Hello.
I saw some users on the network having nick such as NeckCrew and etc and sending notices or private messages to other users:
This nickname is registered and protected. If it is your
nick, type /msg NickServ IDENTIFY password. Otherwise,
please choose a different nick.
so, I set up such spamfilter:
spamfilter {
regex "^This nickname is registered and protected\.\ \ If it is your$";
target { private; private-notice; };
reason "Abuse: Trying to fake services' notice messages. Sorry, permanent BAN.";
action gzline;
ban-time 0;
};
However, some users paste their status window or sth and accidently match the filter and get gzlined.. However, they are innocent..
Is there any better regex to stop this abuse?
Abusing services
Well, since you use ^This nickname[etc] you force the line to start exactly with that, so that is good :).
I wonder how other people paste then, since normally it's just like:
[xx:yy] <Somenick> hey I got:
[xx:yy] <Somenick> [xx:yy] <Idiot> This nickname[etc..]
heh.
You sure they are innocent?
Also, how can they paste these things.. they should have never received the message in the first place.
So probably better to check why some slip trough or something?
I dunnow
I wonder how other people paste then, since normally it's just like:
[xx:yy] <Somenick> hey I got:
[xx:yy] <Somenick> [xx:yy] <Idiot> This nickname[etc..]
heh.
You sure they are innocent?
Also, how can they paste these things.. they should have never received the message in the first place.
So probably better to check why some slip trough or something?
I dunnow
I can imagine them (maybe) pasting it in their help channel, or something - in which case, isn't there a way to exempt certain channels from spamfilter?
-ChatSpike IRC Network [http://www.chatspike.net]
-Denora Stats [http://denora.nomadirc.net]
-Omerta [http://www.barafranca.com]
-Denora Stats [http://denora.nomadirc.net]
-Omerta [http://www.barafranca.com]
no! they paste like that:
[xx:yy] <Somenick> hey I got:
[xx:yy] <Somenick> [xx:yy] <Idiot> This nickname[etc..]
[xx:yy] <Idiot>[space here]This nickname
it should don't affect the spamfilter, however, the spamfilter still catches it. I'm sure they are innocent because I was unable to reproduce that pasting without getting caught by the spamfilter...
[xx:yy] <Somenick> hey I got:
[xx:yy] <Somenick> [xx:yy] <Idiot> This nickname[etc..]
[xx:yy] <Idiot>[space here]This nickname
it should don't affect the spamfilter, however, the spamfilter still catches it. I'm sure they are innocent because I was unable to reproduce that pasting without getting caught by the spamfilter...
/spamfilter + npcN gzline 7d Services_Impersonation_/_Password_Stealing /msg (.*[^N][^i][^c][^k][^S][^e][^r][^v].*|.{1,7}) IDENTIFY password
Use that. If they paste it with the nick NickServ, it will not match. If they paste it with anything else (like their own nick, N1ckServ, etc), it will ban them for a week.
Use that. If they paste it with the nick NickServ, it will not match. If they paste it with anything else (like their own nick, N1ckServ, etc), it will ban them for a week.
Why the hell can't my signature be empty?
"Your message contains too few characters."
"Your message contains too few characters."
Maybe I'm just paranoid, but I'd prefer this:
/spamfilter + npcN gzline 7d Services_Impersonation_/_Password_Stealing /msg ([^N]|N[^i]|Ni[^c]|Nic[^k]|Nick[^S]|NickS[^e]|NickSe[^r]|NickSer[^v]|NickServ\S).*
I'm not sure but I don't think you even need to specially handle the < 8 characters deal since if they do something like NickSer IDENTIFY, it'll catch on NickSer[^v] because a space isn't a v :) .
Alternative method, spamfilter on /msg .* IDENTIFY for private notice or msg. The real NickServ is immune to spamfilter.
Alternative method, spamfilter ^IDENTIFY with action block, and reason "Do not use /msg NickServ to identify - use /nickserv or /identify instead." - because aliases don't have spamfilter checking. Like so:
/spamfilter + pn block - Do_not_use_/msg_NickServ_to_identify._Use_/nickserv_or_/identify_instead. ^IDENTIFY
This doesn't block the spam notice, but it does basically keep people from sending their password rendering the spam "useless".
If you use this method, you may want to change your service's code or language files to instruct people to use /nickserv or /identify or else confused newbies will ensue. On that note, maybe you should do it anyway. :)
/spamfilter + npcN gzline 7d Services_Impersonation_/_Password_Stealing /msg ([^N]|N[^i]|Ni[^c]|Nic[^k]|Nick[^S]|NickS[^e]|NickSe[^r]|NickSer[^v]|NickServ\S).*
I'm not sure but I don't think you even need to specially handle the < 8 characters deal since if they do something like NickSer IDENTIFY, it'll catch on NickSer[^v] because a space isn't a v :) .
Alternative method, spamfilter on /msg .* IDENTIFY for private notice or msg. The real NickServ is immune to spamfilter.
Alternative method, spamfilter ^IDENTIFY with action block, and reason "Do not use /msg NickServ to identify - use /nickserv or /identify instead." - because aliases don't have spamfilter checking. Like so:
/spamfilter + pn block - Do_not_use_/msg_NickServ_to_identify._Use_/nickserv_or_/identify_instead. ^IDENTIFY
This doesn't block the spam notice, but it does basically keep people from sending their password rendering the spam "useless".
If you use this method, you may want to change your service's code or language files to instruct people to use /nickserv or /identify or else confused newbies will ensue. On that note, maybe you should do it anyway. :)