Page 1 of 1

Need help Creating A Spamfilter

Posted: Fri Apr 22, 2011 4:44 am
by DragonRyder
With color codes in it:
[7:26pm] 14(10Notice Sent14) 12From15:10 walk53588 12On15:10 XeroMem 12Msg15:03 #@%#@%#$%#$^#$^#$%##$$@#@%#@%#$%#$^#$^#$%##$$@#@%#@%#$%#$^#$^#$%##$$@#@%#@%#$%#$^#$^#$%##$$@#@%#@%#$%#$^#$^#$%##$$@#@%#@%#$%#$^#$^#$%##$$@#@%#@%#$%#$^#$^#$%##$$@#@%#@%#$%#$^#$^#$%##$$@#@%#@%#$%#$^#$^#$%##$$@#@%#@%#$%#$^#$^#$
[7:26pm] 14(10Notice Sent14) 12From15:10 ddos16980 12On15:10 XeroMem 12Msg15:03 #@%#@%#$%#$^#$^#$%##$$@#@%#@%#$%#$^#$^#$%##$$@#@%#@%#$%#$^#$^#$%##$$@#@%#@%#$%#$^#$^#$%##$$@#@%#@%#$%#$^#$^#$%##$$@#@%#@%#$%#$^#$^#$%##$$@#@%#@%#$%#$^#$^#$%##$$@#@%#@%#$%#$^#$^#$%##$$@#@%#@%#$%#$^#$^#$%##$$@#@%#@%#$%#$^#$^#$
Without color codes in it:
[7:26pm] (Notice Sent) From: ddos16980 On: XeroMem Msg: #@%#@%#$%#$^#$^#$%##$$@#@%#@%#$%#$^#$^#$%##$$@#@%#@%#$%#$^#$^#$%##$$@#@%#@%#$%#$^#$^#$%##$$@#@%#@%#$%#$^#$^#$%##$$@#@%#@%#$%#$^#$^#$%##$$@#@%#@%#$%#$^#$^#$%##$$@#@%#@%#$%#$^#$^#$%##$$@#@%#@%#$%#$^#$^#$%##$$@#@%#@%#$%#$^#$^#$
[7:26pm] (Notice Sent) From: death35159 On: XeroMem Msg: #@%#@%#$%#$^#$^#$%##$$@#@%#@%#$%#$^#$^#$%##$$@#@%#@%#$%#$^#$^#$%##$$@#@%#@%#$%#$^#$^#$%##$$@#@%#@%#$%#$^#$^#$%##$$@#@%#@%#$%#$^#$^#$%##$$@#@%#@%#$%#$^#$^#$%##$$@#@%#@%#$%#$^#$^#$%##$$@#@%#@%#$%#$^#$^#$%##$$@#@%#@%#$%#$
my network got spammed by someone who had a hissy fit for me having a channel come to my network. he has an issue with the user - but is taking it out on everyone.
how do you create a spamfilter for this kind of junk? and they sent it in both notice format and query and channel.

Re: Need help Creating A Spamfilter

Posted: Fri Apr 22, 2011 11:59 am
by Jobe1986
In this case, based entirely on what youve pasted (not given us much to go on) you might be better off with a spamfilter of type u with regex "^(walk|ddos|death)\d{5}!" which matches any nick starting with death, walk or ddos and ends with 5 numeric digits.

Re: Need help Creating A Spamfilter

Posted: Fri Apr 22, 2011 2:26 pm
by DragonRyder
1: walk53588 and ddos16980 are botnet bots (of the DDoS variety)
2: my networks name is XeroMem
3: all those characters are the spam we get from them:
#@%#@%#$%#$^#$^#$%##$$@#@%#@%#$%#$^#$^#$%##$$@#@%#@%#$%#$^#$^#$%##$$@#@%#@%#$%#$^#$^#$%##$$@#@%#@%#$%#$^#$^#$%##$$@#@%#@%#$%#$^#$^#$%##$$@#@%#@%#$%#$^#$^#$%##$$@#@%#@%#$%#$^#$^#$%##$$@#@%#@%#$%#$^#$^#$%##$$@#@%#@%#$%#$^#$^#$
how are we being spammed?
/msg Ryu spamspamspamspamspamspam
/notice Ryu spamspamspamspamspam

4: the nicks are random - have no way to tell what the nicks are going to be. our network has an open-access policy so some users have bots with numbers at the end, so we can not just ban those because of the spam form the DDoS capable bots that are attacking us with spam.
5: if there is other information you need, could you be so kind as to inform me what information you are needing so i can provide said information to you?

Re: Need help Creating A Spamfilter

Posted: Fri Apr 22, 2011 4:32 pm
by katsklaw
How many of your legit users bots start with walk, ddos or death and end with 5 digits? Think about it ..

Re: Need help Creating A Spamfilter

Posted: Sun Apr 24, 2011 3:33 pm
by DragonRyder
that part is true katsklaw, thing is thats not the only bots that come here doing the spam thing. but using the information given we was able to come up witht heproper regex to handle the spam. I thank all of you for your assistance.

Re: Need help Creating A Spamfilter

Posted: Sun Apr 24, 2011 5:58 pm
by Stealth
Also, please make sure you're running a BOPM using good DNSBLs so you catch most malicious clients before they even begin to cause problems. If you're not running a BOPM, please read my instructions to get yourself set up without too much effort: http://unreal.x-tab.org/faq#InstallBOPM