If this is your first visit, be sure to check out the FAQ by clicking the link above. You may have to register before you can post: click the register link above to proceed. To start viewing messages, select the forum that you want to visit from the selection below. |
|
|
Thread Tools | Rate Thread | Display Modes |
#1
|
|||
|
|||
Cunning trolls!
Some trolls are prefixing their names and/or
subjects with "?". My kill filter will not work with this"?". Is there a work-around? Peter |
Ads |
#2
|
|||
|
|||
Cunning trolls!
Peter Jason wrote:
Some trolls are prefixing their names and/or subjects with "?". My kill filter will not work with this"?". Is there a work-around? Peter Does your filter accept literal input or is it actually a regex filter ? To convert a regex character to a literal, you need a forward_slash or a back_slash in front of it, so it doesn't get parsed as an attempt at regex. ******* The next question is whether it's really a question mark, or your client isn't interpreting the From: string "in the modern way". It depends on whether your USENET client really supports UTF8 or not. Look at the header of the message. Get the MID field. Example: Plug it into howardknight, using your web browser. http://al.howardknight.net/ Now you're looking at the raw message. Notice that it's possible for characters to actually be "invisible" in the web page. In some obscure cases, you actually have to copy and paste the howardknight web page content into a file and then analyze with HxD editor. Anyway, say this is the From field. Yes, it has question marks, but they're part of a protocol (they're delimiters). From: =?UTF-8?B?8J+YiSBHb29kIEd1eSDwn5iJ?= There are PHP functions (imap_utf8?) for converting this, but you can also do it by hand. The 8J+YiSBHb29kIEd1eSDwn5iJ portion is base64. ******* I looked in my treasure trove of converters and this is the original script. I must have modified it a tiny bit for some reason, and my file is b64deca.awk. http://www.turtle.dds.nl/b64dec.awk This is my conversion run. Win10 Bash shell has "gawk" if you need this, but I used my gnuwin32 old version, to avoid any line ending issues. gawk -f b64deca.awk 8J+YiSBHb29kIEd1eSDwn5iJ out.txt I popped "out.txt" into HxD hex editor. This is the hex. The four bytes on either end look like emojis sorta, but they're also part of a character set. F0 9F 98 89 20 47 6F 6F 64 20 47 75 79 20 F0 9F 98 89 " Good Guy " If I then go online and see what the Unicode conversion of those four bytes are, I end up on this web page. https://unicode-search.net/unicode-n...h.pl?term=FACE U+1F609 😉 f0 9f 98 89 WINKING FACE If you see a question mark as the second field in that line of text, then your client isn't capable of displaying UTF8 and instead it renders as a question mark. In a web browser, an unrecognized character would become a square block with hex numbers written in it. And that's what your news client should have showed, is two winking faces with the text string in the middle. If your filter accepts octal escape to enter characters, you might be able to bodge something to pass the "f0 9f 98 89" to the filter. It took me a while to do the above analysis, as the "easy" results Google returned, didn't pan out, so I had to get out a screwdriver and DIY it. Just a guess, Paul |
#3
|
|||
|
|||
Cunning trolls!
Peter Jason wrote:
Some trolls are prefixing their names and/or subjects with "?". My kill filter will not work with this"?". Is there a work-around? Peter Based on seeing your other message, it occurs to me you should be looking at the message in its "raw" file format, not interpreted by any web browser or MIME/UTF8 stuff. Only by looking at the raw message (save it off, headers and all), can you hope to figure out what is actually in the message. Once you know that, then you can craft a filter... or change client program to a better one. Paul |
#4
|
|||
|
|||
Cunning trolls!
On Tue, 24 Jul 2018 09:45:06 +1000, Peter Jason wrote:
Some trolls are prefixing their names and/or subjects with "?". My kill filter will not work with this"?". Is there a work-around? Peter Any chance you can post the complete header info ? (You can display the header info with the 'H' key) |
#5
|
|||
|
|||
Cunning trolls!
Monty wrote:
On Tue, 24 Jul 2018 09:45:06 +1000, Peter Jason wrote: Some trolls are prefixing their names and/or subjects with "?". My kill filter will not work with this"?". Is there a work-around? Peter Any chance you can post the complete header info ? (You can display the header info with the 'H' key) I'd prefer 1) Saving the message in raw format. 2) Pop it into HxD. https://mh-nexus.de/en/hxd/ 3) Highlight the hex field on the left. 4) Paste the hex information for the string in question into a posting. 5) Pasting the text from the right hand side, or pasting the text from a text editor looking at the message, gives the visible equivalent of the hex string. (Makes it easier to recognize whether an attempt to analyze the hex, has gone off the rails.) Paul |
#6
|
|||
|
|||
Cunning trolls!
On Tue, 24 Jul 2018 09:45:06 +1000, Peter Jason wrote:
Some trolls are prefixing their names and/or subjects with "?". My kill filter will not work with this"?". User-Agent: ForteAgent/8.00.32.1272 Your kill filter *can* work with it -- you just have to use a {regular expression} filter and put a \ before any characters such as ? which are "special" inside a regular expression. See this thread in the Forté Agent newsgroup, and follow its 1-2-3 steps to create your filter: https://groups.google.com/d/topic/alt.usenet.offline-reader.forte-agent/kE6l0AOIMMo For more information, see the Agent help file: Help Index Filters Message Filters Agent's Expression Language Regular Expressions Reference Help Index Regular expressions Regular Expressions Reference For even more information, see JimB's regular expression filter pages: http://web.archive.org/web/20021210115641/http://home.att.net/~JLBradley/REGULAR.HTM -- Kind regards Ralph |
#7
|
|||
|
|||
Cunning trolls!
Paul wrote:
Peter Jason wrote: Some trolls are prefixing their names and/or subjects with "?". My kill filter will not work with this"?". Is there a work-around? Based on seeing your other message, it occurs to me you should be looking at the message in its "raw" file format, not interpreted by any web browser or MIME/UTF8 stuff. Only by looking at the raw message (save it off, headers and all), can you hope to figure out what is actually in the message. Once you know that, then you can craft a filter... or change client program to a better one. Did you notice Peter Jason's post was duplicated before the original post? As if the spammer, corrupt server, whatever, can see the future. |
#8
|
|||
|
|||
Cunning trolls!
John Doe wrote:
Paul wrote: Peter Jason wrote: Some trolls are prefixing their names and/or subjects with "?". My kill filter will not work with this"?". Is there a work-around? Based on seeing your other message, it occurs to me you should be looking at the message in its "raw" file format, not interpreted by any web browser or MIME/UTF8 stuff. Only by looking at the raw message (save it off, headers and all), can you hope to figure out what is actually in the message. Once you know that, then you can craft a filter... or change client program to a better one. Did you notice Peter Jason's post was duplicated before the original post? As if the spammer, corrupt server, whatever, can see the future. I can't see that because my filter is in place. https://s33.postimg.cc/ciqd9t51r/flood.gif The gateway injecting those posts, back-dates the timestamp on the re-written post, which causes a weird stacking order in thread view. This is one of the reasons that "normal" servers implement time horizon rules for brand new posts, such that the posters "clock" cannot be off by too much, or the posting will be rejected. The crap gateway doing the flood, is a poor poor design. Only a nitwit would change the timestamps. Peter is working on a different problem, namely spam arriving in his email box. Not the same as the flood into this USENET group. The flood in this group is relatively easy to filter. Paul |
#9
|
|||
|
|||
Cunning trolls!
On Tue, 24 Jul 2018 15:06:33 -0000 (UTC), John Doe wrote:
Did you notice Peter Jason's post was duplicated before the original post? As if the spammer, corrupt server, whatever, can see the future. The re-injected posts have slightly different "Date" headers, by a few hours. The hours difference seems to depend on the time zone of the original post. * With my posts, the re-injected copies all have a "Date" header which is 6 hours earlier than the original. * When it re-re-injects its own re-injected posts, the new copy has a "Date" header which is 6 hours _later_ than the old copy. -- Kind regards Ralph |
#10
|
|||
|
|||
Cunning trolls!
On Tue, 24 Jul 2018 18:41:22 +1200, Ralph Fox
wrote: On Tue, 24 Jul 2018 09:45:06 +1000, Peter Jason wrote: Some trolls are prefixing their names and/or subjects with "?". My kill filter will not work with this"?". User-Agent: ForteAgent/8.00.32.1272 Your kill filter *can* work with it -- you just have to use a {regular expression} filter and put a \ before any characters such as ? which are "special" inside a regular expression. See this thread in the Forté Agent newsgroup, and follow its 1-2-3 steps to create your filter: https://groups.google.com/d/topic/alt.usenet.offline-reader.forte-agent/kE6l0AOIMMo For more information, see the Agent help file: Help Index Filters Message Filters Agent's Expression Language Regular Expressions Reference Help Index Regular expressions Regular Expressions Reference For even more information, see JimB's regular expression filter pages: http://web.archive.org/web/20021210115641/http://home.att.net/~JLBradley/REGULAR.HTM Many thanks to all. I'll hop right on to it. |
#11
|
|||
|
|||
Cunning trolls!
On Tue, 24 Jul 2018 18:41:22 +1200, Ralph Fox
wrote: On Tue, 24 Jul 2018 09:45:06 +1000, Peter Jason wrote: Some trolls are prefixing their names and/or subjects with "?". My kill filter will not work with this"?". User-Agent: ForteAgent/8.00.32.1272 Your kill filter *can* work with it -- you just have to use a {regular expression} filter and put a \ before any characters such as ? which are "special" inside a regular expression. See this thread in the Forté Agent newsgroup, and follow its 1-2-3 steps to create your filter: https://groups.google.com/d/topic/alt.usenet.offline-reader.forte-agent/kE6l0AOIMMo For more information, see the Agent help file: Help Index Filters Message Filters Agent's Expression Language Regular Expressions Reference Help Index Regular expressions Regular Expressions Reference For even more information, see JimB's regular expression filter pages: http://web.archive.org/web/20021210115641/http://home.att.net/~JLBradley/REGULAR.HTM Thanks. I had to use this literal expression to kill file them. {\?\?\?\?\} Note the brackets. |
Thread Tools | |
Display Modes | Rate This Thread |
|
|