Spam on Network

[beck]

Hi,
first of all my english is bad...
I got an irc server (Unreal3.2), and having spam, but i cant block it.
In status :

Code: Select all

[21:26:02] -irc.osn.lt- *** Notice -- Client connecting on port 6667: [EE]-800032 ([email protected]) [clients] 
-
[21:26:02] -irc.osn.lt- *** Notice -- Client exiting: [EE]-800032 ([email protected]) [Quit: ]

It takes about 1s so I can't kline or gline this user manualy, like typing /gline [EE]-800032.

And the whowas shows me :

Code: Select all

-
[EE]-800032 was [email protected] * Dillin Dildo
[EE]-800032 using irc.osn.lt Sun May 29 07:16:17 2005
End of WHOWAS
-

Ok, I got this porblem a long time ago, but sometimes theys spam block them.

The spamfilter.conf :

Code: Select all

 
except tkl {
	mask *@irvnca.pacbell.net;
	type gline;
};

except tkl {
	mask *@pacbell.net;
	type gline;
};

I've tryed a lot of ways, but no one helps me ,).
So any solutios ?

[Syzop]

I don't understand.. it's a spammer and you give it a tkl exception ?? ;) {an incorrect one, fortunately}

anyway, if you are using a recent unrealircd (which you should be running anyway) you can use spamfilter with the user target:

Code: Select all

/spamfilter add u gline 1d spammer ^\[EE\]-\d!

Which will ban everyone with [EE]- followed by a number.

Or if the 'EE' part is also random then this will ban [<2 letters>]-<digits>:

Code: Select all

/spamfilter add u gline 1d spammer ^\[[A-Z]{2}\]-\d!

[aquanight]

(Might want to use \d+, since the user in this case has >1 digit... )

[Syzop]

True :P

So:

Code: Select all

/spamfilter add u gline 1d spammer ^\[EE\]-\d+!

[Jason]

[21:26:02] -irc.osn.lt- *** Notice -- Client exiting: [EE]-800032 ([email protected]) [Quit: ]
It takes about 1s so I can't kline or gline this user manualy, like typing /gline [EE]-800032.

Am I the only one who takes issue with the inability to gline manually?

/gline *@207.215.245.84 0 GO AWAY

Glines are usually by mask. If you have only know of doing it by nick, re-read the documenation, you probably missed some other interesting things too.


Sigh... Come on guys... Give a man a fish and you will feed him for a day...

[Syzop]

Uh... hello?
This guy posts in the _spamfilter section_ saying he has a _spam problem_ and he pastes a [EE]-<somenumber> thingy... Since he didn't provide any additional information we then - of course - assume he is searching for a good regex for a spambot problem.

Btw, how is your manual gline after the user(s) quit within a second or so helping against this issue? The IP range seems also too broad (actually it are even completely different ip ranges).
So banning by nick patterns seems the way to go.. oh wait.. didn't I just suggest _just that_!
In fact I did, and since I assumed (incorrectly or not) that it were multiple bots.. it's even a better method since it would gline the host itself so any further attempts (like: new nick) are not (immediately) succesful.

[TigerKatziTatzi]

using gline against spambots is waste of time and would increase ur gline list too much. two choices. use opsb for having most recognized open proxies off network (catching most spambots/ floodbots). if ur not able to run opsb, what what kinda reason ever, use the spamfilter syntax posted by Syzop ( /spamfilter add u gline 1d spammer ^\[EE\]-\d+!). But instead of gline the users, use block as action, this will help as long he isn't changing the based nickname, so they aren't able to con to the network. and delete the tkl-blocks as mentioned.

/spamfilter add u block - spammer ^\[EE\]-\d+!

Ever tried to findout what kind of bots this is? u may able to uninstall them !

[w00t]

It may block - but then the ircd will be using resources reconnecting them whereas say a gzline action or whatever wouldn't allow this. It's really up to you.

[TigerKatziTatzi]

doesn't matter which one, it costs u eitherway resources. if gline or block. there won't be any differents. unusal traffic of refused connection by the bot and triggering by spamfilter. only advantage of block as action, is u keep ur gline list on low count.

[Jason]

So does a short gZline time. But a BLOCK will waste Much More than a gzline.