Ban Version before connect

These are old archives. They are kept for historic purposes only.
Angel
Posts: 7
Joined: Thu Jul 20, 2006 10:41 am

Ban Version before connect

Post by Angel » Thu Jul 20, 2006 10:56 am

Default is:

| 12:43:13 | * Connecting to irc.xxxxxxx.com (6667)
-
| 12:43:18 | -Irc.xxxxxxx.Com- *** Looking up your hostname...
-
| 12:43:18 | -Irc.xxxxxxx.Com- *** Checking ident...
-
| 12:43:19 | -Irc.xxxxxxx.Com- *** No ident response; username prefixed with ~
-
| 12:43:19 | -Irc.xxxxxxx.Com- *** Found your hostname
-
| 12:43:19 | -Irc.xxxxxxx.Com- *** If you are having problems connecting due to ping timeouts, please type /quote pong 4197EB91 or /raw pong 4197EB91 now.
-
| 12:43:19 | [IRC VERSION]

But, i would like the server to ask for version at the beginning like:

| 12:43:13 | * Connecting to irc.xxxxxxx.com (6667)
-
| 12:43:17 | [IRC VERSION]
-
| 12:43:18 | -Irc.xxxxxxx.Com- *** Looking up your hostname...
-
| 12:43:18 | -Irc.xxxxxxx.Com- *** Checking ident...
-
| 12:43:19 | -Irc.xxxxxxx.Com- *** No ident response; username prefixed with ~
-
| 12:43:19 | -Irc.xxxxxxx.Com- *** Found your hostname
-
| 12:43:19 | -Irc.xxxxxxx.Com- *** If you are having problems connecting due to ping timeouts, please type /quote pong 4197EB91 or /raw pong 4197EB91 now.

The point of this is that i added an ban version for some bots and the ban version catchs them but they joins first the channel.

| 12:48:26 | * Joins: nick (~ident@host) on #channel
| 12:48:30 | * Quits: nick (~ident@host) (User has been banned from xxxxxxx (Infected))

So what can i do to ask tham at the beginning for version and gline tham before they join a channel.

Thank you!!!

Jobe1986
Official supporter
Posts: 1178
Joined: Wed May 03, 2006 7:09 pm
Location: United Kingdom

Post by Jobe1986 » Thu Jul 20, 2006 12:43 pm

Its impossible to ask for the version before the connection is registered because there is no Nick for the version reply to come from at that stage so it would be a version reply with no sender which is incorrect.

If there are some details like nick, ident, host and names that fit a pattern you can set a spamfilter to ban them instead.

Angel
Posts: 7
Joined: Thu Jul 20, 2006 10:41 am

Post by Angel » Thu Jul 20, 2006 1:00 pm

Jobe1986 wrote:Its impossible to ask for the version before the connection is registered because there is no Nick for the version reply to come from at that stage so it would be a version reply with no sender which is incorrect.

If there are some details like nick, ident, host and names that fit a pattern you can set a spamfilter to ban them instead.
They are banned via ban version but they also joins first the channel.
Any way i have to leave it like it is.

Is it posible to make them wait for a few sec. like 10 sec. and the msg would be like:

12:43:13 | * Connecting to irc.xxxxxxx.com (6667)
-
| 12:43:18 | -Irc.xxxxxxx.Com- *** Looking up your hostname...
-
| 12:43:18 | -Irc.xxxxxxx.Com- *** Checking ident...
-
| 12:43:19 | -Irc.xxxxxxx.Com- *** No ident response; username prefixed with ~
-
| 12:43:19 | -Irc.xxxxxxx.Com- *** Found your hostname
-
| 12:43:19 | -Irc.xxxxxxx.Com- *** If you are having problems connecting due to ping timeouts, please type /quote pong 4197EB91 or /raw pong 4197EB91 now.
-
| 12:43:19 | [IRC VERSION]

| 12:43:19 | -Irc.xxxxxxx.Com- *** Checking version reply please wait...

I thing if this would be posible to let them wait for 10 sec. they wouldnt be able to join so fast a channel, and they would be banned before joining.

Thanks for reply Jobe1986

SpaceDoG
Posts: 301
Joined: Mon Feb 27, 2006 5:44 am
Contact:

Post by SpaceDoG » Thu Jul 20, 2006 1:29 pm

As stated in previous posts I'm not sure which ones exactly banning via version is virtually impossible. Any good scripter/coder can easily modify their clients version response to report back with what the server will accept.

Angel
Posts: 7
Joined: Thu Jul 20, 2006 10:41 am

Post by Angel » Thu Jul 20, 2006 1:47 pm

SpaceDoG wrote:As stated in previous posts I'm not sure which ones exactly banning via version is virtually impossible. Any good scripter/coder can easily modify their clients version response to report back with what the server will accept.
yes, thats right but i though at least to stop this bots that didnt change the version yet so that they don't join the channel cus they are very fast and users don't have any idea what is going on. (JAVA USERS)

it looks very ridiculous when they join and gets banned.

Every time i have to put +R so that at least they don't join the channel.

Any way thanks for your support guys :)

Jobe1986
Official supporter
Posts: 1178
Joined: Wed May 03, 2006 7:09 pm
Location: United Kingdom

Post by Jobe1986 » Thu Jul 20, 2006 1:47 pm

It does say in the documentation that ban version blocks will not work for clients who have disabled CTCP replies. So if the bot owner really wanted to he/she could get past a ban version block. Which is why i suggest a spamfilter because that doesnt rely on the client responding to a request.

Angel
Posts: 7
Joined: Thu Jul 20, 2006 10:41 am

Post by Angel » Thu Jul 20, 2006 2:16 pm

Jobe1986 wrote:It does say in the documentation that ban version blocks will not work for clients who have disabled CTCP replies. So if the bot owner really wanted to he/she could get past a ban version block. Which is why i suggest a spamfilter because that doesnt rely on the client responding to a request.
No, i thing you didnt understand me. When they connect to the server they will be banned using ban version block, but the point is they will be banned to late.

I saw this also at many other servers bot joins the channel bot gets glined.

It looks like this:

| 16:04:58 | * joins: nick1 (ident@host) on #channel
| 16:04:58 | * Quits: nick1 (~ident@host) (User has been banned from xxxxxxx (Infected))
| 16:05:09 | <javauser> talking...
| 16:05:11 | <javauser2> talking...
| 16:05:11 | <javauser3> talking...
| 16:05:15 | * joins: nick2 (ident@host) on #channel
| 16:05:15 | * Quits: nick2 (~ident@host) (User has been banned from xxxxxxx (Infected))
| 16:05:58 | <javauser4> talking...
| 16:06:00 | * joins: nick3 (ident@host) on #channel
| 16:06:01 | * Quits: nick3 (~ident@host) (User has been banned from xxxxxxx (Infected))

This is just a small example and it looks very ridiculous when they join and gets banned.

If there is nothing to do agains this is not a big problem they will get glined so or so. I just wanted to make it much better in some way. Thank you!

Jobe1986
Official supporter
Posts: 1178
Joined: Wed May 03, 2006 7:09 pm
Location: United Kingdom

Post by Jobe1986 » Thu Jul 20, 2006 2:37 pm

I do understand what you're saying. The problem is if the bots have CTCP replies disabled they wont even tell the server their version and will then be able to still get on.

Which is why i say to use spamfilters. Because it is a hell of a lot harder to avoid a spamfilter.

As far as i am aware there is NO way to force a user to send CTCP replies such as the version reply so it is easy to avoid a ban version block by disabling CTCP replies or modifying your version reply.

As for spamfilters, they wouldnt even give the user a chance to join a channel before enforcing their action.

SpaceDoG
Posts: 301
Joined: Mon Feb 27, 2006 5:44 am
Contact:

Post by SpaceDoG » Thu Jul 20, 2006 3:23 pm

Angel if you're having a problem with bots try to post a whois or whowas of the bots. If you can post a message from the bots that helps out too. You can also try to turn on anti-spoof (I think that's what it does) where your client has to send a response to the server before connecting. If I'm not mistaken most bots out there can't get past it. At least not the virus bots. But if you can post a whois or whowas of the bots it is possible to setup spamfilters that will keep them from connecting.

Angel
Posts: 7
Joined: Thu Jul 20, 2006 10:41 am

Post by Angel » Thu Jul 20, 2006 3:54 pm

Jobe1986 wrote:I do understand what you're saying. The problem is if the bots have CTCP replies disabled they wont even tell the server their version and will then be able to still get on.

Which is why i say to use spamfilters. Because it is a hell of a lot harder to avoid a spamfilter.

As far as i am aware there is NO way to force a user to send CTCP replies such as the version reply so it is easy to avoid a ban version block by disabling CTCP replies or modifying your version reply.

As for spamfilters, they wouldnt even give the user a chance to join a channel before enforcing their action.
They didnt disable CTCP REPLIES and they are using still the same version allways. They reply to the version request and they will be banned.

My problem is they will be banned to late or they are to fast and joins the channel.

With the bots of IRC Invader script i can stop them using ban version block before they join a channel, but with other bots is taking more time.

I thing thos bots have like super speed connection or what ever :P
Jobe1986 wrote:Angel if you're having a problem with bots try to post a whois or whowas of the bots. If you can post a message from the bots that helps out too. You can also try to turn on anti-spoof (I think that's what it does) where your client has to send a response to the server before connecting. If I'm not mistaken most bots out there can't get past it. At least not the virus bots. But if you can post a whois or whowas of the bots it is possible to setup spamfilters that will keep them from connecting.
I have now a new server and installed the ircd from the beginning so i don't have logs any more.

I just though before they start again doing that stuff to fix this problem also so that they cant join a channel.

Any way i see it is not posible to do that so lets forget about it and thank you all for trying to help me :)

SpaceDoG
Posts: 301
Joined: Mon Feb 27, 2006 5:44 am
Contact:

Post by SpaceDoG » Thu Jul 20, 2006 4:05 pm

Angel when you compile UnrealIRCd if you enable Anti-spoof it will help to get rid of the bots. Do you currently have anti-spoof enabled on your servers?

Angel
Posts: 7
Joined: Thu Jul 20, 2006 10:41 am

Post by Angel » Thu Jul 20, 2006 4:22 pm

Yup, i have enabled it :)

SpaceDoG
Posts: 301
Joined: Mon Feb 27, 2006 5:44 am
Contact:

Post by SpaceDoG » Thu Jul 20, 2006 6:00 pm

Do you have any of the bot info from client logs or anything?

Angel
Posts: 7
Joined: Thu Jul 20, 2006 10:41 am

Post by Angel » Sun Jul 23, 2006 11:10 am

SpaceDoG wrote:Do you have any of the bot info from client logs or anything?
Sorry for big delay. No i don't have any logs, sorry. Like i said, i reinstalled everything from the beginning cus i have new server now.

I just though to request to make this posible before they start again doing this things. But it seems not to be posible. thank you any way

White_Magic
Posts: 267
Joined: Tue Jan 18, 2005 3:24 pm
Location: Scotland - United Kingdom

Post by White_Magic » Mon Jul 31, 2006 2:13 pm

Angel, to ban their version reply using the spamfilter u must use this command.

YOU MUST COPY IT AS YOU SEE IT AND MUST USE MIRC

//spamfilter add n gzline 2d Infected_Bots ^ $+ $chr(1) $+ VERSION versionreplyhere

the ONLY thing you need to change from this command is
versionreplyhere
with the bots version reply,

so if they say " mIRC Sucks HaHa " for version reply, the command is this->

//spamfilter add n gzline 2d Infected_Bots ^ $+ $chr(1) $+ VERSION mIRC Sucks HaHa
i spend 4 hrs a day gaming and 14hrs on irc, for 5days a week, im not an addict :D

Post Reply