Module Request against Botnet attacks

These are old archives. They are kept for historic purposes only.
Post Reply
ankitvani
Posts: 12
Joined: Wed Jan 31, 2007 5:58 pm

Module Request against Botnet attacks

Post by ankitvani » Mon Mar 26, 2007 4:02 am

can someone create a module that gives a command that can g/k/z/line all clients that have connected after and before a specific nick.
eg.

connection from `a001
connection from `z002
connection from `0f03
connection from `00h4
connection from `0d05

so the command should be like /command `a001 `0d05
that is /command <nick to start with> <nick to stop with>

which will g/k/z/line the entire botnet if the correct nick of the first connection and the last connection from the botnet is given

Stealth
Head of Support
Posts: 2086
Joined: Tue Jun 15, 2004 8:50 pm
Location: Chino Hills, CA, US
Contact:

Post by Stealth » Mon Mar 26, 2007 5:34 am

Unreal already has something to help stop these.

Code: Select all

/spamfilter + u gzline 30d Botnet_drone ^`[0-9a-z]{4}!
This is quite broad, but can be made more narrow if you can paste some whois info from about 5 drones.

ankitvani
Posts: 12
Joined: Wed Jan 31, 2007 5:58 pm

Post by ankitvani » Mon Mar 26, 2007 8:26 am

doesnt help for totally random nicks and idents x.x

Stealth
Head of Support
Posts: 2086
Joined: Tue Jun 15, 2004 8:50 pm
Location: Chino Hills, CA, US
Contact:

Post by Stealth » Mon Mar 26, 2007 4:23 pm

Paste some whois samples! Also, such a command requested won't help against random nicks either :P

ankitvani
Posts: 12
Joined: Wed Jan 31, 2007 5:58 pm

Post by ankitvani » Wed Mar 28, 2007 2:26 am

like

hdkas8338ojhf!8klhshfk8@13.234.245.33
dsf7y4ek7yse7!sfkd77i4@123.123.123.123
jashfjkds774!jh89@1.2.23.43
tqwe1dd!dsfjhjk@123.21.12.23

or nicks like [WAVE]-1, [WAVE]-2 <-- i also need help with regex for these x.x

and well a lot of things modules provide are already there, modules just make it easier. such a module would make dealing with botnets a LOT easier o.o

JanisB
Posts: 128
Joined: Fri Apr 22, 2005 9:05 am
Location: LV
Contact:

Post by JanisB » Wed Mar 28, 2007 8:12 am

Are you sure that AntiRandom module will not catch their idents/nicks?

Post Reply