Anti CloneX spamfilter
Posted: Thu Mar 03, 2005 7:28 pm
I tested this regex , it stops most of ClonesX flooder script FloodBots, and i need help to add another regex.
/spamfilter add u kill - Connection_reset_by_peer [a-z][0-9]{1,4}!~[a-z][0-9]{1,4}@.+:[a-z]{6}
pardis.abadan.net- [Spamfilter] g6573!~[email protected] matches filter '[a-z][0-9]{1,4}!~[a-z][0-9]{1,4}@.+:[a-z]{6}': [user: 'g6573!~[email protected]:ogrnbi'] [Connection reset by peer]
-
-pardis.abadan.net- [Spamfilter] t254!~[email protected] matches filter '[a-z][0-9]{1,4}!~[a-z][0-9]{1,4}@.+:[a-z]{6}': [user: 't254!~[email protected]:zlobbo'] [Connection reset by peer]
-
-pardis.abadan.net- [Spamfilter] l661!~[email protected] matches filter '[a-z][0-9]{1,4}!~[a-z][0-9]{1,4}@.+:[a-z]{6}': [user: 'l661!~[email protected]:rmwxaj'] [Connection reset by peer]
-
-pardis.abadan.net- [Spamfilter] a4220!~[email protected] matches filter '[a-z][0-9]{1,4}!~[a-z][0-9]{1,4}@.+:[a-z]{6}': [user: 'a4220!~[email protected]:fixjxc'] [Connection reset by peer]
-
-pardis.abadan.net- [Spamfilter] b1038!~[email protected] matches filter '[a-z][0-9]{1,4}!~[a-z][0-9]{1,4}@.+:[a-z]{6}': [user: 'b1038!~[email protected]:khjigp'] [Connection reset by peer]
----------
you can change tkl for yourself.
I need help about this sample.
-pardis.abadan.net- *** Notice -- Client connecting on port 6667: abadadi6647 ([email protected]) [clients]
-
-pardis.abadan.net- *** Notice -- Client connecting on port 6667: abadadi9225 ([email protected]) [clients]
-
-pardis.abadan.net- *** Notice -- Client connecting on port 6667: abadadi3471 ([email protected]) [clients]
<pardis.abadan.net> abadadi8119 ~abadadi 84.241.6.4 vldio
<pardis.abadan.net> abadadi5667 ~abadadi 84.241.6.4 :crbutn
<pardis.abadan.net> abadadi9015 ~abadadi 84.241.6.4 jbbyy
realname is always 6 chars.
nickname is a string foloowed by $rand(1,9999)
username is same as given nickname without any digits
I tried some regex but they were not succesfull.
some are these:
([a-z].+)[0-9]{1,4}!~\1@.+:[a-z]{6}
([a-z]{1,6})[0-9]{1,4}!~\1@.+:[a-z]{6}
([:isgraph:]{1,6})[0-9]{1,4}!~\1@.+:[a-z]{6}
but they do not work properly , and sometimes it triggers wrongly ...
please help.
/spamfilter add u kill - Connection_reset_by_peer [a-z][0-9]{1,4}!~[a-z][0-9]{1,4}@.+:[a-z]{6}
pardis.abadan.net- [Spamfilter] g6573!~[email protected] matches filter '[a-z][0-9]{1,4}!~[a-z][0-9]{1,4}@.+:[a-z]{6}': [user: 'g6573!~[email protected]:ogrnbi'] [Connection reset by peer]
-
-pardis.abadan.net- [Spamfilter] t254!~[email protected] matches filter '[a-z][0-9]{1,4}!~[a-z][0-9]{1,4}@.+:[a-z]{6}': [user: 't254!~[email protected]:zlobbo'] [Connection reset by peer]
-
-pardis.abadan.net- [Spamfilter] l661!~[email protected] matches filter '[a-z][0-9]{1,4}!~[a-z][0-9]{1,4}@.+:[a-z]{6}': [user: 'l661!~[email protected]:rmwxaj'] [Connection reset by peer]
-
-pardis.abadan.net- [Spamfilter] a4220!~[email protected] matches filter '[a-z][0-9]{1,4}!~[a-z][0-9]{1,4}@.+:[a-z]{6}': [user: 'a4220!~[email protected]:fixjxc'] [Connection reset by peer]
-
-pardis.abadan.net- [Spamfilter] b1038!~[email protected] matches filter '[a-z][0-9]{1,4}!~[a-z][0-9]{1,4}@.+:[a-z]{6}': [user: 'b1038!~[email protected]:khjigp'] [Connection reset by peer]
----------
you can change tkl for yourself.
I need help about this sample.
-pardis.abadan.net- *** Notice -- Client connecting on port 6667: abadadi6647 ([email protected]) [clients]
-
-pardis.abadan.net- *** Notice -- Client connecting on port 6667: abadadi9225 ([email protected]) [clients]
-
-pardis.abadan.net- *** Notice -- Client connecting on port 6667: abadadi3471 ([email protected]) [clients]
<pardis.abadan.net> abadadi8119 ~abadadi 84.241.6.4 vldio
<pardis.abadan.net> abadadi5667 ~abadadi 84.241.6.4 :crbutn
<pardis.abadan.net> abadadi9015 ~abadadi 84.241.6.4 jbbyy
realname is always 6 chars.
nickname is a string foloowed by $rand(1,9999)
username is same as given nickname without any digits
I tried some regex but they were not succesfull.
some are these:
([a-z].+)[0-9]{1,4}!~\1@.+:[a-z]{6}
([a-z]{1,6})[0-9]{1,4}!~\1@.+:[a-z]{6}
([:isgraph:]{1,6})[0-9]{1,4}!~\1@.+:[a-z]{6}
but they do not work properly , and sometimes it triggers wrongly ...
please help.