I am a netadmin on an IRC Network that is currently being used by two botnets. We'd really like to get rid of these bots but currently have no way of doing so without spamming our opers.
Here's the deal. These bots connect to the network with either [elicomp]- or dUck-[ as their nick prefix. So far we have over 2000, yes that's two thousand glines, and they still keep coming.
They always join the same channel so we setup a trap chan using Anope services and that works, but it spams the opers with gline notices every couple of seconds, since the bots just keep joining.
Also we've tried the qline attempt, but that creates soooo much spam that unfortunately that's not an option.
These bots do not respond to CTCP Version and they have random idents and seem to come from an unmeasurable number of IP addresses (over 2000 at least).
What I need is a way to like gline a name i guess or somehow prevent anyone that has a nick containing dUck-[ or [elicomp]- from connecting to the network at all.
Network under attack by a botnet - need help
-
- Posts: 5
- Joined: Mon Mar 08, 2004 5:23 pm
Re: Network under attack by a botnet - need help
/mode <oper> +s -qThunderbird wrote:Also we've tried the qline attempt, but that creates soooo much spam that unfortunately that's not an option.
will shut up the qline snotice.
-
- Posts: 5
- Joined: Mon Mar 08, 2004 5:23 pm
-
- Former UnrealIRCd head coder
- Posts: 811
- Joined: Sat Mar 06, 2004 8:47 pm
- Location: United States
- Contact:
Looks like you want an sqline. Usually, services has a command to do this. Something like:What I need is a way to like gline a name i guess or somehow prevent anyone that has a nick containing dUck-[ or [elicomp]- from connecting to the network at all.
/msg operserv sqline add dUck-[*
Try doing /msg operserv sqline help
That should solve your problem.
-- codemastr