Regex for botnet

These are old archives. They are kept for historic purposes only.
Post Reply
Mikktex
Posts: 5
Joined: Tue Dec 30, 2008 3:04 pm

Regex for botnet

Post by Mikktex » Tue Dec 30, 2008 6:34 pm

Hello,

Kinda of a beginner with regex so i would like some help on this.
Got around 1000 bots bouncing in and out on my network.

Ex:

[USA|00|XP|P|25874]
BGR|00|XP|SP3|2745
GBR|00|UN|SP1|2320
[FRA|00|XP|MP|1879]
[ITA|02|XP|P|25113]
[USA|01|VIS|P|54031]
[SAU|00|XP|P|56781]
[ITA|00|XP|P|97075]
[USA|00|XP||822760]
USA|00|XP|SP3|8635

And so on.

Needs something that kills and keeps them out.

Thankfull for anykind of help.

[dx]
Posts: 107
Joined: Sat Jun 16, 2007 1:03 am

Re: Regex for botnet

Post by [dx] » Tue Dec 30, 2008 11:27 pm

^\[[A-Z]{3}\|\d{2}\|[A-Z]{2,3}\|[A-Z]{1,2}\d\|\d{4,5}!
^[A-Z]{3}\|\d{2}\|[A-Z]{2,3}\|[A-Z]{2,3}\|\d{5,6}!

Give a try these two :D

Mikktex
Posts: 5
Joined: Tue Dec 30, 2008 3:04 pm

Re: Regex for botnet

Post by Mikktex » Thu Jan 01, 2009 5:12 pm

Well that did nothing.. Maby i missed something.

/spamfilter add u gline 3d BOTS ^\[[A-Z]{3}\|\d{2}\|[A-Z]{2,3}\|[A-Z]{1,2}\d\|\d{4,5}!

Skizzerz
Posts: 16
Joined: Thu Dec 25, 2008 1:39 am

Re: Regex for botnet

Post by Skizzerz » Thu Jan 01, 2009 7:01 pm

Try switching the ! at the end with $ (dollar sign). $ denotes the end of a line, ! is just a normal character in terms of regular expressions.

Mikktex
Posts: 5
Joined: Tue Dec 30, 2008 3:04 pm

Re: Regex for botnet

Post by Mikktex » Thu Jan 01, 2009 7:34 pm

Same thing with the $ nothing happens. :cry:

Mikktex
Posts: 5
Joined: Tue Dec 30, 2008 3:04 pm

Re: Regex for botnet

Post by Mikktex » Thu Jan 01, 2009 11:15 pm

I've done some progress.

Got: [A-Z]{3}\|\d{2}\|[A-Z]{2,3}\|[A-Z]{1,2}\d\|\d{4,5}! To work. So half of the bots are gone. but the otherone i cant really tell why it isnt working.

Its exact the samething but with \[[A-Z]{3}\|\d{2}\|[A-Z]{2,3}\|[A-Z]{1,2}\d\|\d{4,5}\]! so that should kill the bots.
Am i doing something horribly wrong here ?

Mikktex
Posts: 5
Joined: Tue Dec 30, 2008 3:04 pm

Re: Regex for botnet

Post by Mikktex » Thu Jan 01, 2009 11:23 pm

Well got it to work now :lol:

Rebooted the server and somehow it worked.

Well thnx for all the help :wink:

[dx]
Posts: 107
Joined: Sat Jun 16, 2007 1:03 am

Re: Regex for botnet

Post by [dx] » Fri Jan 02, 2009 2:34 pm

Yeah.. Chears ;)

Post Reply