SpamFiltering clons's realnames

These are old archives. They are kept for historic purposes only.
Post Reply
JIVXor
Posts: 134
Joined: Fri Sep 09, 2005 10:53 pm
Location: Cuba

SpamFiltering clons's realnames

Post by JIVXor » Wed Dec 21, 2005 6:03 am

First of all, we have been posting this countless times, we are finding a formula to get ride of the clones in our net. I know proxies are to be abused... but the abuse must be stoped somehow. The cloner use a mIRC addon, clonesX. Spamfilters in nicks or idents wont stop them...they use normal nicks and idents... so its hard for us *line them, without affecting innocent users, and they make nicks and idents lists, of real users as well, the realname is our benefit, and we need ideas for banning them by this means... we tried the antirandom module by syzop, the results were good until they used normal names... clonesX behind a proxy, its COMPLETELY abusive, they can make things really annoying.. with this post, Im asking for help from those who can do it.. we need ideas, look a way to prevent if not in a 100%, to make more secure our ircd..Im posting this offtopic, because though I need unreal support, may help me as well a remote raw code for mirc... this thread might be useful for someone in the future, this have been posted before, but, using normal nicks and idents, it's another thing..

Well, clonesx use realnames of 6 chars, then according to that, a spamfilter to put a kline in the ident of a user with a real name less or equal to that, could work, please correct me if anyone here have seen clonesx with a length of names greater than that.. I made an spamfilter to kline users matching clonesx, and I would like to know if Im wrong...

Code: Select all

 /spamfilter add u kill - clon <realnameREGEXhere> 
I dont need nicks, idents or host, only realnames... is that allright? I have not wanted to prove it 'cause I dont wanna cause any damage to my users. This will spamfilter all users with strlength(realname) = 6 (Yes, I must sacrifice users). Perhaps Syzop can do an ¨antirandom¨ for realnames. I will appreciate it.

Thanks in advance.
Last edited by JIVXor on Wed Dec 28, 2005 6:48 am, edited 2 times in total.

JIVXor
Posts: 134
Joined: Fri Sep 09, 2005 10:53 pm
Location: Cuba

Post by JIVXor » Wed Dec 21, 2005 6:22 am

good, it seems that it works, I finish it proving.



[02:21] server ! [Spamfilter] robertico!rockers@huracan.red.sld.cu matches filter '': [user: 'robertico!rockers@huracan.red.sld.cu:dlfohj'] [clon]
-
[02:22] server ! [Spamfilter] aldito!ruper@huracan.red.sld.cu matches filter '': [user: 'aldito!ruper@huracan.red.sld.cu:pyvtra'] [clon]



well, just a little doubt


[02:26] server ! UnDeRTaKeR changed the GECOS of DGrAy-MaN (DGrAy-MaN@48DA5E98.96F1407E.A39C38B8.IP) to be qwdase


Now DGrAy-MaN stills on the server and the spamfilter was added, spamfilter does not kill the user when is online?
Last edited by JIVXor on Wed Dec 28, 2005 6:46 am, edited 1 time in total.

[UnDeRTaKeR]
Posts: 84
Joined: Mon Nov 21, 2005 6:15 am
Location: Cuba

Post by [UnDeRTaKeR] » Wed Dec 21, 2005 9:29 am

hi there
I would also like to know if there is a way when I specify in action, a *line
not to ban the *@host that matches the spamfilter, for example:
action kline;
and then tester!taste@host.net:roll matches the spamfilter,
kline taste@host.net, and not the *@host.net
we are behind a proxy, then if I specify a *line, and it makes it to
all idents, will ban all the users...
is that possible with the spamfilter?
thanks...

Jason
Posts: 570
Joined: Mon Jun 14, 2004 5:09 pm

Post by Jason » Wed Dec 21, 2005 10:47 pm

* does not match any length of any characters. Not in regex anyhow, which is what spamfilters use.

Try .*
Why the hell can't my signature be empty?
"Your message contains too few characters."

[UnDeRTaKeR]
Posts: 84
Joined: Mon Nov 21, 2005 6:15 am
Location: Cuba

Post by [UnDeRTaKeR] » Wed Dec 21, 2005 11:55 pm

thanks Jason I changed the regex to .*
but with only * worked fine, it kills ALL the clonesx users..
here in our net, its hard to do so, because they use normal usernames..
and not random ones..
the only contra is the connect messages and spamfilter match when kills them...they make flood, thats why I would like to know if can kline each
user@host that matches, and not the entire host..
and in case that they reconnect with clonesx, are already banned..
if I use throttle it will affect innocent users...its terrible having everyone
connecting by a common proxy..
well thanks in advance for any idea...

Jason
Posts: 570
Joined: Mon Jun 14, 2004 5:09 pm

Post by Jason » Thu Dec 22, 2005 9:03 pm

Bug! * alone should not work in spamfilter.
Why the hell can't my signature be empty?
"Your message contains too few characters."

Syzop
UnrealIRCd head coder
Posts: 1919
Joined: Sat Mar 06, 2004 8:57 pm
Location: .nl
Contact:

Post by Syzop » Thu Dec 22, 2005 9:22 pm

[UnDeRTaKeR] wrote:its terrible having everyone connecting by a common proxy..
well thanks in advance for any idea...
I understand the problem, but UnrealIRCd - and pretty much any other ircd - is not designed to have all users coming from 1 single host (and rightfully so, since it has several unresolvable problems).

[UnDeRTaKeR]
Posts: 84
Joined: Mon Nov 21, 2005 6:15 am
Location: Cuba

Post by [UnDeRTaKeR] » Fri Dec 23, 2005 1:29 am

Jason wrote:Bug! * alone should not work in spamfilter.
well, since it works just fine, why would that be a bug?
everyone understands * as anything...
right now im studying regex, for a better use in recent future...
but well, * worked fine :D
cya
Last edited by [UnDeRTaKeR] on Fri Dec 23, 2005 1:49 am, edited 1 time in total.

[UnDeRTaKeR]
Posts: 84
Joined: Mon Nov 21, 2005 6:15 am
Location: Cuba

Post by [UnDeRTaKeR] » Fri Dec 23, 2005 1:43 am

Syzop wrote: I understand the problem, but UnrealIRCd - and pretty much any other ircd - is not designed to have all users coming from 1 single host (and rightfully so, since it has several unresolvable problems).
Syzop, thanks for the attention,
yeah, I know that, and I dont even think in another ircd.
we'll continue using unreal, I know as it developes, perhaps modules
for our problem will be created...
Until now, after the spamfilter solution, all the clonesx attacks to the server
have been useless, the only problem, like I said before is the connect-disconnect
flood when matches the spamfilter, but since its effective I cant complain.
The clones attack right now are made by opening several scripts, mirc, etc,
and connecting them, but is a lot easier to deal with 10 clones, than make it
with 200 clones with different nicks, idents, gcos...
We will continue using spamfiltering, until they realize the realname thing :P
when that happens, then well think about something...
by this thread, if anyone deals with soft, addons that create clones, spam,
flood..and wipes out the problem right behind a proxy, post the idea will
be just fine...
thanks

Jason
Posts: 570
Joined: Mon Jun 14, 2004 5:09 pm

Post by Jason » Fri Dec 23, 2005 3:37 am

It is a bug because something works wrong, so its proper use does not work.

What will happen when I write "^d*!"?

dan gets killed, when ddd should.

I like dan!
Why the hell can't my signature be empty?
"Your message contains too few characters."

JIVXor
Posts: 134
Joined: Fri Sep 09, 2005 10:53 pm
Location: Cuba

Post by JIVXor » Fri Dec 23, 2005 6:56 am

That is well. We will have to consider that.

Thanks a lot.

Post Reply