UnrealIRCd Forums

Welcome to the UnrealIRCd Forums!
https://forums.unrealircd.org/

New Flood Kiddie

https://forums.unrealircd.org/viewtopic.php?t=1143

Page 1 of 1

New Flood Kiddie

Posted: Mon Nov 29, 2004 12:19 am
by X-Trancer
How do I add into the Spamfilter.conf?
[01:08:03] * Joins: Just-Kidding ([email protected])
[01:08:06] <Just-Kidding> [TWMv05] Ethernet: Something used to catch the EtherBunny. HTTP://TWM2K4.TRIPOD.COM
[01:08:06] * Parts: Just-Kidding ([email protected]) ([TWMv05] HTTP://TWM2K4.TRIPOD.COM [TWMv05])
[01:08:32] * Joins: Just-Kidding ([email protected])
[01:08:36] <Just-Kidding> [TWMv05] Shell to DOS... Come in DOS, this is Shell calling, do you copy? HTTP://TWM2K4.TRIPOD.COM
[01:08:36] * Parts: Just-Kidding ([email protected]) ([TWMv05] HTTP://TWM2K4.TRIPOD.COM [TWMv05])
[01:10:03] * Joins: Just-Kidding ([email protected])
[01:10:06] <Just-Kidding> [TWMv05] BIT: A word used to describe computers, as in "Our son's computer cost quite a bit." HTTP://TWM2K4.TRIPOD.COM
[01:10:06] * Parts: Just-Kidding ([email protected]) ([TWMv05] HTTP://TWM2K4.TRIPOD.COM [TWMv05])

Posted: Mon Nov 29, 2004 12:27 am
by Stealth
Well, since you were there to see it, and it was one person, /gline works wonders...

If you want a spamfilter to block that exact part message:

Code: Select all

http://.+\.tripod\.com
will block everything that has tripod.com in it, with http:// in front of it.

Use the part and channel spamfilter types, see the docs for information on how to add/make spamfilters, and what the types are.

Posted: Mon Nov 29, 2004 6:41 pm
by Steck
Blocking all of tripod.com, is a bit "general".
There's also a problem with this, the bots spamming this that I found are using color codes between each character of the web address & [TWMv05], also the statement between those two is random, I've seen many different variations.

Posted: Mon Nov 29, 2004 7:05 pm
by Dukat
But why do you want to spamfilter that? It's just one user!
/gline him! :D

Posted: Mon Nov 29, 2004 7:49 pm
by medice
it seems that this is not really a single user - i've seen this today the first time be at least 5 on one network and another one (propabbly the same) on another network...

whats the situation with those color-tags? does spamfilter strip them out before matching the mask?

Posted: Tue Nov 30, 2004 3:01 am
by Steck
I've found no working regex for these.. even trying to compensate for each color code (this spam I've seen only uses black & white):

[0-9]T[0-9]E[0-9]S[0-9]T

etc. No luck thus far :-/

Posted: Tue Nov 30, 2004 3:51 am
by codemastr
From my testing spamfilter doesnt strip any codes.
Well I don't know what you tested, but it certainly does strip it. The first thing in the dospamfilter function is:
str = (char *)StripControlCodes(str_in);

Posted: Tue Nov 30, 2004 11:59 am
by Steck
Alright then,
What sort of regex would work best in this instance?
My attempts to write a decent regex have all failed.
Thanks

Posted: Tue Nov 30, 2004 5:13 pm
by Syzop
Personally, I would just have used (w/action 'block'):

Code: Select all

TWM2K4\.TRIPOD\.COM
But if you have an action gline or whatever then I suppose you want a way stricter one, I'm personally usually just nice and paranoid at the same time ;).
Sidenote: the site got removed >:)
All times are UTC
Page 1 of 1

Powered by phpBB® Forum Software © phpBB Limited