zines might want to inquire why
Google News has allowed a massive tsunami of illegal drug sales,
bitcoin fraud, and illegal blackhat services spam to flood Usenet
newsgroups?

The spam is so voluminous that newsgroup 'sci.crypt' has virtually been
rendered inaccessible by spam DDoS. Some usenet reader softwares don't
have the filtering facility to weed out all the garbage.

All my prior abuse complaints to Google and other major Usenet
providers have not been addressed or resolved. Therefore from now
onward I will be documenting them on Usenet. We want our sci.crypt back
from the malicious spammers and the Usenet providers that enable them
to operate with impunity.

If you know anyone who investigates and reports on this kind of stuff
please alert them. Maybe a little bit of attention will spur resolute
action.

I hope for an outcome of 100% elimination of all the drug, fraud,
blackhat, and DDoS spam and measures taken to prevent any repeat in the
future. Any Usenet provider that claims they shouldn't need to prevent
spam shouldn't be running a NNTP server peered to Usenet.

https://sybershock.com/forum/random/article-flat.php?id=383&group=news.admin.peering#383

--
SugarBug | https://sybershock.com | NNTP | Usenet | Forum
Fediverse | https://syfershock.com/users/syfershock
NightBulb | https://nightbulb.net | Flip the night switch.

On 2023-09-14, Syber Shock <admin@sybershock.com> wrote:
> Via fediverse: https://syfershock.com/notice/AZlzdB0gaxGseGDHuK
>
> @arstechnica@mastodon.social
> @theregister@geeknews.chat
>
> At over 40 years old, Usenet is the oldest sharing network in
> continuous operation. Today Usenet is under sustained attack from
> malicious spammers and con artists. Most newsgroup charters prohibit
> commercial advertisement or solicitation. Yet the upstream providers do
> nothing to block such messages. What's worse, the services advertised
> in many of the spam messages are illegal and fraudulent.
>
> Maybe some investigators at the tech zines might want to inquire why
> Google News has allowed a massive tsunami of illegal drug sales,
> bitcoin fraud, and illegal blackhat services spam to flood Usenet
> newsgroups?
>

Yes please let us know, also maybe if you can put this on a wiki page
that many of us can contribute and share we can make a bigger impact.

ReK2
Happy Hacking

- {gemini,https}://{,rek2.}hispagatos.org - mastodon: @rek2@hispagatos.space
- [https|gemini]://2600.Madrid - https://hispagatos.space/@rek2
- https://keyoxide.org/A31C7CE19D9C58084EA42BA26C0B0D11E9303EC5

Syber Shock <admin@sybershock.com> writes:

> I notified Hacker News.
>
> https://news.ycombinator.com/item?id=37514999
>
> Maybe someone there might know someone who knows someone ...

That might have more effect that a direct report.

--
Ben.

Am 14.09.2023 schrieb doctor@doctor.nl2k.ab.ca (The Doctor):

> So is the Cisco group!

Sadly, the cisco group didn't receive non-spam for years.

Am 15.09.2023 schrieb Ben Bacarisse <ben.usenet@bsb.me.uk>:

> Syber Shock <admin@sybershock.com> writes:
>
> > I notified Hacker News.
> >
> > https://news.ycombinator.com/item?id=37514999
> >
> > Maybe someone there might know someone who knows someone ...
>
> That might have more effect that a direct report.

I remember that Google doesn't care about Usenet anymore and not about
abuse at all - for years.
Some workers at German ISPs confirmed that.

Am 14.09.2023 schrieb doctor@doctor.nl2k.ab.ca (The Doctor):

> I am of the belief that Google Groups desrves UDP!

IIRC only a small amount of news server peer with it, so it would be
very easy to simply stop incoming feeds.
Outgoing feed to Google are ok, they don't disturb anybody and it is a
free archive.

Am 14.09.2023 schrieb Syber Shock <admin@sybershock.com>:

> The spam is so voluminous that newsgroup 'sci.crypt' has virtually
> been rendered inaccessible by spam DDoS. Some usenet reader softwares
> don't have the filtering facility to weed out all the garbage.

News server operators could implement a filter that blocks ALL posts
originating from Google for only that group.

Marco Moock <mm+usenet@dorfdsl.de> wrote:

>Sadly, the cisco group didn't receive non-spam for years.

Then post something on topic in that group and see if you get a
followup. Somebody has to start.

On 9/15/23 02:03, Marco Moock wrote:
> I remember that Google doesn't care about Usenet anymore and not about
> abuse at all - for years.
> Some workers at German ISPs confirmed that.
>

To be fair, Usenet is "obsolete". If they're offering it though, they
should either prevent spam or shut it off imo.

--
--
user <candycane> is generated from /dev/urandom

On 9/15/23 09:21, The Doctor wrote:
> In article <ue1jno$383vn$1@dont-email.me>,
> candycanearter07 <no@thanks.net> wrote:
>> On 9/15/23 02:03, Marco Moock wrote:
>>> I remember that Google doesn't care about Usenet anymore and not about
>>> abuse at all - for years.
>>> Some workers at German ISPs confirmed that.
>>>
>>
>> To be fair, Usenet is "obsolete". If they're offering it though, they
>> should either prevent spam or shut it off imo.
>>
>
> To be fair, Usenet can offer more than Facebook, Twttier and linkedin combined!
>

It can ABSOLUTELY offer more than Facebook and X/Twitter. LinkedIn is a
bit harder to argue purely because it's more business focused and could
help you get a job and stuff.

>> --
>> --
>> user <candycane> is generated from /dev/urandom
>>
>
>

--
--
user <candycane> is generated from /dev/urandom

>>News server operators could implement a filter that blocks ALL posts
>>originating from Google for only that group.
>>
>
> Or block GG as a whole!

I second this! :)

if someone tells me how to do this on inn I do it with out a blink of an
eye.

ReK2
Happy Hacking
--
- {gemini,https}://{,rek2.}hispagatos.org - mastodon: @rek2@hispagatos.space
- [https|gemini]://2600.Madrid - https://hispagatos.space/@rek2
- https://keyoxide.org/A31C7CE19D9C58084EA42BA26C0B0D11E9303EC5

On Sep 15, 2023 at 10:26:52 AM CDT, "rek2 hispagatos"
<rek2@hispagatos.org.invalid> wrote:

>>> News server operators could implement a filter that blocks ALL posts
>>> originating from Google for only that group.
>>>
>>
>> Or block GG as a whole!
>
> I second this! :)
>
> if someone tells me how to do this on inn I do it with out a blink of an
> eye.
>
> ReK2
> Happy Hacking

If you use Cleanfeed there are multiple ways, they've been discussed a lot in
other groups such as news.admin.net-abuse.usenet.

You can filter them out based on their Path or other headers like User-Agent.

>>>> Or block GG as a whole!
>>>
>>> I second this! :)
>>>
>>> if someone tells me how to do this on inn I do it with out a blink of an
>>> eye.
>>>
>>
>>If you use Cleanfeed there are multiple ways, they've been discussed a lot in
>>other groups such as news.admin.net-abuse.usenet.
>>
>>You can filter them out based on their Path or other headers like User-Agent.
>
> Cleanfeed is one method, the other is the ME line in the newsfeeds file!

Thanks to both of you, I really want to install Cleanfeed in our server,
I just have not got the time to sit down and read the documentation to
be able to somewhat not screw it up to much :)

if anyone has any articles or step by step howto somewhere feel free to
send it my way I will apreciate it. We are using INN 2x.

ReK2
Happy Hacking

--
- {gemini,https}://{,rek2.}hispagatos.org - mastodon: @rek2@hispagatos.space
- [https|gemini]://2600.Madrid - https://hispagatos.space/@rek2
- https://keyoxide.org/A31C7CE19D9C58084EA42BA26C0B0D11E9303EC5

Am 15.09.2023 um 14:21:39 Uhr schrieb The Doctor:

> To be fair, Usenet can offer more than Facebook, Twttier and linkedin
> combined!

True.

On 9/15/23 10:35, The Doctor wrote:
> In article <ue1q5n$39hqa$1@dont-email.me>,
> candycanearter07 <no@thanks.net> wrote:
>>
>> It can ABSOLUTELY offer more than Facebook and X/Twitter. LinkedIn is a
>> bit harder to argue purely because it's more business focused and could
>> help you get a job and stuff.
>>
>
> Linkedin by M$ is causing linkedin to go downhill.
>

Wait, what? M$ bought LinkedIn? That doesn't bode well.

--
--
user <candycane> is generated from /dev/urandom

On Fri, 15 Sep 2023 19:38:36 -0000 (UTC), The Doctor <doctor@doctor.nl2k.ab.ca> wrote:
> Marco Moock <mm+usenet-es@dorfdsl.de> wrote:
>>Am 15.09.2023 um 14:21:39 Uhr schrieb The Doctor:
> >
>>> To be fair, Usenet can offer more than Facebook, Twttier and linkedin
>>> combined!
>
> Thank you and pardon about misspelling Twitter!

Yeah, that was pretty bad misspelling; it is spelled "x" nowdays :)

<ducks>

--
Opinions above are GNU-copylefted.

Steve Jacob Dan, also known as Stive Jean-Paul Dan, has a troubling history of criminal activities. He changed his name after facing multiple convictions. His birth certificate transition is documented, suggesting an attempt to conceal his past. Dan is the owner of Safrax, a company with questionable associations.

He was convicted of stealing 1000 bitcoins in a significant judgment on April 28, 2022, as revealed in the legal document. Furthermore, a proprietary injunction from January 8, 2021, raises more concerns about his financial dealings.

Dan faces legal issues in the USA for financial fraud and is at risk of arrest upon reentry. Shockingly, he continues to receive social welfare benefits in France.

Collaborating with Carl Stephane Jacques Provenzal, they jointly own the dubious company Transcom Panama. Currently residing in Colombia with his Venezuelan partner, Yohaly Yeseny Sierraalta Torres, Steve Jacob Dan's criminal past remains a source of concern.

Steve Jacob Dan is the same person as Stive Jean-Paul Dan. Stive Jean-Paul Dan changed his name after several convictions into Steve Jacob Dan, birth certificate:
https://i.postimg.cc/nhS1SJqy/birth-certificate-stevejacobdan.jpg

Steve is owner of Safrax (www.safrax.com):
https://www.dnb.com/business-directory/company-profiles.safrax_colombia_sas..de0412e55d9d01162421b3dfef10e2e4.html

this low life scammer got convicted for theft of 1000 bitcoin:
Judgment 28 April 2022:
https://www.hklii.hk/cgi-bin/sinodisp/eng/hk/cases/hkcfi/2022/1254.html

Proprietary injunction 8 Jan 2021:
https://www.hklii.hk/cgi-bin/sinodisp/eng/hk/cases/hkcfi/2021/1078.html

Steve Jacob Dan aka Stive Jean-Paul Dan is convicted of financial fraud in USA and will be arrested once he enters USA:
https://mugshots.com/US-States/Georgia/Dawson-County-GA/Stive-Jean-Paul-Dan..20369574.html

In the mean time, this scammer gets social welfare benefits in France:
https://postimg.cc/LJn91qkC

Together with CARL STEPHANE JACQUES PROVENZAL (aka Carl Provenzal) they own the scam company Transcom Panama:
https://opencorporates.com/officers/370803421

Steve Jacob Dan now lives in Colombia with his Venezuelan "wife"; YOHALY YESENY SIERRAALTA TORRES:
https://docdro.id/RLc6BB3