Delete me
Posted: Mon Jun 11, 2007 7:51 pm
jkj
http://www.vulnscan.org/UnrealIRCd/unre ... lnameblock
Might help with the ones using a user-agent string as their real name.
Page 1 of 1
Posted: Mon Jun 11, 2007 8:14 pm
Posted: Mon Jun 11, 2007 9:01 pm
jkj
Posted: Mon Jun 11, 2007 9:25 pm
Have you tried the antirandom module?
Posted: Mon Jun 11, 2007 10:05 pm
Sorry if it sounds rude pointing it out but the following is from his first post:Stealth wrote:Have you tried the antirandom module?
[09:20am] *** Notice -- [antirandom] denied access to user with score 23: cgvpgkuw![email protected]:oifsqyhv
Posted: Mon Jun 11, 2007 10:28 pm
jkj
Posted: Mon Jun 11, 2007 11:00 pm
Sorry about that... something you should consider doing is making a script to catch those antirandom doesn't have access to (don't know why it wouldn't have access to those... perhaps they are connecting to a server antirandom isn't loaded on?)Jobe1986 wrote:[09:20am] *** Notice -- [antirandom] denied access to user with score 23: cgvpgkuw![email protected]:oifsqyhv
EDIT: nvm about that. The message "[antirandom] denied access to user with score 23:" means antirandom has detected it, and the gline follows. That message is a little misleading (looks like an error)
To stop that message, change set::antirandom::show-failedconnects to no.
Posted: Tue Jun 12, 2007 12:47 pm
jkj
Posted: Tue Jun 12, 2007 2:27 pm
No, there are letter-letter-number-letter-number-number, its random, so regex´ with letter-number-letter-number... won´t workoutz wrote:I think I could use a regex that filters 1-letter 1-number 1-letter 1-number and so on - I'm just having trouble with the actual string.outz wrote:Thanks. That was definitely helpful.
Any idea how I would block these?
*** d1j0xm10o8p ([email protected]) has joined #Offtopic
*** v4q4ur6o0a ([email protected]) has joined #Offtopic
*** y3l1ki10w3e ([email protected]) has joined #Offtopic
*** o0m3km5b1s ([email protected]) has joined #Offtopic
*** g9g10ne5x3t ([email protected]) has joined #Offtopic
Do some CTCP on them
/ctcp <nick> version
/ctcp <nick> finger
If you´ve got some special version reply you can ban it at the config with the deny-version Block.
http://www.vulnscan.org/UnrealIRCd/unre ... rsionblock
and at the same special finger reply use the Spamfilter for CTCP reply.
and may these Bots are from 1 or 2 Providers, then you can ban the whole IP Ranges of these providers.
To find out what IP Ranges were used for Spam, flood etc you could use http://www.spamhaus.org/sbl/index.lasso, there u can find out them.
Posted: Tue Jun 12, 2007 5:16 pm
ghj
Posted: Tue Jun 12, 2007 6:00 pm
it can take a while to get an ctcp answer, because the attacker uses Proxys.
then you can only collect used IPs and GZLine them, and you should use some Proxyscanner like BOPM oder OPSB at the neostats.
then you can only collect used IPs and GZLine them, and you should use some Proxyscanner like BOPM oder OPSB at the neostats.
Posted: Tue Jun 12, 2007 6:03 pm
Try this regex on the spamfilter type user:
^[a-z]\d{1,2}[a-z]{2}\d{1,2}[a-z]\d{1,2}[a-z]|[a-z]{2}@
^[a-z]\d{1,2}[a-z]{2}\d{1,2}[a-z]\d{1,2}[a-z]|[a-z]{2}@