Spamfilter for Sex Pages

Trancer · Post by **Trancer** » Tue May 23, 2006 8:21 am

hi all

Every Days connect a proxy User and post in a Query this Text

[19:44:46] <onzad> i saw your girlfriend on cams2006.com

)

The Text is variable

Have idea for a spamfliter on Cams whit Wildcard tho Block this Text?

Sorry for my english

German:

Es connecten jeden Tag Users mit Proxy und schreiben flogendes ins Query mehreren Usern

[19:44:46] <onzad> i saw your girlfriend on cams2006.com

)

Kann jemand ein Spamfilter Entwerfen auf cams mit Wildcards so dass es den ganzen Text blockt?

mfg

akin · Post by **akin** » Tue May 23, 2006 8:55 am

Code: Select all

spamfilter { 
    regex "cams2006\.com"; 
    target private; 
    action gline; 
    reason "exit."; 
};

nate · Post by **nate** » Fri May 26, 2006 4:59 am

A network I visit regularly is being hit with this bot also (atleast assuming its the same bot, usually has the same host mask, with minor changes because its a dialup, so it changes on the class C end of it), but the problem is thats not the only line it, it spams multiple different sites, most likely which contain a trojan or some crap.

Its nickname and ident are always the same thing, but rotate (Always 5 letters long, seemingly 5 lower case letters that are randomized).

Its real name though however on every one is the same, simply though its just 'Real Name', but doing a full broad filter or even a SGline maybe to block that would be bad, as I'm sure there are clients out there which default as that?

Stealth · Post by **Stealth** » Fri May 26, 2006 5:01 am

Paste some whois examples?

ARcanUSNUMquam · Post by **ARcanUSNUMquam** » Fri May 26, 2006 10:35 pm

Hallo,
We've been getting those bots too, and they have been spamming other stuff, so we just banned the entire ISP with as much other info as we could.

Here are some things I gleaned from our spamfilter logs:

Code: Select all

[email protected]:Real name
[email protected]:Real name
[email protected]:Real name
[email protected]:Real name
[email protected]:Real name

I used this to spamfilter them:

Code: Select all

/spamfilter add u gline - Spam ((?-i:[a-z]{5}))!~\1@pc[0-9]{2}\.zippcomplex\.iasi\.rdsnet\.ro:Real name

Stealth · Post by **Stealth** » Sat May 27, 2006 2:29 am

Why not

Code: Select all

/gline 0 ~*@*.zippcomplex.iasi.rdsnet.ro Due to abulsive connections from this ISP, it is now required that users connecting from this ISP enable identd

ARcanUSNUMquam · Post by **ARcanUSNUMquam** » Sat May 27, 2006 2:46 am

We've got the processing power to handle complex spamfilters and we don't like banning entire ISPs unless we absolutely need to. We pride ourselves on balancing security with openness, which is why I love spamfilters so much.

Stealth · Post by **Stealth** » Sat May 27, 2006 3:16 am

With that you aren't necessarily banning the whole ISP, just unidented hosts. Spamfilters are great until someone decides to be smart and randomizes the real names as well...

Jason · Post by **Jason** » Sat May 27, 2006 5:20 pm

Stealth, it is pretty rare for someone to write a good attack script that cant be spamfiltered. And even then, you can usually trapchan it or something. I dont think he has to worry about this. Unless the attacker reads here he wont know the reason his bots are found out. IMO, a spamfilter is the better solution to this until the attacker gets a brain (unlikely). Its probably a canned script anyhow, and the attacker has no idea how to do anything to it.

Git · Post by **Git** » Sun Jul 09, 2006 2:00 am

/spamfilter add pnNa gline +0 Blocked i.?saw.?your.?girlfriend.?on.?cams2006.?com.*