UnrealIRCd Forums

I tested this regex , it stops most of ClonesX flooder script FloodBots, and i need help to add another regex.
/spamfilter add u kill - Connection_reset_by_peer [a-z][0-9]{1,4}!~[a-z][0-9]{1,4}@.+:[a-z]{6}

pardis.abadan.net- [Spamfilter] g6573!~[email protected] matches filter '[a-z][0-9]{1,4}!~[a-z][0-9]{1,4}@.+:[a-z]{6}': [user: 'g6573!~[email protected]:ogrnbi'] [Connection reset by peer]
-
-pardis.abadan.net- [Spamfilter] t254!~[email protected] matches filter '[a-z][0-9]{1,4}!~[a-z][0-9]{1,4}@.+:[a-z]{6}': [user: 't254!~[email protected]:zlobbo'] [Connection reset by peer]
-
-pardis.abadan.net- [Spamfilter] l661!~[email protected] matches filter '[a-z][0-9]{1,4}!~[a-z][0-9]{1,4}@.+:[a-z]{6}': [user: 'l661!~[email protected]:rmwxaj'] [Connection reset by peer]
-
-pardis.abadan.net- [Spamfilter] a4220!~[email protected] matches filter '[a-z][0-9]{1,4}!~[a-z][0-9]{1,4}@.+:[a-z]{6}': [user: 'a4220!~[email protected]:fixjxc'] [Connection reset by peer]
-
-pardis.abadan.net- [Spamfilter] b1038!~[email protected] matches filter '[a-z][0-9]{1,4}!~[a-z][0-9]{1,4}@.+:[a-z]{6}': [user: 'b1038!~[email protected]:khjigp'] [Connection reset by peer]

----------
you can change tkl for yourself.


I need help about this sample.
-pardis.abadan.net- *** Notice -- Client connecting on port 6667: abadadi6647 ([email protected]) [clients]
-
-pardis.abadan.net- *** Notice -- Client connecting on port 6667: abadadi9225 ([email protected]) [clients]
-
-pardis.abadan.net- *** Notice -- Client connecting on port 6667: abadadi3471 ([email protected]) [clients]

<pardis.abadan.net> abadadi8119 ~abadadi 84.241.6.4 vldio
<pardis.abadan.net> abadadi5667 ~abadadi 84.241.6.4 :crbutn
<pardis.abadan.net> abadadi9015 ~abadadi 84.241.6.4 jbbyy


realname is always 6 chars.
nickname is a string foloowed by $rand(1,9999)
username is same as given nickname without any digits
I tried some regex but they were not succesfull.
some are these:
([a-z].+)[0-9]{1,4}!~\1@.+:[a-z]{6}
([a-z]{1,6})[0-9]{1,4}!~\1@.+:[a-z]{6}
([:isgraph:]{1,6})[0-9]{1,4}!~\1@.+:[a-z]{6}

but they do not work properly , and sometimes it triggers wrongly ...
please help.

unfortunately back references are broken in 3.2.2 and earlier, this is fixed in CVS / will be in 3.2.3.

A slight note on your existing regex btw, you used:

[a-z][0-9]{1,4}!~[a-z][0-9]{1,4}@.+:[a-z]{6}

but you probably want to explicitly start matching at the beginning by adding a ^: because else nicks like Juline1984 will also be matched.
(and when we are at it, if the realname only is 6 alpha characters and nothing after it, you can end the regex with $)

hehe i made a mirc script addon for them althou its still in testing phase so if u wanna try it feel free to pm me.
the difference is, it gives a " safenet " of 2 matching connects incase a user has a match of the regex - after 3 connects in x seconds of a matching it begins autobanning any following connections with a match it also lists the nicknames its excuting - as well as back tracks the users who triggered it to begin autobanning and bans them as well, it is made and working, it has been tested but well, everything gives false posatives

White_Magic wrote:hehe i made a mirc script addon for them

sigh... the only problem with all these mirc addons etc is that not not everyone uses mIRC. Heck, not everyone even uses windows for their desktop. What use is a addon for a host program can't even run?

Ok, well.. Because the I-use-mirc-on-wine stuff was getting quite offtopic I've moved it to here, it was not very clear how to split it correctly but ah well, I did my best.

--

I accidently (re)moved McTerry's comment in the process of doing so, so it's pasted below:

McTerry at Mar 12, 2005 22:41 wrote:STill using mIRC 6.0 and had never any serious problems with it. :D

I can give it a try White_Magic. Even if I don't have a NETWORK. :P