UnrealIRCd Forums

i was wondering if there is another module like defizzer that identify bots(botnets) and kline it..

Every botnet is different. There is no way to detect them all, and some are completely undetectable.

codemastr wrote:and some are completely undetectable.

Well, maybe completely undetectable by a mere automated process such as an IRCd, but us humans are naturally much more capable of investigating such a "client"'s activities and taking the necessary action .

codemastr wrote:Every botnet is different. There is no way to detect them all, and some are completely undetectable.

ok then how about when name!identd@* and fullname are same .. and mirc version not respond at in this moment it will identify them. i find some botnet use this style similer nick identd fullname in this way atleast we can stop few bots

aquanight wrote: Well, maybe completely undetectable by a mere automated process such as an IRCd, but us humans are naturally much more capable of investigating such a "client"'s activities and taking the necessary action .

Well auanight how long u can be active and investigate.. not all time i guess.. and this bots can mess up all within few minutes if u dont run any automated process

http://ircdefender.org/

May be able to help, maybe not. Can do regex banning and stuff... give it a whirl.

w00t wrote:http://ircdefender.org/

May be able to help, maybe not. Can do regex banning and stuff... give it a whirl.

thanks bubby

ehh... http://www.neostats.net secureserv already detects many many botnets/spam/viruses

Winbots wrote:ehh... http://www.neostats.net secureserv already detects many many botnets/spam/viruses

Well i tried so but secureserv only help on for some virus (litmus, trojan) kinda not botnet

SLipKnOt wrote:Actually i need something like that if any client wont reply version then it will mark it and kill or kline cuz most of the botnet dont reply version :$

Well you could certainly make such a module, but keep in mind it will kill innocent users too. I have my client set to not respond to version replies. Just because I want privacy means I can't use your server?

They must have other characteristics in common... presumably nickname or something?

codemastr wrote:

SLipKnOt wrote:Actually i need something like that if any client wont reply version then it will mark it and kill or kline cuz most of the botnet dont reply version :$

Well you could certainly make such a module, but keep in mind it will kill innocent users too. I have my client set to not respond to version replies. Just because I want privacy means I can't use your server?

oh i dont mean that .. actually in my network its asian net work most of the user (99%) users use mIRC Jirc Few ppl usre xchat and all of them i find they respond except those bots :$ so .. in this kind a network that kind a module will help a lot..

w00t wrote:They must have other characteristics in common... presumably nickname or something?

yeah i find they use they fullname common but they use "*" as their full name.. for this i cant ban them from ircd

Banning based on ctcp replies is a really bad idea... go talk to the defender people, they should probably be able to investigate into it and give you a hand.

I'd offer myself, but I'm busy with other projects at the moment. Still, drop me a line and I'll try get round to it.