UnrealIRCd Forums

Welcome to the UnrealIRCd Forums!
https://forums.unrealircd.org/

sex spam

https://forums.unrealircd.org/viewtopic.php?t=1119

Page 1 of 1

sex spam

Posted: Wed Nov 24, 2004 9:58 am
by wulfie
<Emilie^17> hello Dangles
<Emilie^17> i'm a girl. are you a boy?
<Emilie^17> i see. i would like to know more about you :-)
<Emilie^17> come and meet me in this chatroom: http://sexpartner.4u.hu

the spam bots always have the same type of name which is: upercase letter to start the name then the ^ and two random digits....

what would be the best way to go about filtering this?

thank you

Posted: Wed Nov 24, 2004 2:58 pm
by Dukat
Well you could use Services SQLINE, but you'd most probably ban innocent users too...

Is the URL always the same? I think it would be the best to /spamfilter that url (or the last sentence), if it isn't changing...

Posted: Wed Nov 24, 2004 5:20 pm
by aquanight
In theory you could do a case-sensitive spamfilter using this (dunno how to make it do case-sensitive right now, or if it does case sensitive already):

^[A-Z][^\^ !@:]*\^[0-9]{2}!

But as mentioned you can ban innocent users. Why not whois some of the bots to find some user@host and/or realname patterns that can be used to narrow it down?

Posted: Wed Nov 24, 2004 9:47 pm
by wulfie
no pattern in the user@host and/or realname :/ so the capital letter at the start of the name then the ^ two random digits and the msgs..... have no fear about taking out innocent users... they are all warned against using a nick that matches that format

Posted: Wed Nov 24, 2004 10:14 pm
by Syzop
For a case sensitive regex (well, for the upper part only):

Code: Select all

/spamfilter add u kill - some_nice_reason_here ^(?-i)[A-Z](?i)[a-z]*\^[0-9]{2}!
Or another action. Nice thing about kill is that an innocent user can understand (if you have a good reason field) what he/she can do to get on your net again.
no pattern in the user@host and/or realname :/
What does that mean? random garbage (dfskgfds)? Or again names...
Almost everything has a pattern, even random garbage is a pattern to me ;).

Posted: Thu Nov 25, 2004 12:28 am
by wulfie
well sometimes the user is the same as the first part of the nick and other times its random garbage.... and the hosts come from all around the net and as far as i can tell it never uses the same host twice

Posted: Thu Nov 25, 2004 1:11 am
by wulfie
thanks syzop.... works great :)

we have this same problem with that spam bot

Posted: Sat Dec 04, 2004 7:24 pm
by droolin
I can say, that we have had issue with this bot for a long period of time. That with regard to us, the bot always starts with a capital letter. Then followed by lower case letters. Then either _ or ^, and then two numerics. Examples of: Susan^99 or Susan_99, but never susan^99 or susan_99. This bot origionally started only using the special character _ and then evolved to the other special character ^. We see both examples on our network.
I think ill try one of the previously sugested spamfilters sugested here.. But without the case sensitivity switch, just because of what we have observed over a year of these stupid bots.
Because we have been banning this bot through different automated means at the nick level for a long period of time, I forgot about what the origional spam message was. I think i'm going to set a filter at that level too, in case this bot evolves again into another pattern for the nicks.
Thank Syzop for directing me to this thread.

droolin
All times are UTC
Page 1 of 1

Powered by phpBB® Forum Software © phpBB Limited