These are old archives. They are kept for historic purposes only.
i tried to use /spamfilter to get rid of a botnet (rxbots)
so i tried to use several filter-strings from the output the bots produce like
[SCAN]: Random Port Scan started on x.x.x.x:xxx with a delay of 2 seconds for 0 minutes using 100 threads.
i used the
[SCAN]: Random Port Scan started on
string to filter and akill them, but the spamfilter didnt do anything... i tried this with several other strings from the bots replys (also adding some * in the end and whatnot) but it just sat there and didnt do sh*t
so my last random guess is that it has some probs with the [ ]Â´s the sentence contains, but i dont know how to do this the right way and failing could end up in a mess..
so iÂ´d appreciate any help
thx in advance
- Posts: 1083
- Joined: Tue Mar 16, 2004 5:44 pm
- Location: Switzerland
You really should learn Regexp...
There are hundreds of tutorials out there...
Try something like
Code: Select all
^\[SCAN\]: Random Port Scan started on .*
thanks for your help and the quick reply...
i made 2 entrys, following your suggestion
F cpnN shun 0 1419 86400 Possible_Botnet_-_Not_Allowed_here Andrew!~Andrew@xxx.com
^\ [SCAN\ ]: Random Port Scan started on .*
F cpnN shun 0 1436 86400 Possible_Botnet_-_Not_Allowed_here Andrew!~Andrew@xxx.com
^\ [SCAN\ ]: Already .*
but it still doesnt work... also i tried to set other actions as kill, gline and so on.. i yet have to see some message in the snotice window (yes, i got the appropiate userflags set..)
for learning regexpÂ´s... i know i should do it, but right now i just dont have the time to do it, but i surely will when i got some spare time.
- Official supporter
- Posts: 862
- Joined: Tue Mar 09, 2004 10:47 pm
- Location: Boise, ID
Do NOT put a space between the \ and the [ or ].
thx, works like a charm now
keep it up =)