Bottler
-
codemastr
- Former UnrealIRCd head coder
- Posts: 811
- Joined: Sat Mar 06, 2004 8:47 pm
- Location: United States
- Contact:
You don't need to use spamfilter to stop Bottler. Bottler has a builtin way to stop it from connecting!
If you add "No Bottlers Please" to your MOTD, they should automatically disconnect. Or something like that.
Also, you could add "Bottler v* - http://www.memelog.com/bottler/" to a ban version {}. That would catch them as well.
And Syzop, this isn't a trojan, this is an XDCC leecher. So even though I think it has no place on IRC, I don't think it should be banned by default.
If you add "No Bottlers Please" to your MOTD, they should automatically disconnect. Or something like that.
Also, you could add "Bottler v* - http://www.memelog.com/bottler/" to a ban version {}. That would catch them as well.
And Syzop, this isn't a trojan, this is an XDCC leecher. So even though I think it has no place on IRC, I don't think it should be banned by default.
-- codemastr
What codemastr said is true.. I've had to rid my network of a few of them.. about 100. I added "No bottler clients please" to all my motds, and did a ctcp version of the entire network, killing anything that replied with "Bottler". They do however reconnect, but drop the connection as soon as the line in the motd is found.
-tiko
-tiko
looking through the source code, when a bottler client is banned from the network, it removes the network from its internal list, thus preventing it from reconnecting after you have removed the ban.
I've found another type of xdcc leecher as well, called XDCCcatcher. It reports itself as being mirc v6.14. ::edit::delete::::edit::delete:: >:)
Any ideas on this one?
-tiko
I've found another type of xdcc leecher as well, called XDCCcatcher. It reports itself as being mirc v6.14. ::edit::delete::::edit::delete:: >:)
Any ideas on this one?
-tiko
Last edited by tiko on Mon Jul 12, 2004 6:13 am, edited 1 time in total.
-
codemastr
- Former UnrealIRCd head coder
- Posts: 811
- Joined: Sat Mar 06, 2004 8:47 pm
- Location: United States
- Contact:
Yeah, there are some of these damn things that are pretty good at being hard to detect. Another one is Blotter which claims to be undetectable.
In addition to the method you described, there are other ways to detect xdcc catcher, but I won't mention them here since all that can possibly do is allow the author to block my method. I've also come up with a method to detect the "undetectable" blotter. Let me tell you, it's really fun when you see 500 people thinking that they are undetectable suddenly realize that they aren't
I know, at first I said I'd never add support to Unreal to ban based on other CTCPs, but these xdcc things using all these evasion tactics have made me change my mind, this is war! I hate xdcc, and I'll do whatever I can to help take IRC back! I'm going to try and come up with a way to do all this, so rest assured, Unreal will allow you to ban these bastards in the future
But, I will not include the methods to detect them with Unreal as that will just let the authors figure out how I managed to detect them. Instead, I'll have people email me directly, then I will verify their identity before releasing a single word about this. The longer it stays secret, the longer we have the ability to detect and destroy them
In addition to the method you described, there are other ways to detect xdcc catcher, but I won't mention them here since all that can possibly do is allow the author to block my method. I've also come up with a method to detect the "undetectable" blotter. Let me tell you, it's really fun when you see 500 people thinking that they are undetectable suddenly realize that they aren't
I know, at first I said I'd never add support to Unreal to ban based on other CTCPs, but these xdcc things using all these evasion tactics have made me change my mind, this is war! I hate xdcc, and I'll do whatever I can to help take IRC back! I'm going to try and come up with a way to do all this, so rest assured, Unreal will allow you to ban these bastards in the future
But, I will not include the methods to detect them with Unreal as that will just let the authors figure out how I managed to detect them. Instead, I'll have people email me directly, then I will verify their identity before releasing a single word about this. The longer it stays secret, the longer we have the ability to detect and destroy them -- codemastr
Couldn't agree with your more, there. Blotter has come to my attention too. I suppose it's yet another thing I'll be dealing with tonight. Looks like I'll be sending you an Email.codemastr wrote:Let me tell you, it's really fun when you see 500 people thinking that they are undetectable suddenly realize that they aren't
-tiko
Comment on Bottler & the such
To All who read this, as an Irc Network owner myself, who is battling continued wars against these scripts, I strongly suggest to ALL Not to allow warez channels on network to be registered with Irc search engines such as packetnews, ircspy etc.... because there is a website out there that uses those two search engines to create the server.ini file for bottlers, blotters and orks, thus resulting in a massive war with these scripts.