Regex required please.

These are old archives. They are kept for historic purposes only.
Post Reply
hippytyre
Posts: 8
Joined: Wed Feb 13, 2008 7:54 pm

Regex required please.

Post by hippytyre » Sun May 04, 2008 3:39 pm

Hi

Could anyone provide me with a regex for my spamfilter please. As you can see AntiRandom is doing a pretty good job with them already but I think a spamfilter entry would be the best solution.

Code: Select all

[16:18:12] -fetish.datawhore.net- *** Notice -- [antirandom] denied access to user with score 12: XP|USA|000|647825!xSillyNubx@cuscon46396.tstt.net.tt:XP|USA|000|647825
[16:18:12] -fetish.datawhore.net- *** Notice -- [antirandom] denied access to user with score 19: n-886536!leovjdn@89.170.2.140:n-886536
[16:18:12] -fetish.datawhore.net- *** Notice -- [antirandom] denied access to user with score 18: n-937447!ikrbpc@80-235-69-168-dsl.trt.estpak.ee:n-937447
[16:18:12] -fetish.datawhore.net- *** Notice -- [antirandom] denied access to user with score 12: XP|USA|000|987509!xSillyNubx@cuscon46396.tstt.net.tt:XP|USA|000|987509

xSillyNubx isn't always the ident though, that seems to be random too now and then.


Thanks

mad_dog
Posts: 6
Joined: Mon Aug 30, 2004 4:13 pm
Location: usa

Re: Regex required please.

Post by mad_dog » Sat May 17, 2008 12:34 am

Hello
Im seeing these as well.
perhaps this will help more
(there are many of these)

nick: SVK[XP|SP1]00[L]236750
bwhzebip@nat-4.aminet.sk
name: SVK[XP|SP1]00[L]236750

nick: FRA[2K|SP4]00[D]050065
jaaili@41.214.134.163
name: FRA[2K|SP4]00[D]050065

Thanks for any assist

SLipKnOt
Posts: 42
Joined: Sat Apr 10, 2004 6:43 pm
Location: Bangladesh , dhaka
Contact:

Re: Regex required please.

Post by SLipKnOt » Wed May 21, 2008 5:05 am

As u are using antirandom u can change the action to gline that will work same as spamfilter. you can try these regex see if those works.

Code: Select all

XP|USA|000|647825 = /spamfilter add u gzline 10d Drone_Bot (?-i)^(.+)!xSillyNubx@[^:]+:(?-i)\1
n-937447 = /spamfilter add u gzline 10d Drone_Bot (?-i)^(n\-\d{6}).*![a-z]{6}@[^:]+:\1
SVK[XP|SP1]00[L]236750 = /spamfilter add u gzline 10d Drone_Bot ^([A-Z]{3}\[.+\|.+\]\d{2}\[.+\]\d{6})!.+@[^:]+:\1
./SLipKnOt --help

hippytyre
Posts: 8
Joined: Wed Feb 13, 2008 7:54 pm

Re: Regex required please.

Post by hippytyre » Wed May 21, 2008 8:36 am

Thanks very much, I'll try those out now. The bots have actually stopped joining my network and never actually ever got to join any channels but I'm sure they will be back.

JRBlood
Posts: 12
Joined: Sat Apr 12, 2008 8:20 pm
Location: Syracuse, NY USA
Contact:

Re: Regex required please.

Post by JRBlood » Fri May 30, 2008 6:03 am

Your bots look very similar to ones trying to join my network.

These filters have worked out great for me:

Code: Select all

/spamfilter add u gzline 90d |Evil_Bots_S| \|XPSP[0-9]\|
/spamfilter add u gzline 90d |Evil_Bots| \|[0-9][0-9]\|[0-9][0-9][0-9]\|
The first one catches anyone with |XPSP#|
The second one catches anyone with |##|###|

Example nicks caught by the first filter:
N02|192|USA|XPSP3|Valerie|QF
N00|192|USA|XPSP2|Lost

This one would get caught by either filter:
|00|192|USA|XPSP0|ALLENLISA|PL

The bots join #babu3, but that's all I know about them. Whois info shows the bots announcing themselves as bots (+B). They've been trying to connect since April 16th, and are still trying.
Image
RaveTrax.com - "Its not a state of mind, Its a way of life."
» Audio Streams - MP3 - 160k MP3 - 64k MP3 - 24k MP3
» Audio Streams - AAC+ - 64k aacPlus v2 - 24k aacPlus v2

Post Reply