Trojan Attack help me Modules

These are old archives. They are kept for historic purposes only.
Post Reply
BABA
Posts: 29
Joined: Mon Mar 08, 2004 3:02 pm

Trojan Attack help me Modules

Post by BABA » Tue Mar 09, 2004 11:24 am

My Server İrc Trojan Attack Please Help me

is Trojan attack no proxy connect

trojan attack modules?

Ron2K

Post by Ron2K » Tue Mar 09, 2004 11:49 am

I'm not sure what you're trying to tell me, but if you're using RC2fix, you might want to try the spamfilters. I recall seeing something like that in there this morning.

If it's a proxy scanner that you're looking for, try BOPM. I don't know if any UnrealIRCd modules are around for proxy scanning, but I'm sure that they're out there somewhere...

Jay
Posts: 11
Joined: Sat Mar 06, 2004 2:10 am

Post by Jay » Tue Mar 09, 2004 12:25 pm

i don't think you can do much to an attack even if you have a proxy scanner like bopm, if the attacker uses proxy servers that aren't listed in your proxy scanner he can get trough. it's just a mass connect .. what you can do is putting +f modes on your channels.

eQuiliBrium
Posts: 40
Joined: Sat Mar 06, 2004 9:42 am
Location: Netherland (Amsterdam)
Contact:

Post by eQuiliBrium » Tue Mar 09, 2004 1:07 pm

Try installing BOPM.
And take a peek at the spamfilter section.
Cos if you are having atacks the spamfilter can kill/gline/shun ectect the user that is spaming your channel/user's.
A nice and very efective way off a secure network.
Let me think about it

BABA
Posts: 29
Joined: Mon Mar 08, 2004 3:02 pm

myserver attack

Post by BABA » Tue Mar 09, 2004 6:18 pm

myserver 3 proxy scanner program running

BOPM
Proxymonitor
an turkish Software LantarSunucukorumasi.

My Server Version Unreal3.2-19 beta

eQuiliBrium
Posts: 40
Joined: Sat Mar 06, 2004 9:42 am
Location: Netherland (Amsterdam)
Contact:

Post by eQuiliBrium » Tue Mar 09, 2004 6:52 pm

I have no clue what that turkish Software LantarSunucukorumasi dos
Never heard of it tho but if it scannes users and ban them from the network if a proxy if found it kinda raises my interest.
Pls explain what is dos, perhaps this is the trojan what you are looking ?
Let me think about it

LoVeRbOy
Posts: 11
Joined: Thu Mar 11, 2004 2:35 pm
Location: top of clouds

Post by LoVeRbOy » Mon Mar 15, 2004 7:38 pm

i looked at that Lantar thing...

if you want to look it is at

http://proxykorumasi.lantar.net/download.php

well as Lantar's information, BABA must solve this kind of spam attacks like
irc, irc(bold), irc(colored), i r c etc.

Let me explain you situation in Turkey.

Generally the program spreads from a web site. Every unexperinced user that gets into that site gets an exe. Then a program starts to work and making spam that will pass the server's spamfilter or badwords... generally all colored, all underlined address or with brackets and sometimes all of them. No one can enter site by clicking on it but by this way people learn the address. (New victims) And we are really thinking that they can rule the program from outsite. (by luck one of the address was at one of our servers...we removed them from server and in a few days new address from another server starts to spam. Then we dedicited they they can change the spam text in all the infected computers)

When you akilled, glined etc. then the users starts to mail "Why i am banned?" because he/she is unexperienced and he/she cant understand if there is a trojan/program works as a spam center.

This is a long story we are nearly at war with these spammers. We do smth they do smth. We solve the spam for 2 days, 2 days later they do smth and again we made smth to stop them.... So i must stop writing it...

(uppss long post sorry)

jmp

Post by jmp » Tue Mar 16, 2004 5:09 am

We are also getting them on irc.bondage.com as well. Our team has reversed the trojan and discovered their hiding place on an irc server located in Turkey. (Unfortuantely, they are running Unreal)

The spambot itself is a copy of mirc which runs a script that logs them in to the turkish server normally, but also spawns off a script-based irc client which attacks the target network.

The adwords module will fix the spamming if the match text is correct (they try to mask the typical www and http with embedded mirc color codes - go for the straight text in the match, i.e. "Free Porn")

The bots generally join the highest populated channel and spams people in PM when users join or part the channel.

w00t
Posts: 1136
Joined: Thu Mar 25, 2004 3:31 am
Location: Nowra, Australia

Post by w00t » Mon Mar 29, 2004 4:33 am

http://ircdefender.sourceforge.net/

Don't know if this can help... I dont run it myself (yet) but it seems to work. I frequent [Brain]'s IRC network, which runs this (+1500 users) ----

I havent recieved any spam on there. Ever. :lol:

Laterz, hope this helps.
-ChatSpike IRC Network [http://www.chatspike.net]
-Denora Stats [http://denora.nomadirc.net]
-Omerta [http://www.barafranca.com]

Snaffels
Posts: 25
Joined: Sun Apr 18, 2004 1:50 pm
Contact:

hmm...

Post by Snaffels » Wed Apr 21, 2004 9:43 am

i thing the neostats will soult all of you problams... almost
and adwords...
NeoStats you can download on:
http://www.neostats.net/index.php?id=12 (download: OPSB[proxy scanner], SecureServ[trojans scanner], and avcorse NeoStats...

and the adwords module...:
http://www.angrywolf.org/adwords.tar.gz

Post Reply