Module Request against Botnet attacks

ankitvani · Post by **ankitvani** » Mon Mar 26, 2007 4:02 am

can someone create a module that gives a command that can g/k/z/line all clients that have connected after and before a specific nick.
eg.

connection from `a001
connection from `z002
connection from `0f03
connection from `00h4
connection from `0d05

so the command should be like /command `a001 `0d05
that is /command <nick to start with> <nick to stop with>

which will g/k/z/line the entire botnet if the correct nick of the first connection and the last connection from the botnet is given

Stealth · Post by **Stealth** » Mon Mar 26, 2007 5:34 am

Unreal already has something to help stop these.

Code: Select all

/spamfilter + u gzline 30d Botnet_drone ^`[0-9a-z]{4}!

This is quite broad, but can be made more narrow if you can paste some whois info from about 5 drones.

ankitvani · Post by **ankitvani** » Mon Mar 26, 2007 8:26 am

doesnt help for totally random nicks and idents x.x

Stealth · Post by **Stealth** » Mon Mar 26, 2007 4:23 pm

Paste some whois samples! Also, such a command requested won't help against random nicks either

ankitvani · Post by **ankitvani** » Wed Mar 28, 2007 2:26 am

like

[email protected]
[email protected]
[email protected]
[email protected]

or nicks like [WAVE]-1, [WAVE]-2 <-- i also need help with regex for these x.x

and well a lot of things modules provide are already there, modules just make it easier. such a module would make dealing with botnets a LOT easier o.o

JanisB · Post by **JanisB** » Wed Mar 28, 2007 8:12 am

Are you sure that AntiRandom module will not catch their idents/nicks?