UnrealIRCd Forums

My Server İrc Trojan Attack Please Help me

is Trojan attack no proxy connect

trojan attack modules?

I'm not sure what you're trying to tell me, but if you're using RC2fix, you might want to try the spamfilters. I recall seeing something like that in there this morning.

If it's a proxy scanner that you're looking for, try BOPM. I don't know if any UnrealIRCd modules are around for proxy scanning, but I'm sure that they're out there somewhere...

i don't think you can do much to an attack even if you have a proxy scanner like bopm, if the attacker uses proxy servers that aren't listed in your proxy scanner he can get trough. it's just a mass connect .. what you can do is putting +f modes on your channels.

Try installing BOPM.
And take a peek at the spamfilter section.
Cos if you are having atacks the spamfilter can kill/gline/shun ectect the user that is spaming your channel/user's.
A nice and very efective way off a secure network.

myserver 3 proxy scanner program running

BOPM
Proxymonitor
an turkish Software LantarSunucukorumasi.

My Server Version Unreal3.2-19 beta

I have no clue what that turkish Software LantarSunucukorumasi dos
Never heard of it tho but if it scannes users and ban them from the network if a proxy if found it kinda raises my interest.
Pls explain what is dos, perhaps this is the trojan what you are looking ?

i looked at that Lantar thing...

if you want to look it is at

http://proxykorumasi.lantar.net/download.php

well as Lantar's information, BABA must solve this kind of spam attacks like
irc, irc(bold), irc(colored), i r c etc.

Let me explain you situation in Turkey.

Generally the program spreads from a web site. Every unexperinced user that gets into that site gets an exe. Then a program starts to work and making spam that will pass the server's spamfilter or badwords... generally all colored, all underlined address or with brackets and sometimes all of them. No one can enter site by clicking on it but by this way people learn the address. (New victims) And we are really thinking that they can rule the program from outsite. (by luck one of the address was at one of our servers...we removed them from server and in a few days new address from another server starts to spam. Then we dedicited they they can change the spam text in all the infected computers)

When you akilled, glined etc. then the users starts to mail "Why i am banned?" because he/she is unexperienced and he/she cant understand if there is a trojan/program works as a spam center.

This is a long story we are nearly at war with these spammers. We do smth they do smth. We solve the spam for 2 days, 2 days later they do smth and again we made smth to stop them.... So i must stop writing it...

(uppss long post sorry)

We are also getting them on irc.bondage.com as well. Our team has reversed the trojan and discovered their hiding place on an irc server located in Turkey. (Unfortuantely, they are running Unreal)

The spambot itself is a copy of mirc which runs a script that logs them in to the turkish server normally, but also spawns off a script-based irc client which attacks the target network.

The adwords module will fix the spamming if the match text is correct (they try to mask the typical www and http with embedded mirc color codes - go for the straight text in the match, i.e. "Free Porn")

The bots generally join the highest populated channel and spams people in PM when users join or part the channel.

http://ircdefender.sourceforge.net/

Don't know if this can help... I dont run it myself (yet) but it seems to work. I frequent [Brain]'s IRC network, which runs this (+1500 users) ----

I havent recieved any spam on there. Ever.

Laterz, hope this helps.

i thing the neostats will soult all of you problams... almost
and adwords...
NeoStats you can download on:
http://www.neostats.net/index.php?id=12 (download: OPSB[proxy scanner], SecureServ[trojans scanner], and avcorse NeoStats...

and the adwords module...:
http://www.angrywolf.org/adwords.tar.gz