Deconstructing Mongo – A SysAdmin’s POV

This isn’t really a “Carping Comment”, more of an “over-enthused” one, but I’m putting it in the “Carping Comments” category as that’s the closest I’ve got. The basic point being that this isn’t just some Regular Reader making a Regular Comment; and I’m commenting on it / analyzing it; so more of a meta-comment treatment as in Carping Comments.

Every day I get a load of “odd comments”. Mostly these will auto-filter into SPAM and take no attention from me. The SPAM Topic Of The Day tends to wander around. Right now it’s “Poker” (and pointing to poker urls) along with some amount of pushing CBD oil and “vaping” shops.

Every so often you get some comments that are just not quite right, but seem written to address the topic du jour. (Many SPAM comments are targeted at threads that are still open, but that have been quiet for months, so that’s also a bit of a ‘tell’).

This does look like the comment is aimed at the topic, and is current, so passes the first test.

Next up I look at the Name and the EMAIL address. Do they look related and legit? So a posting from Mary Sue with an email of HotBabesRus.com is suspicious, especially if aimed at a topic like “How to make pizza” and discussing on-line pleasure palaces…

So what’s this one got?

Mongo
end@this.com

As already pointed out “Mongo” is a character from Blazing Saddles. While aliases, even cute ones, are OK, they get a bit more scrutiny than things that look like a Real Name ™ and where the email matches.

In this case, the email address also looks suspiciously like a joke. It was posted at the Portland PD article.

So we check it.

root@XU4uDevuan3:/# nslookup this.com
Server: 127.0.0.1
Address: 127.0.0.1#53

Non-authoritative answer:
Name: this.com
Address: 72.52.225.65

Well, the server certainly exists. I wasn’t expecting that, but it is a real IP number and name per “nslookup”. Now we do a “whois” on the number. I’m going to delete some lines as it is rather long:

root@XU4uDevuan3:/# whois 72.52.225.65
{normal ARIN nag deleted. -EMS}
NetRange: 72.52.128.0 – 72.52.255.255
CIDR: 72.52.128.0/17
NetName: LIQUIDWEB
[…]
Organization: Liquid Web, L.L.C (LQWB)
RegDate: 2006-08-03
Updated: 2016-12-19
[…]
City: Lansing
StateProv: MI
PostalCode: 48917
Country: US
RegDate: 2001-07-20
Updated: 2020-04-29
[…]
OrgTechName: IP Administrator
OrgTechPhone: +1-800-5xx-xxxx
OrgTechEmail: FOO@liquidweb.com
{Has normal IP Admin phone number and email address. I’m masking it. E.M.S.}

So the site is real and legit, in Lansing Michigan. How about the IP the guy is posting from? I’m making the last quartet of the IP xxx just for a bit of privacy for Mongo:

root@XU4uDevuan3:/# whois 45.153.160.xxx
{normal nag deleted. E.M.S.}

% Information related to ‘45.153.160.0 – 45.153.160.255’
% Abuse contact for ‘45.153.160.0 – 45.153.160.255’ is ‘abuse@moneroj.eu’

inetnum: 45.153.160.0 – 45.153.160.255
netname: Moneroj-VPS
country: NL
[…]
created: 2020-12-01T14:31:54Z
last-modified: 2020-12-08T11:01:34Z
[…]
org-name: Moneroj-NL
org-type: OTHER
address: 26 De Linge, Dronten, 8253 PJ, Netherland
abuse-c: AR55580-RIPE

So there’s the first suspicious bits. First off, why is someone with email in Lansing Michigan posting from a site in Dronten Netherlands? And one that was only created 7 months ago? Seems like a mis-direction to me.

Is that email even a valid one? Might someone have just thought it was cutsy and didn’t know that ‘this.com’ was a real site?

https://verifalia.com/validate-email

[list of other checks skipped. E.M.S.]

SMTP server validation
The mail exchanger of the email address domain can be contacted successfully.

Mailbox validation
The mailbox for the e-mail address does not exist.

So that would be a “NO!”.

OK, name and email address are both bogus. Absent some other indications of this being an honest real person, it belongs in the probably SPAM or TROLL and definitely suspicious group. But what is the content?

FWIW, at this point unless there is some really good content in such a message I’ll just trash it. I do that maybe 1 time a year. Mostly the content flags it as SPAM. Those are about 1 a day that were not caught by the Auto-SPAM filters.

We’ll take this comment in chunks and I’ll list my “Aw Crap” flags as they accrue:

There’s just too much talk and playing around. A dead enemy can’t fight you. And if that horror spreads to their host (parents housing them in basements) – these riots will stop.

While these are at core just statements of what are nominally true things, the tone is edging toward thinking it desirable to go for violence. As I’m a zero violence kind of guy, I find this a bit unsettling.

This is a job for Ghengis Khan.

Over The Top (OTT) hyperbolic statement. Poor style and implicit advocacy for one of the greatest Mass Murderers of all time who destroyed nations. Unless there’s a joke coming or this is clarified as just being parody for effect or some other artistic device, not good.

Portland police should go on strike. This situation is beyond them. Ideally, even the feds will fear to wade in – until it’s over.

True and reasonable statements. Though why one would find it desirable for higher authorities to not take over from locals-on-strike is a bit unclear.

Some of these Antifas had training and wear body armor (who paid for this). They’ll be tougher to kill. But bring enough people with varmint rifles and they’ll go down too. Their wounded will provide the identity of Antifa’s funding sources.

Um, this is a direct advocacy for a violent attack on other human beings. That’s both violation of law, and a horrible idea. While it would be nice to know the backers / funders of the Street Riot Mobs (Antifa / BLM / etc.) doing it via murder and war in the streets is not only incredibly dumb, but highly illegal and immoral.

It is as this point I begin to wonder the 3 way question:

Troll (Antifa / BLM / etc. advocate trying to get others in trouble via endorsing such stupidity, trying to politically “dirty up” the site, or just a regular Troll trying to kick up a fuss)

Stupid Person (some people ARE dumb enough to want such things as a war in the streets and murder by the dozen. Take Antifa and BLM for example. Or really anyone who believes in the Communist Revolution goal.)

TLA / Agency phish (There ARE loads and loads of Agents of various TLAs from around the world assigned to infiltrate and investigate just about everyone. They usually propose OTT ideas and emotionally loaded scenarios to try to establish their creds. It’s a bit of a heavy handed dumb example in this one, but hey, not all undercovers are all that bright or good at their job. A good one would have a real email address for “off site” communications and would spend a few weeks being bland to get the lay of the land first. But like I said, not all of them are that bright. Mongo isn’t.)

But at this point the “No Way!” flag is up. No way am I letting an advocacy for murder through. Approval also opens the WhiteList of trust for whatever else might follow. This is just entirely beyond the pale for a moral society and not approved here.

But maybe it was just one unfortunate sentence?

It’s time for Antifa to go. No more ridiculous street battles. Real deal lynch mobs with permanent solutions.

Oh Dear. That too would be an “Um, no.” Going for the “permanent solution” line? That’s so lame the “likely a TLA” vote gets stronger. Pushing a “lynch mob”? Really? Sounds like someone who has a caricature of Conservatives and Libertarians in mind that’s set in 1880 Anti-bellum Georgia… At this point “Stupid Troll” and “TLA” are about neck in neck (so to speak ;-) (I’ll get my coat… 8-)

Now he / she / it (Damn, Mongo didn’t give their pronouns! Well, whatever. BTW He / she /it is pronounced “Heshit”… (I know, forget the coat, just leave quickly ;-)

Always grab their wallets and phones. Walk up their relationships and deal with them. Take any cash and donate to soup kitchens using their new name : “Dead Antifa”

Those in rural Oregon should be alert for escapees – and deal with them.

At this point they are well into the Violent Fantasy Land scenario. Wanting to “deal with” everyone in a contacts list? Even their doctor or car repair shop? Really? To be that far “off the rails” is a bit beyond Troll, so I’m leaning more toward TLA. OTOH, the stupid in it is more in keeping with Troll as guys making Big Bucks at TLAs are usually brighter than that. Whatever. Maybe it’s a TLA from a foreign country who is a bit clueless about what Real Americans are like…

So that’s the Mongo Comment. By posting it as a Carping Comment folks can learn how to spot such stuff themselves, what kinds of tools exist, and can also see some of the more crazy stuff that can show up in an un-moderated comment thread.

This kind of stuff is why I moderate comments. Aside from the fact that it’s offensive to civilized folks, and inflammatory of arguments; there’s the real possibility that it is someone attempting to cause a crime to be committed. I’m pretty sure that advocating for the death of others, and promoting armed conflict on the streets are some kind of crime somewhere in the world, so just to avoid the “attempted entrapment” alone is enough reason to toss the comment.

But long before that the general angry / unthinking tone of it had driven me away.

There you have it. One Violent Loon looking to promote a street war? Or a TLA Agent attempting to provoke some subtle “crime by agreement”? Entrapment in progress? Or just sociopath venting?

I don’t know which one it is, but I do know it doesn’t belong here as a comment.

Subscribe to feed

About E.M.Smith

A technical managerial sort interested in things from Stonehenge to computer science. My present "hot buttons' are the mythology of Climate Change and ancient metrology; but things change...
This entry was posted in Carping Comments, Tech Bits. Bookmark the permalink.

11 Responses to Deconstructing Mongo – A SysAdmin’s POV

  1. jim2 says:

    One tactic I WOULD like to see is just for Portland, without warning or fanfare, roll out water cannons and do some bowling for Antifa. And we need video from multiple vantage points. That would be great!

  2. p.g.sharrow says:

    You are right, sounds like a trap being laid.
    I am getting a bunch of spam and trash linked to 2 posts that no one ever visits. often 10 times more spam then real visitors. kind of a pain clearing the que every morning and night. I can’t seem to block the guy that is shilling for betting channels, He hits me several times a day, And there is some group that just generates lame polish the apple type comments and addresses that must be generated by a computer on a picture that I posted.that is never visited. They seem to be coming from everywhere. I just block and erase them. They come up with new addresses. but Block on the betting shill seems to have no effect. ;-)
    Sometimes life is a bowl of cherries, but often just the pits…pg

  3. p.g.sharrow says:

    @jim2; those people are working for money and are well paid and protected. Bring down their paymasters and they will disappear back to being the petty criminals that they are. Bring down their Paymasters and you may well being down the Politicians and Bureaucrats that protect them

  4. jim2 says:

    PGS – good points about the puppet masters, but those in the streets are violent. I wouldn’t shed a tear as I watched them slide down the street – unless, that is, I laughed ’til I cried!

  5. p.g.sharrow says:

    I think that WordPress is under attack. Having a hard time makeing connection . I just got hit by a new spammer, 8 copies of the same comment at the same time, same address and guy, same post that has not been hit before and no actual visit

  6. E.M.Smith says:

    @P.G.:

    I’m not getting any excess SPAM at present.

    It’s been my experience that some Spammer will just start a tearing run and whack every open posting you have, then move on to the next guy. I’ll have the usual low level for a while, then WHAM, a flood, and then it moves on.

    Usually the worst ones I only see once and then not again. I think WordPress gets enough complaints or log files they put a rule in to just block the stuff / point of origin.

    OTOH, we know for a fact that at least 3 foreign countries are heavily vested in whacking the US Infrastructure and networks, so I’d expect some amount of abuse at any time.

  7. philjourdan says:

    @p.g.sharrow – re: getting paid – Soros. Time to honor that extradition treaty with Russia.

    But yea, when EMS started to tell us on the other thread about Mongo, my spidey senses went past troll and stupid and straight to TLA. Real news is brimming with both stories about folks trying to be recruited by the TLAs and also evidence (like 30 unindicted co-conspirators who were actually IN the Capitol) of the TLAs basically suborning the law (encouraging someone to break the law is against the law).

  8. p.g.sharrow says:

    I fear that the 400 are POWs captured by the Enemy Army. This move ,counter move, maneuvers remind me of war games on a game board. The Enemy has the high ground and strongholds but we have the field, numbers and can maneuver. Their attempts to control communications is faltering as we are slowly winning the propaganda battles. Our troops are becoming more resolute and determined to take the fight to the end while their troops are beginning to desert them.

    Oh yes one other thing. Nostradamus said “500 years from my time, the philosophy of More (Utopia) would be discredited for all time”…… It is time…pg.

  9. Terry Jackson says:

    From back in November, per Eric Swalwell remarks
    https://monsterhunternation.com/2018/11/19/the-2nd-amendment-is-obsolete-says-congressman-who-wants-to-nuke-omaha/

    From today
    https://pjmedia.com/instapundit/457833/

    Mongo is mimicking the left’s earlier and current comments, See Pres Biden remarks today about nukes and F-15s.. Follow the link to Kurt Sclichter’s Twitter thread. My take: Some have their back up and bristled, others are trying to talk sense and reasonable. The chance of misunderstanding is high.

  10. jim2 says:

    TJ – If you want to get the military pissed off at you, just burn a rainbow flag.

  11. H.R. says:

    @Terry Jackson re Mongo: “Mongo is mimicking the left’s earlier and current comments, See Pres Biden remarks today about nukes and F-15s.”

    Excellent! Excellent memory and excellent spotting of Commie-Crappola and what they think we, the ignorant masses, obsess on all day.

    Bot. Definitely a programmed bot set loose to entrap, or at least smear, any blog and blogger as a rightwing, conspiracy-consumed, knuckle dragging, gun toting, Bible thumping, low IQ, hatemongering Republican. And we all know there’s nothing worse than that, eh?

    So that’s how bright, cheerful, freedom loving people are perceived by those on the Fascist/Commie side of the equation.

Anything to say?

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out /  Change )

Google photo

You are commenting using your Google account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )

Connecting to %s

This site uses Akismet to reduce spam. Learn how your comment data is processed.