CTCP Version replies and blocking bots
CTCP Version replies and blocking bots
I have a question. Recently our network has come under attack from bots which don't reply to a standard CTCP Version, is there any way I can block them with Unreal, or do you guys know any other solutions to blocking them?
-
- Former UnrealIRCd head coder
- Posts: 811
- Joined: Sat Mar 06, 2004 8:47 pm
- Location: United States
- Contact:
Heh. You're rather cryptic. You don't even know what the bot is called, how can we tell you how to detect it? :p there are hundreds of different bots that don't respond to a CTCP Version. Determining which one it is requires a bit more info. Does it join channels? Which ones? What nicknames does it use? What realname? Is ident enabled? What is the username? Does it respond to other CTCPs? Does it say anything? What happens when you send it a message? etc.
-- codemastr
Sorry, I don't know very much more about it than what I told you.codemastr wrote:Heh. You're rather cryptic.
I was hoping there was simply a way to detect, within the ircd, wether or not a client responds to CTCP Version, I can take it from there.codemastr wrote:You don't even know what the bot is called, how can we tell you how to detect it? :p there are hundreds of different bots that don't respond to a CTCP Version.
Yes. It appears to be ones specified by the controller. Random nicknames(as in fdjkslsfde). Same as the nickname. Yes. Same as the nickname. No. Only when the controller specifies something to say it appears. Nothing, it refuses to respond.codemastr wrote:Determining which one it is requires a bit more info. Does it join channels? Which ones? What nicknames does it use? What realname? Is ident enabled? What is the username? Does it respond to other CTCPs? Does it say anything? What happens when you send it a message? etc.
Does that help any?
-
- Former UnrealIRCd head coder
- Posts: 811
- Joined: Sat Mar 06, 2004 8:47 pm
- Location: United States
- Contact:
Banning based on no CTCP Version reply is usually a bad idea. People have a right to their privacy. As far as I know, mIRC is the only client that doesn't give you an option to turn off the CTCP Version. I have it shut off in my client. So that means, if I connect to your server, you're going to recognize me as a drone even though I'm not. Banning based on no version reply usually catches more actual users than drones.I was hoping there was simply a way to detect, within the ircd, wether or not a client responds to CTCP Version, I can take it from there.
-- codemastr
Sounds a lot like the IDENT argument.
-ChatSpike IRC Network [http://www.chatspike.net]
-Denora Stats [http://denora.nomadirc.net]
-Omerta [http://www.barafranca.com]
-Denora Stats [http://denora.nomadirc.net]
-Omerta [http://www.barafranca.com]
You can't shut off CTCP version, however you can disable all CTCP which will block version requests.codemastr wrote:Banning based on no CTCP Version reply is usually a bad idea. People have a right to their privacy. As far as I know, mIRC is the only client that doesn't give you an option to turn off the CTCP Version. I have it shut off in my client. So that means, if I connect to your server, you're going to recognize me as a drone even though I'm not. Banning based on no version reply usually catches more actual users than drones.I was hoping there was simply a way to detect, within the ircd, wether or not a client responds to CTCP Version, I can take it from there.
Code: Select all
/ignore -t *!*@*
Configuration - https://www.unrealircd.org/docs/Configuration
FAQ - https://www.unrealircd.org/docs/FAQ
FAQ - https://www.unrealircd.org/docs/FAQ
that last mIRC exploit rumor was related to one such dll ... I'll stick with /ignore -t *!*@*
IMO CTCP is 100% useless to begin with ..
IMO CTCP is 100% useless to begin with ..
Configuration - https://www.unrealircd.org/docs/Configuration
FAQ - https://www.unrealircd.org/docs/FAQ
FAQ - https://www.unrealircd.org/docs/FAQ
that's correct .. mIRC uses NOTICE for DCC and PRIVMSG for ACTION.
Configuration - https://www.unrealircd.org/docs/Configuration
FAQ - https://www.unrealircd.org/docs/FAQ
FAQ - https://www.unrealircd.org/docs/FAQ
Either way, the problem is resolved now. There wasn't any true way to block the bots - I talked with the attacker and he said he had everything customized and fully changeable on the fly. The best we could do(since we use Anope) was block all incoming connections and mass-kill based on some common denominator(all sitting in some channel, all not identified, all not in a channel, etc.). There wasn't any real way around this flood.