SpamFiltering clons's realnames

[JIVXor]

First of all, we have been posting this countless times, we are finding a formula to get ride of the clones in our net. I know proxies are to be abused... but the abuse must be stoped somehow. The cloner use a mIRC addon, clonesX. Spamfilters in nicks or idents wont stop them...they use normal nicks and idents... so its hard for us *line them, without affecting innocent users, and they make nicks and idents lists, of real users as well, the realname is our benefit, and we need ideas for banning them by this means... we tried the antirandom module by syzop, the results were good until they used normal names... clonesX behind a proxy, its COMPLETELY abusive, they can make things really annoying.. with this post, Im asking for help from those who can do it.. we need ideas, look a way to prevent if not in a 100%, to make more secure our ircd..Im posting this offtopic, because though I need unreal support, may help me as well a remote raw code for mirc... this thread might be useful for someone in the future, this have been posted before, but, using normal nicks and idents, it's another thing..

Well, clonesx use realnames of 6 chars, then according to that, a spamfilter to put a kline in the ident of a user with a real name less or equal to that, could work, please correct me if anyone here have seen clonesx with a length of names greater than that.. I made an spamfilter to kline users matching clonesx, and I would like to know if Im wrong...

Code: Select all

 /spamfilter add u kill - clon <realnameREGEXhere> 

I dont need nicks, idents or host, only realnames... is that allright? I have not wanted to prove it 'cause I dont wanna cause any damage to my users. This will spamfilter all users with strlength(realname) = 6 (Yes, I must sacrifice users). Perhaps Syzop can do an ¨antirandom¨ for realnames. I will appreciate it.

Thanks in advance.

[JIVXor]

good, it seems that it works, I finish it proving.



[02:21] server ! [Spamfilter] robertico![email protected] matches filter '': [user: 'robertico![email protected]:dlfohj'] [clon]
-
[02:22] server ! [Spamfilter] aldito![email protected] matches filter '': [user: 'aldito![email protected]:pyvtra'] [clon]



well, just a little doubt


[02:26] server ! UnDeRTaKeR changed the GECOS of DGrAy-MaN ([email protected]) to be qwdase


Now DGrAy-MaN stills on the server and the spamfilter was added, spamfilter does not kill the user when is online?

[[UnDeRTaKeR]]

hi there
I would also like to know if there is a way when I specify in action, a *line
not to ban the *@host that matches the spamfilter, for example:
action kline;
and then tester![email protected]:roll matches the spamfilter,
kline [email protected], and not the *@host.net
we are behind a proxy, then if I specify a *line, and it makes it to
all idents, will ban all the users...
is that possible with the spamfilter?
thanks...

[Jason]

* does not match any length of any characters. Not in regex anyhow, which is what spamfilters use.

Try .*

[[UnDeRTaKeR]]

thanks Jason I changed the regex to .*
but with only * worked fine, it kills ALL the clonesx users..
here in our net, its hard to do so, because they use normal usernames..
and not random ones..
the only contra is the connect messages and spamfilter match when kills them...they make flood, thats why I would like to know if can kline each
user@host that matches, and not the entire host..
and in case that they reconnect with clonesx, are already banned..
if I use throttle it will affect innocent users...its terrible having everyone
connecting by a common proxy..
well thanks in advance for any idea...

[Jason]

Bug! * alone should not work in spamfilter.

[Syzop]

its terrible having everyone connecting by a common proxy..
well thanks in advance for any idea...

I understand the problem, but UnrealIRCd - and pretty much any other ircd - is not designed to have all users coming from 1 single host (and rightfully so, since it has several unresolvable problems).

[[UnDeRTaKeR]]

Bug! * alone should not work in spamfilter.

well, since it works just fine, why would that be a bug?
everyone understands * as anything...
right now im studying regex, for a better use in recent future...
but well, * worked fine
cya

[[UnDeRTaKeR]]

I understand the problem, but UnrealIRCd - and pretty much any other ircd - is not designed to have all users coming from 1 single host (and rightfully so, since it has several unresolvable problems).

Syzop, thanks for the attention,
yeah, I know that, and I dont even think in another ircd.
we'll continue using unreal, I know as it developes, perhaps modules
for our problem will be created...
Until now, after the spamfilter solution, all the clonesx attacks to the server
have been useless, the only problem, like I said before is the connect-disconnect
flood when matches the spamfilter, but since its effective I cant complain.
The clones attack right now are made by opening several scripts, mirc, etc,
and connecting them, but is a lot easier to deal with 10 clones, than make it
with 200 clones with different nicks, idents, gcos...
We will continue using spamfiltering, until they realize the realname thing
when that happens, then well think about something...
by this thread, if anyone deals with soft, addons that create clones, spam,
flood..and wipes out the problem right behind a proxy, post the idea will
be just fine...
thanks

[Jason]

It is a bug because something works wrong, so its proper use does not work.

What will happen when I write "^d*!"?

dan gets killed, when ddd should.

I like dan!

[JIVXor]

That is well. We will have to consider that.

Thanks a lot.