AntiRandom v1.0 (*NIX & win32)

These are old archives. They are kept for historic purposes only.
Syzop
UnrealIRCd head coder
Posts: 1957
Joined: Sat Mar 06, 2004 8:57 pm
Location: .nl
Contact:

Post by Syzop » Fri Jul 22, 2005 3:58 pm

yeah, those are not "random" enough.. or actually: it could be legit nicks/words, that's why it doesn't kill them.
Basically what antirandom checks is combination of letters that are (very) uncommon for english language (eg: qgn).
Something like 'scib', 'ufws' and 'kjax' could all be "legit" :p.
Another thing is that the "random part" of the nicks are too short to get a reasonable score I guess.
[I didn't feed them into antirandom to see what happens, but those things come to my mind -- perhaps there is room for improvement, but we are talking near-limits here]

So basically, that's a limitation of antirandom... I'm afraid it cannot do everything for you ;). Since there's a clear pattern, I guess you'll have to spamfilter w/target u ;p.

Stormdancing
Posts: 14
Joined: Mon Sep 27, 2004 3:29 pm

Post by Stormdancing » Fri Jul 22, 2005 5:22 pm

Thanks Sysop,
It's a great module and has helped me tremendously. I've been watching all the denys (and going blind), just to see the patterns and learn how this is working and what it will catch and not catch.

I appreciate all the things you and the other coders have done for me and other Unreal users all these years.

Thanks again,

Dana

mexx3k
Posts: 17
Joined: Sun Apr 10, 2005 8:54 pm
Location: Chaoz-IRC
Contact:

Post by mexx3k » Sun Sep 04, 2005 4:05 pm

Syzop wrote:Like I said, it already does *JUST THAT*.

Code: Select all

[22:28:41] -maintest.test.net- *** Notice -- [antirandom] denied access to user with score 30: aaaaaaaaaaaaaaaaaaaaaaaaaaaaaa!syzop@localhost:x x
okay, yesterday i had to help out another net ... they also use antirandom ... and i got the snotice from antirandom ...

on my net i don't get them ... although, show-failed-connects is active ...

go these notices just to the local opers (on the server blocking the user) or should they go to all opers on the net?

searching the sources didn't help me out ... my c(++)-knowledge is too bad for that ...


do i need a special oper-mode / snomask to see the notices?


sorry for annoyance ;)

Syzop
UnrealIRCd head coder
Posts: 1957
Joined: Sat Mar 06, 2004 8:57 pm
Location: .nl
Contact:

Post by Syzop » Sun Sep 04, 2005 5:04 pm

Those messages go to all locally connected opers (if show-failedconnects is enabled indeed), no snomask is needed.

Post Reply