After the last bunch of BIFFishness...

Scott Hazen Mueller scott at zorch.SF-Bay.ORG
Mon Jun 4 07:14:56 AEST 1990 

Since the last rash of BIFF forged newgroups has given everyone fits, I'll
repost my hacked C news newgroup and rmgroup scripts.  These scripts fake
B news-style mail messages that give the originator of the control message,
a subject line with the newsgroup name (and the moderated keyword), and include
the control message text (if any) in the notifying mail message.  When the
BIFF struck, Zorch.SF-Bay.ORG, my home site, and Tandem.COM, where I work, were
both secure to the extent that all that happened was gobs and gobs of junk
mail.

Enjoy,
-- 
Scott Hazen Mueller | scott at zorch.SF-Bay.ORG or (ames|pyramid|vsi1)!zorch!scott
10122 Amador Oak Ct.|(408) 253-6767     |Mail fusion-request at zorch.SF-Bay.ORG
Cupertino, CA  95014|Love make, not more|for emailed sci.physics.fusion digests
SF-Bay Public-Access Unix 408-996-7358/61/78/86 login newuser password public

----- cut here for newgroup -----
#! /bin/sh
# newgroup group flag - create group (4-field version: B-2.10.3+ compatible)
#	subject to our sys file group pattern

# =()<. ${NEWSCONFIG-@<NEWSCONFIG>@}>()=
. ${NEWSCONFIG-/usr/lib/news/bin/config}
export NEWSCTL NEWSBIN NEWSARTS
PATH=$NEWSCTL/bin:$NEWSBIN/relay:$NEWSBIN:$NEWSPATH ; export PATH # include mkpdir
umask $NEWSUMASK

afile=/tmp/ncd
afilehdr=/tmp/ncdhdr
afilebody=/tmp/ncdbody
hdr=/tmp/nc$$

trap "rm -f $hdr $afile*; exit 0" 0
$NEWSBIN/inject/tear $afile
$NEWSBIN/canonhdr <$afilehdr >$hdr

# unapproved ctl msg? then quit
grep -s '^Approved:' $hdr >/dev/null || { rm -f $hdr; exit 0; }

SENDER="`grep '^Sender:' $hdr | sed 's/^[^:]*: *//'`"
case "$SENDER" in
"")	SENDER="`grep '^From:' $hdr | sed 's/^[^:]*: *//' `" ;;
esac

( echo "Subject: newgroup $1 $2"; echo "$SENDER says:";
cat $afilebody ) | mail $NEWSMASTER

----- cut here for rmgroup -----

#! /bin/sh
# rmgroup group - snuff group

# =()<. ${NEWSCONFIG-@<NEWSCONFIG>@}>()=
. ${NEWSCONFIG-/usr/lib/news/bin/config}
export NEWSCTL NEWSBIN NEWSARTS
PATH=$NEWSCTL/bin:$NEWSBIN:$NEWSPATH ; export PATH
umask $NEWSUMASK

afile=/tmp/ncd
afilehdr=/tmp/ncdhdr
afilebody=/tmp/ncdbody
hdr=/tmp/nc$$

$NEWSBIN/inject/tear $afile
$NEWSBIN/canonhdr <$afilehdr >$hdr

# unapproved ctl msg? then quit
egrep '^Approved:' $hdr >/dev/null || { rm -f $afile*; exit 0; }

# quit if no active entry
egrep "^`echo $1 | sed 's/\./\\\\./g'` " $NEWSCTL/active >/dev/null ||
	{ rm -f $hdr $afile*; exit 0; }

SENDER="`grep '^Sender:' $hdr | sed 's/^[^:]*: *//'`"
case "$SENDER" in
"")	SENDER="`grep '^From:' $hdr | sed 's/^[^:]*: *//'`" ;;
esac

# tell the local usenet administrator to do it by hand
( echo "Subject: rmgroup $1"; echo "$SENDER says:";
cat $afilebody ) | mail $NEWSMASTER

rm -f $hdr $afilehdr $afilebody

More information about the Alt.sources mailing list