Cunning trolls!

Some trolls are prefixing their names and/or
subjects with "?".

My kill filter will not work with this"?".

Is there a work-around?

Peter

Peter Jason wrote:
Some trolls are prefixing their names and/or
subjects with "?".

My kill filter will not work with this"?".

Is there a work-around?

Peter

Does your filter accept literal input or is it
actually a regex filter ?

To convert a regex character to a literal, you need
a forward_slash or a back_slash in front of it, so
it doesn't get parsed as an attempt at regex.

*******

The next question is whether it's really a question mark,
or your client isn't interpreting the From: string "in
the modern way".

It depends on whether your USENET client really
supports UTF8 or not.

Look at the header of the message.

Get the MID field. Example:



Plug it into howardknight, using your web browser.

http://al.howardknight.net/

Now you're looking at the raw message. Notice that it's
possible for characters to actually be "invisible" in the
web page. In some obscure cases, you actually have to
copy and paste the howardknight web page content into
a file and then analyze with HxD editor.

Anyway, say this is the From field. Yes, it has question marks,
but they're part of a protocol (they're delimiters).

From: =?UTF-8?B?8J+YiSBHb29kIEd1eSDwn5iJ?=

There are PHP functions (imap_utf8?) for converting this,
but you can also do it by hand. The

8J+YiSBHb29kIEd1eSDwn5iJ

portion is base64.

*******

I looked in my treasure trove of converters and
this is the original script. I must have modified it
a tiny bit for some reason, and my file is b64deca.awk.

http://www.turtle.dds.nl/b64dec.awk

This is my conversion run. Win10 Bash shell has "gawk" if you need
this, but I used my gnuwin32 old version, to avoid any line
ending issues.

gawk -f b64deca.awk 8J+YiSBHb29kIEd1eSDwn5iJ out.txt

I popped "out.txt" into HxD hex editor. This is the hex.
The four bytes on either end look like emojis sorta,
but they're also part of a character set.

F0 9F 98 89 20 47 6F 6F 64 20 47 75 79 20 F0 9F 98 89
" Good Guy "

If I then go online and see what the Unicode conversion
of those four bytes are, I end up on this web page.

https://unicode-search.net/unicode-n...h.pl?term=FACE

U+1F609 😉 f0 9f 98 89 WINKING FACE

If you see a question mark as the second field in that
line of text, then your client isn't capable of
displaying UTF8 and instead it renders as a question
mark. In a web browser, an unrecognized character would
become a square block with hex numbers written in it.

And that's what your news client should have showed, is
two winking faces with the text string in the middle.

If your filter accepts octal escape to enter characters,
you might be able to bodge something to pass the
"f0 9f 98 89" to the filter.

It took me a while to do the above analysis, as the
"easy" results Google returned, didn't pan out, so I
had to get out a screwdriver and DIY it.

Just a guess,
Paul

Peter Jason wrote:
Some trolls are prefixing their names and/or
subjects with "?".

My kill filter will not work with this"?".

Is there a work-around?

Peter

Based on seeing your other message, it occurs to me
you should be looking at the message in its "raw"
file format, not interpreted by any web browser or
MIME/UTF8 stuff. Only by looking at the raw message
(save it off, headers and all), can you hope to figure
out what is actually in the message. Once you know
that, then you can craft a filter... or change client
program to a better one.

Paul

On Tue, 24 Jul 2018 09:45:06 +1000, Peter Jason wrote:

Some trolls are prefixing their names and/or
subjects with "?".

My kill filter will not work with this"?".

Is there a work-around?

Peter

Any chance you can post the complete header info ?

(You can display the header info with the 'H' key)

Monty wrote:
On Tue, 24 Jul 2018 09:45:06 +1000, Peter Jason wrote:

Some trolls are prefixing their names and/or
subjects with "?".

My kill filter will not work with this"?".

Is there a work-around?

Peter

Any chance you can post the complete header info ?

(You can display the header info with the 'H' key)

I'd prefer

1) Saving the message in raw format.
2) Pop it into HxD.

https://mh-nexus.de/en/hxd/

3) Highlight the hex field on the left.
4) Paste the hex information for the string
in question into a posting.
5) Pasting the text from the right hand side,
or pasting the text from a text editor looking
at the message, gives the visible equivalent
of the hex string. (Makes it easier to recognize
whether an attempt to analyze the hex, has gone
off the rails.)

Paul

On Tue, 24 Jul 2018 09:45:06 +1000, Peter Jason wrote:

Some trolls are prefixing their names and/or
subjects with "?".

My kill filter will not work with this"?".

User-Agent: ForteAgent/8.00.32.1272


Your kill filter *can* work with it -- you just have to use a {regular
expression} filter and put a \ before any characters such as ? which
are "special" inside a regular expression.

See this thread in the Forté Agent newsgroup, and follow its 1-2-3 steps
to create your filter:
https://groups.google.com/d/topic/alt.usenet.offline-reader.forte-agent/kE6l0AOIMMo

For more information, see the Agent help file:
Help Index Filters Message Filters Agent's Expression Language Regular Expressions Reference
Help Index Regular expressions Regular Expressions Reference

For even more information, see JimB's regular expression filter pages:
http://web.archive.org/web/20021210115641/http://home.att.net/~JLBradley/REGULAR.HTM


--
Kind regards
Ralph

Paul wrote:

Peter Jason wrote:

Some trolls are prefixing their names and/or subjects with "?".

My kill filter will not work with this"?".

Is there a work-around?

Based on seeing your other message, it occurs to me you should be
looking at the message in its "raw" file format, not interpreted
by any web browser or MIME/UTF8 stuff. Only by looking at the raw
message (save it off, headers and all), can you hope to figure out
what is actually in the message. Once you know that, then you can
craft a filter... or change client program to a better one.

Did you notice Peter Jason's post was duplicated before the original
post? As if the spammer, corrupt server, whatever, can see the
future.

John Doe wrote:
Paul wrote:

Peter Jason wrote:

Some trolls are prefixing their names and/or subjects with "?".

My kill filter will not work with this"?".

Is there a work-around?

Based on seeing your other message, it occurs to me you should be
looking at the message in its "raw" file format, not interpreted
by any web browser or MIME/UTF8 stuff. Only by looking at the raw
message (save it off, headers and all), can you hope to figure out
what is actually in the message. Once you know that, then you can
craft a filter... or change client program to a better one.

Did you notice Peter Jason's post was duplicated before the original
post? As if the spammer, corrupt server, whatever, can see the
future.

I can't see that because my filter is in place.

https://s33.postimg.cc/ciqd9t51r/flood.gif

The gateway injecting those posts, back-dates
the timestamp on the re-written post, which causes a
weird stacking order in thread view. This is one of
the reasons that "normal" servers implement time
horizon rules for brand new posts, such that the posters
"clock" cannot be off by too much, or the posting
will be rejected. The crap gateway doing the flood,
is a poor poor design. Only a nitwit would change the
timestamps.

Peter is working on a different problem, namely spam
arriving in his email box. Not the same as the flood
into this USENET group. The flood in this group is
relatively easy to filter.

Paul

On Tue, 24 Jul 2018 15:06:33 -0000 (UTC), John Doe wrote:

Did you notice Peter Jason's post was duplicated before the original
post? As if the spammer, corrupt server, whatever, can see the
future.


The re-injected posts have slightly different "Date" headers, by a few hours.
The hours difference seems to depend on the time zone of the original post.

* With my posts, the re-injected copies all have a "Date" header which
is 6 hours earlier than the original.

* When it re-re-injects its own re-injected posts, the new copy has a
"Date" header which is 6 hours _later_ than the old copy.


--
Kind regards
Ralph

On Tue, 24 Jul 2018 18:41:22 +1200, Ralph Fox
wrote:

On Tue, 24 Jul 2018 09:45:06 +1000, Peter Jason wrote:

Some trolls are prefixing their names and/or
subjects with "?".

My kill filter will not work with this"?".

User-Agent: ForteAgent/8.00.32.1272


Your kill filter *can* work with it -- you just have to use a {regular
expression} filter and put a \ before any characters such as ? which
are "special" inside a regular expression.

See this thread in the Forté Agent newsgroup, and follow its 1-2-3 steps
to create your filter:
https://groups.google.com/d/topic/alt.usenet.offline-reader.forte-agent/kE6l0AOIMMo

For more information, see the Agent help file:
Help Index Filters Message Filters Agent's Expression Language Regular Expressions Reference
Help Index Regular expressions Regular Expressions Reference

For even more information, see JimB's regular expression filter pages:
http://web.archive.org/web/20021210115641/http://home.att.net/~JLBradley/REGULAR.HTM

Many thanks to all. I'll hop right on to it.

On Tue, 24 Jul 2018 18:41:22 +1200, Ralph Fox
wrote:

On Tue, 24 Jul 2018 09:45:06 +1000, Peter Jason wrote:

Some trolls are prefixing their names and/or
subjects with "?".

My kill filter will not work with this"?".

User-Agent: ForteAgent/8.00.32.1272


Your kill filter *can* work with it -- you just have to use a {regular
expression} filter and put a \ before any characters such as ? which
are "special" inside a regular expression.

See this thread in the Forté Agent newsgroup, and follow its 1-2-3 steps
to create your filter:
https://groups.google.com/d/topic/alt.usenet.offline-reader.forte-agent/kE6l0AOIMMo

For more information, see the Agent help file:
Help Index Filters Message Filters Agent's Expression Language Regular Expressions Reference
Help Index Regular expressions Regular Expressions Reference

For even more information, see JimB's regular expression filter pages:
http://web.archive.org/web/20021210115641/http://home.att.net/~JLBradley/REGULAR.HTM


Thanks.

I had to use this literal expression to kill file
them.

{\?\?\?\?\}

Note the brackets.