recent mirc idiotic crap

xirian · Post by **xirian** » Fri Jun 17, 2005 4:17 pm

lately my users have been getting alot of this:
(11:53:19) <+Viper007Bond> [Fri 08:49:05] <kairi> Have you heard about the irc control script?
(11:53:19) <+Viper007Bond> [Fri 08:49:22] <kairi> People can control what people say
(11:53:19) <+Viper007Bond> [Fri 08:49:39] <Viper007Bond> huh?
(11:53:19) <+Viper007Bond> [Fri 08:49:56] <kairi> Yeah it was on the news
(11:53:23) <+Viper007Bond> [Fri 08:50:29] <kairi> People can make people say stuff unless you type an anti script
(11:53:23) <+Viper007Bond> [Fri 08:50:47] <Viper007Bond> what's the anti-script?
(11:53:23) <+Viper007Bond> [Fri 08:51:27] <kairi> this is it //me

| write -c x ctcp 1:*:?:$1- | //me : | .load -rs x if you were vunrable it would say ctcp deactivated

whats an easy way to block the script line? And does anyone have any real idea what this does?

Post by **Syzop** » Fri Jun 17, 2005 4:33 pm

This is quite a 'general' filter, but it should work (very?) well:

Code: Select all

/spamfilter add p block - mirc_trojan_attempt //.*write.*\.load

Basically, it hunts for '//', then for 'write', and then for '.load', if all of these 3 elements are present (after each other), then it blocks the message.
Although there are other techniques, these probably match many of these "trojans"/"exploits".

And does anyone have any real idea what this does?

It allows anyone to control the user (execute any command) via CTCP.

xirian · Post by **xirian** » Fri Jun 17, 2005 4:55 pm

thanks for the quick reply, hopefully this'll get them