Page 1 of 3
Spamfilter for clones
Posted: Mon Nov 05, 2007 10:12 pm
by DeviL69
i need spamfilter for those kind of bots
* nB7tFmCeLhT H? ~
[email protected] :1 8
* oU2nXdUaXkI Hr? ~
[email protected] :0 6
* rU6bUgAxSqG Hr? ~
[email protected] :0 2
* aZ8xLqWzWcO Hr? ~
[email protected] :0 8
* gN3eRgHlVbB Hr? ~
[email protected] :0 2
* nD9hBcJwAjB Hr? ~
[email protected] :0 5
* qN7eTqRgDpB Hr? ~
[email protected] :0 2
* fB8qUnBaGdM Hr? ~
[email protected] :0 8
* mG3iYhIgEuY Hr? ~
[email protected] :0 4
* sW5nMsExAiS Hr? ~
[email protected] :0 2
* iQ4xAxYxIkI H? ~
[email protected] :0 5
* pC6bXsExUxV H? ~
[email protected] :0 9
at the nick there are 2 letters number than 8 letters again and all realnames are with 1 number
thanks
Re: Spamfilter for clones
Posted: Mon Nov 05, 2007 10:32 pm
by Stealth
The regex you will want to use is:
Code: Select all
(?i)[a-z][A-z]\d([a-z][A-Z])+!~?[a-z][A-z]\d([a-z][A-Z])+@[^:]+:\d$
Re: Spamfilter for clones
Posted: Mon Nov 05, 2007 11:58 pm
by DeviL69
thank you Stealth
Spamfilter for clones
Posted: Thu Nov 29, 2007 3:36 pm
by DeviL69
* ISRHLCKQKNteluiivd H?
[email protected] :1 xdwzxpkg
* RVQBYSRYDIthtwgbxb H?
[email protected] :1 xbnrnsvt
* FFUDLEAWJNricppgfx H?
[email protected] :1 xkmzkyps
what about those clones?
(sorry if im askin 2 much)
Re: Spamfilter for clones
Posted: Thu Nov 29, 2007 6:08 pm
by Stealth
Code: Select all
(?i)[A-Z]{8}[a-z]{8}!~?[a-z]{9}@[^:]+:\d [a-z]{8}$
However, if the new ones are all coming from the same address, just manually take care of them... It's easier and takes less memory/CPU to do that when they can be taken care of manually.
Spamfilter for clones
Posted: Sat Dec 01, 2007 10:41 pm
by DeviL69
no, i grab that 3 clones but i had much more, and 2night
Gunit-besarZn (
[email protected]) :1 y
Gunit-besarSp (
[email protected]) :1 b
Gunit-besarHz (
[email protected]) :1 a
Gunit-besarIk (
[email protected]) :1 f
and all of them after join they changed their nicknames
Guest220132 (
[email protected]) has changed his/her nickname to Guest836271
Re: Spamfilter for clones
Posted: Sat Dec 01, 2007 11:18 pm
by Jason
/spamfilter + u gzline 1d Evil_Bots ^(?-i)Gunit-besar[A-Z][a-z]![A-Z][a-z]@
Spamfilter for clones
Posted: Tue Jan 15, 2008 8:53 pm
by DeviL69
PeKJGDq
[email protected] :1 CmLzUMMjFaBSOhYmFvJKDjdqDCDateSUWHOZTmhHiWEXPWLJrX
NAQiOHDHYjNy
[email protected] :1 FQofpwEfTfuyorXmafFlIUwokTsWQbJYKBVvLndkcRHKuQsZlE
agkDEqESTzP
[email protected] :1 JCddMCCaKCDbapnFQcvnpEcmCXOjOGhPmQhtndgzRkMzGbWmmS
qfYRddWvcRF
[email protected] :1 efpNIJTwjSHxuKWwpobTPdgYjpoLAmD
bigdave H?
[email protected] :1 davebig
Kiki H?
[email protected] :1 Kiki Kiki
Mustermann H?
[email protected] :1 Herr Mustermann
Bibo H?
[email protected] :1 Bibo b
or u better make a list of all spamfilters for clones that u have used till now so we wont ask every week
Re: Spamfilter for clones
Posted: Mon Jan 21, 2008 12:43 am
by chevyman2002
(Note this is for my own extensive testing purposes only); I grabbed some similar software to test clones and such, I was wondering what the regex would be to ban clones like these:
m4113 is
[email protected] * zvjjmx
m4113 is using modes +iwx
m4113 is connecting from *@192.168.1.100 192.168.1.100
m4113 on #services
m4113 using dev.SummitIRC.com Private Dev Server for SummitIRC
m4113 has been idle 28secs, signed on Sun Jan 20 18:31:38
m4113 End of /WHOIS list.
-
i6821 is
[email protected] * yqffip
i6821 is using modes +iwx
i6821 is connecting from *@192.168.1.100 192.168.1.100
i6821 on #services
i6821 using dev.SummitIRC.com Private Dev Server for SummitIRC
i6821 has been idle 27secs, signed on Sun Jan 20 18:31:41
i6821 End of /WHOIS list.
Typically a random char, 4 numbers, etc... though it's completely random.. may have 3 numbers, may have 4, etc... (same for chars) thanks for any input in advance!
Re: Spamfilter for clones
Posted: Mon Jan 21, 2008 5:33 am
by Stealth
It looks like those are ClonesX clones, a very common clone script used for flooding.
Simple spamfilter to stop them:
Code: Select all
^[a-z]d+!~?[a-z]d+@[^:]+:[A-Z]{6}$
This will catch most of them, but it may also catch some innocent users, so be careful with it.
Re: Spamfilter for clones
Posted: Tue Jan 22, 2008 1:49 am
by chevyman2002
Stealth wrote:It looks like those are ClonesX clones, a very common clone script used for flooding.
Simple spamfilter to stop them:
Code: Select all
^[a-z]d+!~?[a-z]d+@[^:]+:[A-Z]{6}$
This will catch most of them, but it may also catch some innocent users, so be careful with it.
Indeed it is ClonesX via aleatory methods.. Unfortunately, it's not caught any of them but it should help. Thanks!
Spamfilter for clones
Posted: Tue Jan 29, 2008 12:50 am
by DeviL69
* hereNl H?
[email protected] :1 t
* hereLk H?
[email protected] :1 t
* hereEb H?
[email protected] :1 l
* hereCc H?
[email protected] :1 y
* hereRk H?
[email protected] :1 x
* hereFu H?
[email protected] :1 b
* hereVr H?
[email protected] :1 q
* hereJn H?
[email protected] :1 s
* hereCq H?
[email protected] :1 w
Re: Spamfilter for clones
Posted: Tue Jan 29, 2008 12:59 am
by Stealth
Code: Select all
^(?-i)here[A-Z][a-z]![A-Z][a-z]@[^:]+:[a-z]$
Re: Spamfilter for clones
Posted: Sat Feb 02, 2008 1:10 am
by Jason
Stealth: You missed the numeral.
Code: Select all
^(?-i)here[A-Z][a-z]![A-Z][a-z]@[^:]+:1 [a-z]$
Re: Spamfilter for clones
Posted: Sat Feb 02, 2008 1:44 am
by Stealth
Jason wrote:Stealth: You missed the numeral.
Code: Select all
^(?-i)here[A-Z][a-z]![A-Z][a-z]@[^:]+:1 [a-z]$
The lines pasted are mangled WHO output, so that numeral is the server hops