Page 1 of 2
nicks made of random letters
Posted: Sun Jan 02, 2005 4:36 am
I'm having a bad problem with thes bots connecting with nick/ident made of random letters. (See below)
[22:21] CONNECTION on port 6667: eGrNxxLu (~email@example.com
[22:21] CONNECTION on port 6667: pKKLNoBLf (~firstname.lastname@example.org)
[22:21] CONNECTION on port 6667: SLowA (~email@example.com)
[22:21] CONNECTION on port 6667: mCiPTnMAE (~firstname.lastname@example.org)
I know there are nick spamfilters, but is there a way to make a spamfilter for this randomness?
These bots have no version reply so I can't set a version ban
Thanks in advance
Posted: Sun Jan 02, 2005 4:38 am
And what do they do (besides connecting)? :p
Posted: Sun Jan 02, 2005 4:40 am
No idea why it didn't log me in before.
Most of then also join channels that are random letter. THey then part, change nick, join another random channel. SOmetimes I get lucky and they join a constant channel, which I created a scropt to ban them on join... but I'm not always that lucky...
Posted: Sun Jan 02, 2005 4:44 am
Any chance they have a common real name?
Also, find out what messages they send, what channels they join, and some other behaior they might have.
Posted: Sun Jan 02, 2005 4:48 am
There's not a lot of other activity.
After a while, they join channels that are not +s/+p and send a PM or notice to users with generic text...
[quite]$nick can you help?
The real name is more random letters. Here are the common channels that some join.
That's pretty much it.
Posted: Sun Jan 02, 2005 5:09 am
Try talking to one after it PM's you, that is a new way of spamming. The bot messages you and waits for a reply, sometimes it will send you generic lamer-like text for a few messages and then send the spam.
More info to try -
Does it respond to CTCP's? try these:
Posted: Sun Jan 02, 2005 5:26 am
No responce to any CTCPs.
Some have replied to PMs tho. However, others have not.
There was once, one of the random channels, the bot had set the topic to "Ban Tommy to stop spam"
There are a lot of bots that registered their nicks... The email address used is generated by a bunch of random letters for user and domain.
Posted: Tue Jan 04, 2005 12:00 am
I've started on a module to ""detect"" these "random nicks", note however that by design this will lead to false positives (and false negatives).. I've unfortunately no idea yet how much (although initial results look good), so.. we'll see... :).
edit: I've finished the module and send it out to the thread-starter and someone else I know that has been affected badly by these bots... As soon as I hear it works fine I'll put it on my site and post a link (new message) here :).
Posted: Tue Jan 04, 2005 8:45 am
I've started on a module to ""detect"" these "random nicks", note however that by design this will lead to false positives (and false negatives).. I've unfortunately no idea yet how much (although initial results look good), so.. we'll see...
edit: I've finished the module and send it out to the thread-starter and someone else I know that has been affected badly by these bots... As soon as I hear it works fine I'll put it on my site and post a link (new message) here
We've had problems with these for awhile now on and off. Same "MO" as the above and since having changed domain names for our network they of course died off but are now starting to appear again in dribs and drabs usually 2-4 per overnight but I suspect the number is on the increase.
Posted: Wed Jan 05, 2005 1:22 am
It seems I'm not really getting any feedback from the 2 I sent the module to.. ah well, they might be busy and I tend to be inpatient with these things (hate to waste a day when I might have a good working solution for quite a problem).
If you have this bot problem and would like to test my module, please PM or email me and I'll send it to you.
So please not persons that 'just want to look at it', although it's no secret (and in fact GPL'd) I would like it to be non-public until it has been properly tested (within a few days I hope? ;p).
Posted: Wed Jan 05, 2005 1:49 am
Gah. Sorry about that. I've been so busy today. Been out running errands through most of it. I sent my reply tho
Posted: Thu Jan 06, 2005 2:43 am
Thats a bot you can find here --> http://www.poonscape.com/downloads/
Thats the closest info I can find about this shitty bot.
I'm not sure what it actually does. But it looks like it's a fighting bot.
You can fight against it or play games.
There seems to be more of those bots out there. After reading the forums you can atleast find four or more bots that have the same function.
I downloaded SBoT201.zip and saw that there is two *.bat files.
One is called run.bat
and the second train.bat
There is also one *.txt file with no info in it.
It just says continuer
Then two folders. One called Data
and the other one called Scripts
Data folder contains *.jag and *.mem files. (Have no clues about what they do.
Scripts folder contains another *.bat file called compile.bat
The only info I can find about this bot mentioned above is found here.
http://www.rscheatnet.com/forums/index. ... topic=1696
There is probably more information to look for but I'm way to lazy and not even intrested in knowing more.
Also. There is a bot called Ruinbot. Found it's own thread in same forum.
http://www.rscheatnet.com/forums/index. ... wtopic=265
Posted: Thu Jan 06, 2005 4:27 pm
I've released my AntiRandom module
to the public now.
Got a few results from 2 sources: on one it killed 5 out of 7 random looking bots and 0 innocent users, on another it killed 1 "bad user" and 0 innocent [no bots at that time]). So the initial results don't look too bad :).
[correct.. no windows version on my page, and no nice set:: configurable stuff but in the source..]
Posted: Thu Jan 06, 2005 8:41 pm
Do you have an estimate on when this module will be available on windows?
Currently when I try to compile it for windows, I get 3 unresolved external symbols.
Posted: Thu Jan 06, 2005 8:41 pm
I guess this module would be great.
Nice job on it Syzop.