UnrealIRCd Forums

Welcome to the UnrealIRCd Forums!
https://forums.unrealircd.org/

Weird bots

https://forums.unrealircd.org/viewtopic.php?t=4312

Page 1 of 2

Weird bots

Posted: Sun Jun 10, 2007 9:48 am
by GouroB
«°15:23°» * Joins: u3758 ([email protected])
«°15:23°» * Joins: q1681 ([email protected])
«°15:23°» * Joins: g6401 ([email protected])
«°15:23°» <Zahir> 9,0|9,3|1,3|3,1|0,1 @Bristi tai naki... ami o... lunch kore Bc te boshlam 3,1|1,3|9,3|9,0|
«°15:23°» * Joins: w2731 ([email protected])
«°15:23°» <ShAdOw_of_dOOm> 5»5,1»1,5»4,5»5,4»4,14»0,14 wtf 4«5,4«4,5«1,5«5,1«5,0«
«°15:23°» * Joins: g7571 ([email protected])
«°15:23°» * Joins: m4674 ([email protected])
«°15:23°» * Parts: Xlove ([email protected])
«°15:23°» * Quits: u9690 ([email protected]) (User has been banned from BanglaCafe (4BOT))
«°15:23°» * Quits: a6079 ([email protected]) (User has been banned from BanglaCafe (4BOT))
«°15:23°» * Quits: u3758 ([email protected]) (User has been banned from BanglaCafe (4BOT))


also
«°11:16°» * Joins: nax2154 ([email protected])
«°11:16°» * Joins: nax3854 ([email protected])
«°11:16°» * Joins: nax7929 ([email protected])

any regex for these bots anyone ? antirandom was unable to detect them.

Posted: Sun Jun 10, 2007 11:32 am
by seraphim
//edit: argh sry i didn´t read the text carefully >.<

Posted: Sun Jun 10, 2007 11:49 am
by Jobe
For the first lot you can/could have used this regex for a user type spamfilter: ^[a-z]\d{4}![a-z]\d{4}@
(matches a letter followed by 4 numbers in both the nick and ident/user)

For the second lot you can use this regex on a user type spamfilter: ^([a-z]{3})\d{4}!\1@
(matches 3 letters followed by 4 numbers where the same 3 letters appear as the full user/ident)

Since I see you had 3 of the second lot connect from the same host id reccomend adjusting your max per IP limits and if possible use session limiting in services to limit the number of clones.

Posted: Sun Jun 10, 2007 1:32 pm
by GouroB
Since I see you had 3 of the second lot connect from the same host id reccomend adjusting your max per IP limits and if possible use session limiting in services to limit the number of clones.


yah i have 3 user per ip limit, but where do i get session limit .. ? services.conf ?

Posted: Sun Jun 10, 2007 2:48 pm
by Jobe
Session limiting in services depends on your services package if you even have one.

Posted: Sun Jun 10, 2007 3:40 pm
by GouroB
i do have , anope ( latest one ) .. so it is available there ?

Posted: Sun Jun 10, 2007 3:50 pm
by GouroB
«°21:47°» * Joins: ruksog ([email protected])
«°21:47°» * Joins: gjrhey ([email protected])
«°21:47°» * Joins: fsuhzv ([email protected])
«°21:47°» * Joins: Rent`BoY ([email protected])
«°21:47°» * Parts: ruksog ([email protected])
«°21:47°» * Parts: fsuhzv ([email protected])
«°21:47°» * Parts: gjrhey ([email protected])
«°21:47°» * Joins: vruaoq ([email protected])
«°21:47°» * Joins: exadyf ([email protected])
«°21:47°» * Joins: bxtyie ([email protected])

Posted: Thu Jun 14, 2007 5:00 pm
by GouroB
«°20:13°» * Joins: green^rose ([email protected])
«°20:13°» * Joins: dust`in`the`wind ([email protected])
«°20:14°» * Quits: green^rose ([email protected]) (Z:lined (4Low Life!))
«°20:14°» * Joins: noyon ([email protected])
«°20:14°» * Joins: addicted ([email protected])
«°20:14°» * Joins: rose ([email protected])
«°20:14°» * Joins: biggybro ([email protected])
«°20:14°» * Joins: tasu ([email protected])
&

«°20:13°» * Joins: re-rain ([email protected])
«°20:13°» * Joins: rofiq ([email protected])
«°20:13°» * Joins: pious ([email protected])
«°20:13°» * Joins: opal ([email protected])
«°20:13°» * Parts: tanha ([email protected])
«°20:13°» * Parts: kashif ([email protected])
«°20:13°» * Joins: nazrul ([email protected])
«°20:13°» * Joins: mokbul ([email protected])
«°20:13°» * Joins: madhuri ([email protected])
«°20:13°» * Quits: sushmita_1 ([email protected]) (Excess Flood)
«°20:13°» * Quits: shornolota ([email protected]) (Excess Flood)
«°20:13°» * Quits: re-rain ([email protected]) (Excess Flood)
«°20:13°» * Quits: opal ([email protected]) (Excess Flood)
«°20:13°» * Quits: pious ([email protected]) (Excess Flood)

these nicks r normal users nicks only idents r random, any idea how ch these ... and i think these r also some sorta new exploiter like cloneX

Posted: Thu Jun 14, 2007 6:32 pm
by Jobe
Could you possibly give us more information such as real names and CTCP versions if possible?

Posted: Thu Jun 14, 2007 7:36 pm
by GouroB
re-rain was [email protected] * eerrug
re-rain using 143.BanGlaCafe.Com Thu Jun 14 09:13:55 2007
green^rose was [email protected] * yuxdco
green^rose using 143.BanGlaCafe.Com Thu Jun 14 09:14:09 2007
pious was [email protected] * sputou
pious using 143.BanGlaCafe.Com Thu Jun 14 09:13:55 2007

Posted: Thu Jun 14, 2007 8:33 pm
by Jobe
Try this for a user type regex:

Code: Select all

![a-z][0-9]{4}@[^:]+:[a-z]{6}

Posted: Thu Jun 14, 2007 8:39 pm
by GouroB
thanks :D

Posted: Thu Jun 14, 2007 9:02 pm
by Stealth
Looks like ClonesXs using a nicklist...

Posted: Wed Jul 04, 2007 4:23 pm
by GouroB
lkgrofnaqib is [email protected] * ktmyttgovwijan

nxiebg is [email protected] * xiqymlawjigionzehn

any regex for these idiots ?
[/quote]

Posted: Wed Jul 04, 2007 4:41 pm
by Stealth
Anti-Random should be able to take care of those
All times are UTC
Page 1 of 2

Powered by phpBB® Forum Software © phpBB Limited