Page 1 of 1

IRC Bot attacks and what to do against it

Posted: Fri Jun 02, 2017 4:18 pm
by HeXiLeD
If you have been around irc for a while, you have seen a bot attack of some sort.

I though about opening a topic here to discuss what do we do to prevent, deter, slowdown and or stop these attacks and what are your common practices for such.

Questions:

1: Is your network public/known listed on irc search engines ?

2: Do you allow insecure connections ie: non-ssl ?

3: How many connections per/ip (non-ssl & ssl) ?

4: Do you allow bots ? If yes which type and under what rules.

5: Do you run hidden services ? If so how to do you control potential bot attack ?

6: Do you allow proxies ? Yes? No ? Protective and or control measures ?

The Evolution of Malicious IRC Bots - Symantec

Re: IRC Bot attacks and what to do against it

Posted: Tue Jun 06, 2017 3:49 am
by rcschaff
1: Is your network public/known listed on irc search engines ?
- Yes
2: Do you allow insecure connections ie: non-ssl ?
- Yes
3: How many connections per/ip (non-ssl & ssl) ?
- 3/ip with exceptions
4: Do you allow bots ? If yes which type and under what rules.
- Depends. We do have some bots, but restrict usage by version reply
5: Do you run hidden services ? If so how to do you control potential bot attack ?
- Nope. Just standard Anope
6: Do you allow proxies ? Yes? No ? Protective and or control measures ?
- Only secured proxies, that have been verified with our administration team.

Re: IRC Bot attacks and what to do against it

Posted: Mon Jun 12, 2017 1:23 pm
by floffy
HeXiLeD wrote: Fri Jun 02, 2017 4:18 pm If you have been around irc for a while, you have seen a bot attack of some sort.

I though about opening a topic here to discuss what do we do to prevent, deter, slowdown and or stop these attacks and what are your common practices for such.

Questions:

1: Is your network public/known listed on irc search engines ?

2: Do you allow insecure connections ie: non-ssl ?

3: How many connections per/ip (non-ssl & ssl) ?

4: Do you allow bots ? If yes which type and under what rules.

5: Do you run hidden services ? If so how to do you control potential bot attack ?

6: Do you allow proxies ? Yes? No ? Protective and or control measures ?

The Evolution of Malicious IRC Bots - Symantec
I use Unrealircd, Question :
1- Yes
2- Yes
3- 3
4- Yes
5- Yes, some security build in unreqal does the job , i see sometime and unreal take care , i never get ddos
6- No

Re: IRC Bot attacks and what to do against it

Posted: Mon Jul 17, 2017 10:23 am
by daldal
What are the pros of using bots?

Re: IRC Bot attacks and what to do against it

Posted: Tue Jul 18, 2017 3:43 pm
by rcschaff
daldal wrote: Mon Jul 17, 2017 10:23 am What are the pros of using bots?
There are no pro's to using bots. But people connect bots to networks. They are known as botnets. Some are used to DDoS servers. Some are use for File sharing. There's many "Uses" for them, most not legal. So the question is how to deal with them.

Re: IRC Bot attacks and what to do against it

Posted: Fri Aug 11, 2017 7:07 am
by CrazyCat
1: Is your network public/known listed on irc search engines ?
Yes

2: Do you allow insecure connections ie: non-ssl ?
Yes

3: How many connections per/ip (non-ssl & ssl) ?
3

4: Do you allow bots ? If yes which type and under what rules.
Yes. No real rules nor filtering of type, most are eggdrops

5: Do you run hidden services ? If so how to do you control potential bot attack ?
I just use Anope, with tne module dnsbl

6: Do you allow proxies ? Yes? No ? Protective and or control measures ?
No particular check, but dnsbl blocks insecure proxies.
And I add a global protection on my server to block ToR (using iptables) and some countries.

Re: IRC Bot attacks and what to do against it

Posted: Wed Feb 06, 2019 3:50 pm
by Capitaine
1: Is your network public/known listed on irc search engines ?
Yes

2: Do you allow insecure connections ie: non-ssl ?
Yes, as disabling clear connections would not help.

3: How many connections per/ip (non-ssl & ssl) ?
3

4: Do you allow bots ? If yes which type and under what rules.
Yes, if they are harmless. Bot owners have to ask ops / chan owners.
Game / trivia bot can be annoying on a chat channel.

5: Do you run hidden services ? If so how to do you control potential bot attack ?
Not hidden. A custom module provide a channel mode, and nick registration is on demand.
So people still connect freely to server, but for chans with that custom mode, they are asked +R.

6: Do you allow proxies ? Yes? No ? Protective and or control measures ?
Yes, if they are not insecure / BL. Protective measure is DNSBL.
No particular control measures.