1. Forum
  2. Usenet
  3. NEWS.ADMIN.PEERING

  • URGENT: Security Compromise - DE-PEER novabbs.com infrastructure

    From NovaBBS / RockSolid Security Team@21:1/5 to All on Sat Jun 28 00:00:00 2025
    URGENT SECURITY ALERT:

    The following servers have been compromised and should be de-peered immediately:

    i2pn2.org
    novabbs.com
    novabbs.org
    novalink.us
    rocksolidbbs.com

    If you are currently peering with any of these servers, please disconnect immediately to protect your systems and users.

    --
    Security Team
    Emergency Response


    Rest in Peace - Retro Guy

    --- SoupGate-Win32 v1.05
    * Origin: fsxNet Usenet Gateway (21:1/5)
  • From Nigel Reed@21:1/5 to security@i2pn2.org on Sat Jun 28 01:44:17 2025
    On Fri, 28 Jun 2025 00:00:00 +0000
    security@i2pn2.org (NovaBBS / RockSolid Security Team) wrote:

    URGENT SECURITY ALERT:

    The following servers have been compromised and should be de-peered immediately:

    i2pn2.org
    novabbs.com
    novabbs.org
    novalink.us
    rocksolidbbs.com

    If you are currently peering with any of these servers, please
    disconnect immediately to protect your systems and users.


    You might want to supply a bit more context.

    --
    End Of The Line BBS - Plano, TX
    telnet endofthelinebbs.com 23

    --- SoupGate-Win32 v1.05
    * Origin: fsxNet Usenet Gateway (21:1/5)
  • From Marco Moock@21:1/5 to All on Sat Jun 28 11:00:44 2025
    On 28.06.2025 00:00 Uhr NovaBBS / RockSolid Security Team wrote:

    If you are currently peering with any of these servers, please
    disconnect immediately to protect your systems and users.

    Which security impact does have an infected NNTP server to a peer?

    It can generate any message and offer it to the peer. Where is the real security problem?

    --
    kind regards
    Marco

    Send spam to 1751061600muell@stinkedores.dorfdsl.de

    --- SoupGate-Win32 v1.05
    * Origin: fsxNet Usenet Gateway (21:1/5)
  • From Richard Kettlewell@21:1/5 to Marco Moock on Sat Jun 28 10:14:37 2025
    Marco Moock <mm@dorfdsl.de> writes:
    On 28.06.2025 00:00 Uhr NovaBBS / RockSolid Security Team wrote:
    If you are currently peering with any of these servers, please
    disconnect immediately to protect your systems and users.

    Which security impact does have an infected NNTP server to a peer?

    It can generate any message and offer it to the peer. Where is the real security problem?

    If the adversary is aware of an (undisclosed) vulnerablity in the peer’s
    NNTP implementation, they could exploit it.

    In this case however the OP hasn’t given any detail, nor any explanation
    why anyone should listen to them. If they’re the operator of novabbs etc
    they could just shut it down themselve. If not then they need to explain
    why any of novabbs’s peers should pay attention.

    I don’t peer with novabbs but I wouldn’t disable a peer just because of
    an unauthenticated and unsupported claim on Usenet.

    --
    https://www.greenend.org.uk/rjk/

    --- SoupGate-Win32 v1.05
    * Origin: fsxNet Usenet Gateway (21:1/5)
  • From The Doctor@21:1/5 to mm@dorfdsl.de on Sat Jun 28 16:34:46 2025
    In article <20250628110044.421e145b@ryz.dorfdsl.de>,
    Marco Moock <mm@dorfdsl.de> wrote:
    On 28.06.2025 00:00 Uhr NovaBBS / RockSolid Security Team wrote:

    If you are currently peering with any of these servers, please
    disconnect immediately to protect your systems and users.

    Which security impact does have an infected NNTP server to a peer?

    It can generate any message and offer it to the peer. Where is the real >security problem?


    Possible break in on that node.

    --
    kind regards
    Marco

    Send spam to 1751061600muell@stinkedores.dorfdsl.de



    --
    Member - Liberal International This is doctor@nk.ca Ici doctor@nk.ca
    Yahweh, King & country!Never Satan President Republic!Beware AntiChrist rising! Look at Psalms 14 and 53 on Atheism ;
    All I want to hear from JEsus Christ is WEll done Good and Faithful servant

    --- SoupGate-Win32 v1.05
    * Origin: fsxNet Usenet Gateway (21:1/5)
  • From The Doctor@21:1/5 to invalid@invalid.invalid on Sat Jun 28 16:35:37 2025
    In article <wwvikkgdy82.fsf@LkoBDZeT.terraraq.uk>,
    Richard Kettlewell <invalid@invalid.invalid> wrote:
    Marco Moock <mm@dorfdsl.de> writes:
    On 28.06.2025 00:00 Uhr NovaBBS / RockSolid Security Team wrote:
    If you are currently peering with any of these servers, please
    disconnect immediately to protect your systems and users.

    Which security impact does have an infected NNTP server to a peer?

    It can generate any message and offer it to the peer. Where is the real
    security problem?

    If the adversary is aware of an (undisclosed) vulnerablity in the peer’s >NNTP implementation, they could exploit it.

    In this case however the OP hasn’t given any detail, nor any explanation >why anyone should listen to them. If they’re the operator of novabbs etc >they could just shut it down themselve. If not then they need to explain
    why any of novabbs’s peers should pay attention.

    I don’t peer with novabbs but I wouldn’t disable a peer just because of >an unauthenticated and unsupported claim on Usenet.


    Something is up.

    --
    https://www.greenend.org.uk/rjk/


    --
    Member - Liberal International This is doctor@nk.ca Ici doctor@nk.ca
    Yahweh, King & country!Never Satan President Republic!Beware AntiChrist rising! Look at Psalms 14 and 53 on Atheism ;
    All I want to hear from JEsus Christ is WEll done Good and Faithful servant

    --- SoupGate-Win32 v1.05
    * Origin: fsxNet Usenet Gateway (21:1/5)
  • From Xavier M@21:1/5 to Richard Kettlewell on Wed Jul 9 05:46:43 2025
    Richard Kettlewell wrote on Sat, 28 Jun 2025 10:14:37 +0100 :

    I don't peer with novabbs but I wouldn't disable a peer just because of
    an unauthenticated and unsupported claim on Usenet.

    May I ask a perhaps related question given in the past two days, someone/something has been spamming the crap out of the text newsgroups.

    Could it be related?

    It's tons of adobe product spam of binaries apparently, at least so far. <https://www.novabbs.com/interests/thread.php?group=alt.usage.english> <https://alt.usage.english.narkive.com/>

    Here's just one header.

    From: CPP <CPP-user@domain.com>
    Sender: CPP-user@domain.com
    Newsgroups: alt.tv.survivor,alt.usage.english,alt.usenet.kooks,alt.war.civil.usa,comp.lang.*,rec.arts.anime.misc,rec.autos.sport.f1,uk.rec.sheds
    Subject: (????) [1/7] - "Adobe Photoshop CC for Windows v25.7 with Free Tools.nzb" yEnc (1/1)
    Organization: Camelsystem
    X-Newsposter: Camelsystem Powerpost (Modified POWER-POST http://powerpost.camelsystem.nl)
    Lines: 79
    Message-ID: <uLibQ.495151$Ra5f.443045@fx13.iad>
    X-Complaints-To: abuse(at)newshosting.com
    NNTP-Posting-Date: Wed, 09 Jul 2025 00:31:22 UTC
    Date: Wed, 09 Jul 2025 00:31:22 GMT
    X-Received-Bytes: 10542
    X-Original-Bytes: 10490
    Xref: sewer alt.tv.survivor:17203 alt.usage.english:713140 alt.usenet.kooks:358676 alt.war.civil.usa:4517 rec.arts.anime.misc:5109 rec.autos.sport.f1:75975 uk.rec.sheds:204601

    --- SoupGate-Win32 v1.05
    * Origin: fsxNet Usenet Gateway (21:1/5)
  • From Urs =?UTF-8?Q?Jan=C3=9Fen?=@21:1/5 to In Xavier M on Wed Jul 9 11:53:53 2025
    In Xavier M <xmendizabal@euskaltel.com> wrote:
    May I ask a perhaps related question given in the past two days, someone/something has been spamming the crap out of the text newsgroups. Could it be related?

    look at the Path-header of the article -> no

    | Path: ...!border-4.nntp.ord.giganews.com!border-1.nntp.ord.giganews.com!nntp.giganews.com!peer01.iad!feed-me.highwinds-media.com!news.highwinds-media.com!fx13.iad.POSTED!not-for-mail

    --- SoupGate-Win32 v1.05
    * Origin: fsxNet Usenet Gateway (21:1/5)