Need help Creating A Spamfilter

These are old archives. They are kept for historic purposes only.
Post Reply
DragonRyder
Posts: 51
Joined: Tue Feb 21, 2006 5:02 am
Location: USA, OH
Contact:

Need help Creating A Spamfilter

Post by DragonRyder » Fri Apr 22, 2011 4:44 am

With color codes in it:
[7:26pm] 14(10Notice Sent14) 12From15:10 walk53588 12On15:10 XeroMem 12Msg15:03 #@%#@%#$%#$^#$^#$%##$$@#@%#@%#$%#$^#$^#$%##$$@#@%#@%#$%#$^#$^#$%##$$@#@%#@%#$%#$^#$^#$%##$$@#@%#@%#$%#$^#$^#$%##$$@#@%#@%#$%#$^#$^#$%##$$@#@%#@%#$%#$^#$^#$%##$$@#@%#@%#$%#$^#$^#$%##$$@#@%#@%#$%#$^#$^#$%##$$@#@%#@%#$%#$^#$^#$
[7:26pm] 14(10Notice Sent14) 12From15:10 ddos16980 12On15:10 XeroMem 12Msg15:03 #@%#@%#$%#$^#$^#$%##$$@#@%#@%#$%#$^#$^#$%##$$@#@%#@%#$%#$^#$^#$%##$$@#@%#@%#$%#$^#$^#$%##$$@#@%#@%#$%#$^#$^#$%##$$@#@%#@%#$%#$^#$^#$%##$$@#@%#@%#$%#$^#$^#$%##$$@#@%#@%#$%#$^#$^#$%##$$@#@%#@%#$%#$^#$^#$%##$$@#@%#@%#$%#$^#$^#$
Without color codes in it:
[7:26pm] (Notice Sent) From: ddos16980 On: XeroMem Msg: #@%#@%#$%#$^#$^#$%##$$@#@%#@%#$%#$^#$^#$%##$$@#@%#@%#$%#$^#$^#$%##$$@#@%#@%#$%#$^#$^#$%##$$@#@%#@%#$%#$^#$^#$%##$$@#@%#@%#$%#$^#$^#$%##$$@#@%#@%#$%#$^#$^#$%##$$@#@%#@%#$%#$^#$^#$%##$$@#@%#@%#$%#$^#$^#$%##$$@#@%#@%#$%#$^#$^#$
[7:26pm] (Notice Sent) From: death35159 On: XeroMem Msg: #@%#@%#$%#$^#$^#$%##$$@#@%#@%#$%#$^#$^#$%##$$@#@%#@%#$%#$^#$^#$%##$$@#@%#@%#$%#$^#$^#$%##$$@#@%#@%#$%#$^#$^#$%##$$@#@%#@%#$%#$^#$^#$%##$$@#@%#@%#$%#$^#$^#$%##$$@#@%#@%#$%#$^#$^#$%##$$@#@%#@%#$%#$^#$^#$%##$$@#@%#@%#$%#$
my network got spammed by someone who had a hissy fit for me having a channel come to my network. he has an issue with the user - but is taking it out on everyone.
how do you create a spamfilter for this kind of junk? and they sent it in both notice format and query and channel.

Jobe1986
Official supporter
Posts: 1177
Joined: Wed May 03, 2006 7:09 pm
Location: United Kingdom

Re: Need help Creating A Spamfilter

Post by Jobe1986 » Fri Apr 22, 2011 11:59 am

In this case, based entirely on what youve pasted (not given us much to go on) you might be better off with a spamfilter of type u with regex "^(walk|ddos|death)\d{5}!" which matches any nick starting with death, walk or ddos and ends with 5 numeric digits.

DragonRyder
Posts: 51
Joined: Tue Feb 21, 2006 5:02 am
Location: USA, OH
Contact:

Re: Need help Creating A Spamfilter

Post by DragonRyder » Fri Apr 22, 2011 2:26 pm

1: walk53588 and ddos16980 are botnet bots (of the DDoS variety)
2: my networks name is XeroMem
3: all those characters are the spam we get from them:
#@%#@%#$%#$^#$^#$%##$$@#@%#@%#$%#$^#$^#$%##$$@#@%#@%#$%#$^#$^#$%##$$@#@%#@%#$%#$^#$^#$%##$$@#@%#@%#$%#$^#$^#$%##$$@#@%#@%#$%#$^#$^#$%##$$@#@%#@%#$%#$^#$^#$%##$$@#@%#@%#$%#$^#$^#$%##$$@#@%#@%#$%#$^#$^#$%##$$@#@%#@%#$%#$^#$^#$
how are we being spammed?
/msg Ryu spamspamspamspamspamspam
/notice Ryu spamspamspamspamspam

4: the nicks are random - have no way to tell what the nicks are going to be. our network has an open-access policy so some users have bots with numbers at the end, so we can not just ban those because of the spam form the DDoS capable bots that are attacking us with spam.
5: if there is other information you need, could you be so kind as to inform me what information you are needing so i can provide said information to you?

katsklaw
Official supporter
Posts: 1114
Joined: Sun Apr 18, 2004 5:06 pm

Re: Need help Creating A Spamfilter

Post by katsklaw » Fri Apr 22, 2011 4:32 pm

How many of your legit users bots start with walk, ddos or death and end with 5 digits? Think about it ..

DragonRyder
Posts: 51
Joined: Tue Feb 21, 2006 5:02 am
Location: USA, OH
Contact:

Re: Need help Creating A Spamfilter

Post by DragonRyder » Sun Apr 24, 2011 3:33 pm

that part is true katsklaw, thing is thats not the only bots that come here doing the spam thing. but using the information given we was able to come up witht heproper regex to handle the spam. I thank all of you for your assistance.

Stealth
Head of Support
Posts: 2086
Joined: Tue Jun 15, 2004 8:50 pm
Location: Chino Hills, CA, US
Contact:

Re: Need help Creating A Spamfilter

Post by Stealth » Sun Apr 24, 2011 5:58 pm

Also, please make sure you're running a BOPM using good DNSBLs so you catch most malicious clients before they even begin to cause problems. If you're not running a BOPM, please read my instructions to get yourself set up without too much effort: http://unreal.x-tab.org/faq#InstallBOPM

Post Reply