Auto NANAS And LART (ANAL)

[Scripts Archive Main] | [Download Now | Requirements | Online Documentation ]

Auto NANAS And LART (ANAL) is a script designed to help anti-spammers. This script will send abuse reports and post a copy of a spam message in the Usenet group news.admin.net-abuse.sightings, all in one process. The script sends LARTs via email and can post to NANAS via either email or NNTP.

All you do is paste a copy of the spam into the ANAL form, type in any LART destinations, and add LART comments if necessary. The script then mails LARTs to the addresses you specified and posts a copy of the spam to NANAS. The copy posted to NANAS will indicate who received LARTs as well as contain any comments you included. Your abuse reports will be Googled right along with the spam, which can help you mount evidence in the case of a persistent spammer.

To view a NANAS post generated by ANAL, click here. You can view the corresponding LART here. The post and the LART were sent simultaneously by the script, but the content of the different messages varies a bit.

Requirements:

• PHP 4.0 or newer
• sendmail must be installed and running on your system
• PHP must be compiled with sockets support to post to NANAS via NNTP

Documentation

To install ANAL, first set the configuration variables at the top of the script. They're fairly self-explanatory, but if you get stuck, here are some tips:

• You must set at least your $lartfrom address and your $nanasfrom address. $lartfrom is used on outgoing LARTs, $nanasfrom is used on NANAS posts.
  
  
• Please use a valid, unmunged email address (and only the address, without a name or additional punctuation) as your $lartfrom address. This address will be used in the From, Reply-To, and Return-Path headers of email messages; LARTs will also be BCC'd to this address. Abuse desks will be unable to contact you if you set this variable to an invalid address.
  
  
• In order to send NANAS posts via NNTP, set $newsserver to your news server's address and define $newsuser and $newspass if your news server requires them. Your $nanasfrom address can be any RFC1036 compliant string, such as you@example.com (You) or You <you@example.com> or just you@example.com. If you do not enter a news server address, NANAS posts will be made via email, but they will still use the $nanasfrom address in the header.
  

Next, to set up the auto-munging, scan down the script about 10 lines beyond the config section until you see a group of 4 str_replace commands:

$message = str_replace("shaun", "[munged]", $message);
$message = str_replace("shat", "[munged]", $message);
$message = str_replace("domain-i-own", "[munged]", $message);
$message = str_replace("another-domain", "[munged]", $message);

Those commands serve to "mung" or obfuscate things like your email address, domain names, your full name, or any other personal information you don't want to pass along in LARTs or post to NANAS. The munging is done before the script sends email or makes a post. You can add more commands by duplicating one of the existing str_replace lines and adjusting the string to be munged. The format for the command is str_replace("target", "replacement", $message); as you probably noticed.

Upload the script to your web server in ASCII mode and load it in your browser. Fill out the fields as indicated and hit the "Kill a Spammer" button. It it not necessary to LART, i.e. this script can be used for posting to NANAS only; just leave the LART-related fields blank. This can be useful if you can't figure out who should receive abuse reports about a particular spam, or if you don't have the time to track the spammer down.

Note: Because you'll be pasting in the spam instead of forwarding it, you can use any mailbox you like on the envelope of outgoing mail. It is suggested that you create a new mailbox specifically for NANAS posting and LARTing, if you don't have one already. This address will appear in the headers of Usenet posts, and could be passed along to spammers by irresponsible abuse desks, so you should expect to receive spam at the address you specify in the configuration.

History:

• 7/1/02: Thanks to Mark who found a major bug: an underscore in one instance of the $newsserver variable name was causing all NANAS posts to go through email instead of news. Can't believe I didn't notice this one. Bug fixed.
• 5/20/02: Initial release.