Anti CloneX spamfilter

These are old archives. They are kept for historic purposes only.
Post Reply
arbiter
Posts: 10
Joined: Mon Feb 28, 2005 1:06 pm

Anti CloneX spamfilter

Post by arbiter » Thu Mar 03, 2005 7:28 pm

I tested this regex , it stops most of ClonesX flooder script FloodBots, and i need help to add another regex.
/spamfilter add u kill - Connection_reset_by_peer [a-z][0-9]{1,4}!~[a-z][0-9]{1,4}@.+:[a-z]{6}

pardis.abadan.net- [Spamfilter] g6573!~u4338@pcp05208243pcs.walngs01.pa.comcast.net matches filter '[a-z][0-9]{1,4}!~[a-z][0-9]{1,4}@.+:[a-z]{6}': [user: 'g6573!~u4338@pcp05208243pcs.walngs01.pa.comcast.net:ogrnbi'] [Connection reset by peer]
-
-pardis.abadan.net- [Spamfilter] t254!~h7171@c-24-9-217-250.client.comcast.net matches filter '[a-z][0-9]{1,4}!~[a-z][0-9]{1,4}@.+:[a-z]{6}': [user: 't254!~h7171@c-24-9-217-250.client.comcast.net:zlobbo'] [Connection reset by peer]
-
-pardis.abadan.net- [Spamfilter] l661!~d3518@c-24-21-233-11.client.comcast.net matches filter '[a-z][0-9]{1,4}!~[a-z][0-9]{1,4}@.+:[a-z]{6}': [user: 'l661!~d3518@c-24-21-233-11.client.comcast.net:rmwxaj'] [Connection reset by peer]
-
-pardis.abadan.net- [Spamfilter] a4220!~o9244@pcp03044096pcs.andrsn01.tn.comcast.net matches filter '[a-z][0-9]{1,4}!~[a-z][0-9]{1,4}@.+:[a-z]{6}': [user: 'a4220!~o9244@pcp03044096pcs.andrsn01.tn.comcast.net:fixjxc'] [Connection reset by peer]
-
-pardis.abadan.net- [Spamfilter] b1038!~j9905@115-130-114-200.fibertel.com.ar matches filter '[a-z][0-9]{1,4}!~[a-z][0-9]{1,4}@.+:[a-z]{6}': [user: 'b1038!~j9905@115-130-114-200.fibertel.com.ar:khjigp'] [Connection reset by peer]

----------
you can change tkl for yourself.


I need help about this sample.
-pardis.abadan.net- *** Notice -- Client connecting on port 6667: abadadi6647 (~abadadi@84.241.6.4) [clients]
-
-pardis.abadan.net- *** Notice -- Client connecting on port 6667: abadadi9225 (~abadadi@84.241.6.4) [clients]
-
-pardis.abadan.net- *** Notice -- Client connecting on port 6667: abadadi3471 (~abadadi@84.241.6.4) [clients]

<pardis.abadan.net> abadadi8119 ~abadadi 84.241.6.4 :ovldio
<pardis.abadan.net> abadadi5667 ~abadadi 84.241.6.4 :crbutn
<pardis.abadan.net> abadadi9015 ~abadadi 84.241.6.4 :ojbbyy


realname is always 6 chars.
nickname is a string foloowed by $rand(1,9999)
username is same as given nickname without any digits
I tried some regex but they were not succesfull.
some are these:
([a-z].+)[0-9]{1,4}!~\1@.+:[a-z]{6}
([a-z]{1,6})[0-9]{1,4}!~\1@.+:[a-z]{6}
([:isgraph:]{1,6})[0-9]{1,4}!~\1@.+:[a-z]{6}

but they do not work properly , and sometimes it triggers wrongly ...
please help.

Syzop
UnrealIRCd head coder
Posts: 1957
Joined: Sat Mar 06, 2004 8:57 pm
Location: .nl
Contact:

Post by Syzop » Thu Mar 03, 2005 7:40 pm

unfortunately back references are broken in 3.2.2 and earlier, this is fixed in CVS / will be in 3.2.3.

A slight note on your existing regex btw, you used:
[a-z][0-9]{1,4}!~[a-z][0-9]{1,4}@.+:[a-z]{6}
but you probably want to explicitly start matching at the beginning by adding a ^:

Code: Select all

^[a-z][0-9]{1,4}!~[a-z][0-9]{1,4}@.+:[a-z]{6} 
because else nicks like Juline1984 will also be matched.
(and when we are at it, if the realname only is 6 alpha characters and nothing after it, you can end the regex with $)

White_Magic
Posts: 267
Joined: Tue Jan 18, 2005 3:24 pm
Location: Scotland - United Kingdom

Post by White_Magic » Thu Mar 03, 2005 10:52 pm

hehe i made a mirc script addon for them :P althou its still in testing phase so if u wanna try it feel free to pm me.
the difference is, it gives a " safenet " of 2 matching connects incase a user has a match of the regex - after 3 connects in x seconds of a matching it begins autobanning any following connections with a match it also lists the nicknames its excuting - as well as back tracks the users who triggered it to begin autobanning and bans them as well, it is made and working, it has been tested but well, everything gives false posatives ;)
i spend 4 hrs a day gaming and 14hrs on irc, for 5days a week, im not an addict :D

aquanight
Official supporter
Posts: 862
Joined: Tue Mar 09, 2004 10:47 pm
Location: Boise, ID

Post by aquanight » Fri Mar 04, 2005 4:09 am

White_Magic wrote:hehe i made a mirc script addon for them :P
sigh... the only problem with all these mirc addons etc is that not not everyone uses mIRC. Heck, not everyone even uses windows for their desktop. What use is a addon for a host program can't even run?

Syzop
UnrealIRCd head coder
Posts: 1957
Joined: Sat Mar 06, 2004 8:57 pm
Location: .nl
Contact:

Post by Syzop » Sat Mar 12, 2005 10:26 pm

Ok, well.. Because the I-use-mirc-on-wine stuff was getting quite offtopic I've moved it to here, it was not very clear how to split it correctly but ah well, I did my best.

--

I accidently (re)moved McTerry's comment in the process of doing so, so it's pasted below:
McTerry at Mar 12, 2005 22:41 wrote:STill using mIRC 6.0 and had never any serious problems with it. :D

I can give it a try White_Magic. Even if I don't have a NETWORK. :P

Post Reply