Network under attack by a botnet - need help
Posted: Mon Apr 19, 2004 4:15 pm
I am a netadmin on an IRC Network that is currently being used by two botnets. We'd really like to get rid of these bots but currently have no way of doing so without spamming our opers.
Here's the deal. These bots connect to the network with either [elicomp]- or dUck-[ as their nick prefix. So far we have over 2000, yes that's two thousand glines, and they still keep coming.
They always join the same channel so we setup a trap chan using Anope services and that works, but it spams the opers with gline notices every couple of seconds, since the bots just keep joining.
Also we've tried the qline attempt, but that creates soooo much spam that unfortunately that's not an option.
These bots do not respond to CTCP Version and they have random idents and seem to come from an unmeasurable number of IP addresses (over 2000 at least).
What I need is a way to like gline a name i guess or somehow prevent anyone that has a nick containing dUck-[ or [elicomp]- from connecting to the network at all.
Here's the deal. These bots connect to the network with either [elicomp]- or dUck-[ as their nick prefix. So far we have over 2000, yes that's two thousand glines, and they still keep coming.
They always join the same channel so we setup a trap chan using Anope services and that works, but it spams the opers with gline notices every couple of seconds, since the bots just keep joining.
Also we've tried the qline attempt, but that creates soooo much spam that unfortunately that's not an option.
These bots do not respond to CTCP Version and they have random idents and seem to come from an unmeasurable number of IP addresses (over 2000 at least).
What I need is a way to like gline a name i guess or somehow prevent anyone that has a nick containing dUck-[ or [elicomp]- from connecting to the network at all.