IRC Bot attacks and what to do against it

If you have trouble on your server with spam, drones/zombies/bots or proxies

Moderator: Supporters

Locked
HeXiLeD
Posts: 51
Joined: Mon Jan 16, 2017 8:07 pm
Location: online

IRC Bot attacks and what to do against it

Post by HeXiLeD »

If you have been around irc for a while, you have seen a bot attack of some sort.

I though about opening a topic here to discuss what do we do to prevent, deter, slowdown and or stop these attacks and what are your common practices for such.

Questions:

1: Is your network public/known listed on irc search engines ?

2: Do you allow insecure connections ie: non-ssl ?

3: How many connections per/ip (non-ssl & ssl) ?

4: Do you allow bots ? If yes which type and under what rules.

5: Do you run hidden services ? If so how to do you control potential bot attack ?

6: Do you allow proxies ? Yes? No ? Protective and or control measures ?

The Evolution of Malicious IRC Bots - Symantec
Constructive criticism leads to evolution and progress. Negative criticism leads to obsolescence. We are not in the 90's IRC world anymore.
CertFP: d985d21f89fe2977b593c4d381a1a86802e62990d9328d893db76d59f9935244
rcschaff
Posts: 53
Joined: Sun Jan 15, 2017 5:06 pm

Re: IRC Bot attacks and what to do against it

Post by rcschaff »

1: Is your network public/known listed on irc search engines ?
- Yes
2: Do you allow insecure connections ie: non-ssl ?
- Yes
3: How many connections per/ip (non-ssl & ssl) ?
- 3/ip with exceptions
4: Do you allow bots ? If yes which type and under what rules.
- Depends. We do have some bots, but restrict usage by version reply
5: Do you run hidden services ? If so how to do you control potential bot attack ?
- Nope. Just standard Anope
6: Do you allow proxies ? Yes? No ? Protective and or control measures ?
- Only secured proxies, that have been verified with our administration team.
floffy
Posts: 44
Joined: Tue May 05, 2015 9:55 pm

Re: IRC Bot attacks and what to do against it

Post by floffy »

HeXiLeD wrote: Fri Jun 02, 2017 4:18 pm If you have been around irc for a while, you have seen a bot attack of some sort.

I though about opening a topic here to discuss what do we do to prevent, deter, slowdown and or stop these attacks and what are your common practices for such.

Questions:

1: Is your network public/known listed on irc search engines ?

2: Do you allow insecure connections ie: non-ssl ?

3: How many connections per/ip (non-ssl & ssl) ?

4: Do you allow bots ? If yes which type and under what rules.

5: Do you run hidden services ? If so how to do you control potential bot attack ?

6: Do you allow proxies ? Yes? No ? Protective and or control measures ?

The Evolution of Malicious IRC Bots - Symantec
I use Unrealircd, Question :
1- Yes
2- Yes
3- 3
4- Yes
5- Yes, some security build in unreqal does the job , i see sometime and unreal take care , i never get ddos
6- No
daldal
Posts: 2
Joined: Mon Jul 17, 2017 10:06 am
Location: Soho, London

Re: IRC Bot attacks and what to do against it

Post by daldal »

What are the pros of using bots?
To want to, is to be able to.
rcschaff
Posts: 53
Joined: Sun Jan 15, 2017 5:06 pm

Re: IRC Bot attacks and what to do against it

Post by rcschaff »

daldal wrote: Mon Jul 17, 2017 10:23 am What are the pros of using bots?
There are no pro's to using bots. But people connect bots to networks. They are known as botnets. Some are used to DDoS servers. Some are use for File sharing. There's many "Uses" for them, most not legal. So the question is how to deal with them.
CrazyCat
Posts: 214
Joined: Thu Apr 28, 2005 1:05 pm
Location: France
Contact:

Re: IRC Bot attacks and what to do against it

Post by CrazyCat »

1: Is your network public/known listed on irc search engines ?
Yes

2: Do you allow insecure connections ie: non-ssl ?
Yes

3: How many connections per/ip (non-ssl & ssl) ?
3

4: Do you allow bots ? If yes which type and under what rules.
Yes. No real rules nor filtering of type, most are eggdrops

5: Do you run hidden services ? If so how to do you control potential bot attack ?
I just use Anope, with tne module dnsbl

6: Do you allow proxies ? Yes? No ? Protective and or control measures ?
No particular check, but dnsbl blocks insecure proxies.
And I add a global protection on my server to block ToR (using iptables) and some countries.
Capitaine
Posts: 27
Joined: Mon Apr 26, 2004 6:09 pm

Re: IRC Bot attacks and what to do against it

Post by Capitaine »

1: Is your network public/known listed on irc search engines ?
Yes

2: Do you allow insecure connections ie: non-ssl ?
Yes, as disabling clear connections would not help.

3: How many connections per/ip (non-ssl & ssl) ?
3

4: Do you allow bots ? If yes which type and under what rules.
Yes, if they are harmless. Bot owners have to ask ops / chan owners.
Game / trivia bot can be annoying on a chat channel.

5: Do you run hidden services ? If so how to do you control potential bot attack ?
Not hidden. A custom module provide a channel mode, and nick registration is on demand.
So people still connect freely to server, but for chans with that custom mode, they are asked +R.

6: Do you allow proxies ? Yes? No ? Protective and or control measures ?
Yes, if they are not insecure / BL. Protective measure is DNSBL.
No particular control measures.
Locked