scott@zorch.SF-Bay.ORG (Scott Hazen Mueller) (06/04/90)
Since the last rash of BIFF forged newgroups has given everyone fits, I'll repost my hacked C news newgroup and rmgroup scripts. These scripts fake B news-style mail messages that give the originator of the control message, a subject line with the newsgroup name (and the moderated keyword), and include the control message text (if any) in the notifying mail message. When the BIFF struck, Zorch.SF-Bay.ORG, my home site, and Tandem.COM, where I work, were both secure to the extent that all that happened was gobs and gobs of junk mail. Enjoy, -- Scott Hazen Mueller | scott@zorch.SF-Bay.ORG or (ames|pyramid|vsi1)!zorch!scott 10122 Amador Oak Ct.|(408) 253-6767 |Mail fusion-request@zorch.SF-Bay.ORG Cupertino, CA 95014|Love make, not more|for emailed sci.physics.fusion digests SF-Bay Public-Access Unix 408-996-7358/61/78/86 login newuser password public ----- cut here for newgroup ----- #! /bin/sh # newgroup group flag - create group (4-field version: B-2.10.3+ compatible) # subject to our sys file group pattern # =()<. ${NEWSCONFIG-@<NEWSCONFIG>@}>()= . ${NEWSCONFIG-/usr/lib/news/bin/config} export NEWSCTL NEWSBIN NEWSARTS PATH=$NEWSCTL/bin:$NEWSBIN/relay:$NEWSBIN:$NEWSPATH ; export PATH # include mkpdir umask $NEWSUMASK afile=/tmp/ncd afilehdr=/tmp/ncdhdr afilebody=/tmp/ncdbody hdr=/tmp/nc$$ trap "rm -f $hdr $afile*; exit 0" 0 $NEWSBIN/inject/tear $afile $NEWSBIN/canonhdr <$afilehdr >$hdr # unapproved ctl msg? then quit grep -s '^Approved:' $hdr >/dev/null || { rm -f $hdr; exit 0; } SENDER="`grep '^Sender:' $hdr | sed 's/^[^:]*: *//'`" case "$SENDER" in "") SENDER="`grep '^From:' $hdr | sed 's/^[^:]*: *//' `" ;; esac ( echo "Subject: newgroup $1 $2"; echo "$SENDER says:"; cat $afilebody ) | mail $NEWSMASTER ----- cut here for rmgroup ----- #! /bin/sh # rmgroup group - snuff group # =()<. ${NEWSCONFIG-@<NEWSCONFIG>@}>()= . ${NEWSCONFIG-/usr/lib/news/bin/config} export NEWSCTL NEWSBIN NEWSARTS PATH=$NEWSCTL/bin:$NEWSBIN:$NEWSPATH ; export PATH umask $NEWSUMASK afile=/tmp/ncd afilehdr=/tmp/ncdhdr afilebody=/tmp/ncdbody hdr=/tmp/nc$$ $NEWSBIN/inject/tear $afile $NEWSBIN/canonhdr <$afilehdr >$hdr # unapproved ctl msg? then quit egrep '^Approved:' $hdr >/dev/null || { rm -f $afile*; exit 0; } # quit if no active entry egrep "^`echo $1 | sed 's/\./\\\\./g'` " $NEWSCTL/active >/dev/null || { rm -f $hdr $afile*; exit 0; } SENDER="`grep '^Sender:' $hdr | sed 's/^[^:]*: *//'`" case "$SENDER" in "") SENDER="`grep '^From:' $hdr | sed 's/^[^:]*: *//'`" ;; esac # tell the local usenet administrator to do it by hand ( echo "Subject: rmgroup $1"; echo "$SENDER says:"; cat $afilebody ) | mail $NEWSMASTER rm -f $hdr $afilehdr $afilebody