Page 1 of 1

Regex required please.

Posted: Sun May 04, 2008 3:39 pm
by hippytyre
Hi

Could anyone provide me with a regex for my spamfilter please. As you can see AntiRandom is doing a pretty good job with them already but I think a spamfilter entry would be the best solution.

Code: Select all

[16:18:12] -fetish.datawhore.net- *** Notice -- [antirandom] denied access to user with score 12: XP|USA|000|647825!xSillyNubx@cuscon46396.tstt.net.tt:XP|USA|000|647825
[16:18:12] -fetish.datawhore.net- *** Notice -- [antirandom] denied access to user with score 19: n-886536!leovjdn@89.170.2.140:n-886536
[16:18:12] -fetish.datawhore.net- *** Notice -- [antirandom] denied access to user with score 18: n-937447!ikrbpc@80-235-69-168-dsl.trt.estpak.ee:n-937447
[16:18:12] -fetish.datawhore.net- *** Notice -- [antirandom] denied access to user with score 12: XP|USA|000|987509!xSillyNubx@cuscon46396.tstt.net.tt:XP|USA|000|987509

xSillyNubx isn't always the ident though, that seems to be random too now and then.


Thanks

Re: Regex required please.

Posted: Sat May 17, 2008 12:34 am
by mad_dog
Hello
Im seeing these as well.
perhaps this will help more
(there are many of these)

nick: SVK[XP|SP1]00[L]236750
bwhzebip@nat-4.aminet.sk
name: SVK[XP|SP1]00[L]236750

nick: FRA[2K|SP4]00[D]050065
jaaili@41.214.134.163
name: FRA[2K|SP4]00[D]050065

Thanks for any assist

Re: Regex required please.

Posted: Wed May 21, 2008 5:05 am
by SLipKnOt
As u are using antirandom u can change the action to gline that will work same as spamfilter. you can try these regex see if those works.

Code: Select all

XP|USA|000|647825 = /spamfilter add u gzline 10d Drone_Bot (?-i)^(.+)!xSillyNubx@[^:]+:(?-i)\1
n-937447 = /spamfilter add u gzline 10d Drone_Bot (?-i)^(n\-\d{6}).*![a-z]{6}@[^:]+:\1
SVK[XP|SP1]00[L]236750 = /spamfilter add u gzline 10d Drone_Bot ^([A-Z]{3}\[.+\|.+\]\d{2}\[.+\]\d{6})!.+@[^:]+:\1

Re: Regex required please.

Posted: Wed May 21, 2008 8:36 am
by hippytyre
Thanks very much, I'll try those out now. The bots have actually stopped joining my network and never actually ever got to join any channels but I'm sure they will be back.

Re: Regex required please.

Posted: Fri May 30, 2008 6:03 am
by JRBlood
Your bots look very similar to ones trying to join my network.

These filters have worked out great for me:

Code: Select all

/spamfilter add u gzline 90d |Evil_Bots_S| \|XPSP[0-9]\|
/spamfilter add u gzline 90d |Evil_Bots| \|[0-9][0-9]\|[0-9][0-9][0-9]\|
The first one catches anyone with |XPSP#|
The second one catches anyone with |##|###|

Example nicks caught by the first filter:
N02|192|USA|XPSP3|Valerie|QF
N00|192|USA|XPSP2|Lost

This one would get caught by either filter:
|00|192|USA|XPSP0|ALLENLISA|PL

The bots join #babu3, but that's all I know about them. Whois info shows the bots announcing themselves as bots (+B). They've been trying to connect since April 16th, and are still trying.