mIRC Home    About    Download    Register    News    Help

Print Thread
#152917 08/07/06 04:56 PM
Joined: May 2005
Posts: 35
N
nutt3 Offline OP
Ameglian cow
OP Offline
Ameglian cow
N
Joined: May 2005
Posts: 35
Im an oper and would like to auto kick some spambots.Only way to see its a spambot is via the real ip. I cant find any other way than /whois where the ip shows in the 'nick is connecting from...'

What im looking for is a script that do a whois or something else if there is a way and then compare the real ip against a set of knowen spambot ip ranges. Can any help?

Joined: Feb 2004
Posts: 714
Z
Hoopy frood
Offline
Hoopy frood
Z
Joined: Feb 2004
Posts: 714
With the /who command is also possible to view the person's IP, and it has a smaller reply than the /whois command.

The script varies according to how the spambot's IPs are listed. Let's say, for example, that they are in a text file, one IP per line. We could use: $read(spambots.txt,[color:red]w,*@host)

This will return the first match for *@host. Now onto getting the persons IP (I'm assuming you just want the IP, disregarding the nickname and userid).
Code:
alias Spambot {
 set %Spambot.hide on
 who $$1
}
raw 352:*: {
 if (%Spambot.hide) {
  if ($read(spambots.txt,w,*@ $+ $4)) { [color:blue]command here[/color] }
  halt
 }
}
raw 315:*: if (%Spambot.hide) { unset %Spambot.hide | halt }

The above is not tested but should work.

When replacing command here for the command you want to use, use this parameters:

- $6 -> User's nickname
- $3 -> User's userid
- $4 -> User's host


Hope this can help! Good luck,

Zyzzy.


"All we are saying is give peace a chance" -- John Lennon
Joined: Aug 2004
Posts: 7,252
R
Hoopy frood
Offline
Hoopy frood
R
Joined: Aug 2004
Posts: 7,252
Replace #channel with the actual channel name that you want to kick the spambots from.
Code:
 menu * {
  SpamBot : spambot $iif($snicks,$v1,$$?="Nick(s) to check for SpamBot access")
}
alias spambot {
  if !$1 { echo 4 -a No nicks specified }
  else {
    var %nicks = $replace($1-,$chr(44),$chr(32)), %a = 1, %b = $numtok(%nicks,32)
    while %a <= %b {
      .enable #spambot.whois
      .whois $gettok(%nicks,%a,32)
      inc %a
    }
  }
}
#spambot.whois off
raw 378:*:{
  var %ip = $+($iif($gettok($iif(!$7,$6,$7),1,46) isnum,$v1),.,$iif($gettok($iif(!$7,$6,$7),2,46) isnum,$v1),.,$iif($gettok($iif(!$7,$6,$7),3,46) isnum,$v1),.,$iif($gettok($iif(!$7,$6,$7),4,46) isnum,$v1))
  if $read(SpamIP.txt,nts,%ip) {
    .kick #channel $1 SpamBots not allowed
  }
}
raw 318:*:{
  .disable #spambot.whois
  haltdef
}
#spambot.whois end
 

Joined: Feb 2004
Posts: 714
Z
Hoopy frood
Offline
Hoopy frood
Z
Joined: Feb 2004
Posts: 714
RusselB, if you don't mind me asking, what raw is 378? I tried looking it up in my numeric database and couldn't find it frown

Another thing.. the raw 318 is the end of a /whois nickname. If you use this command in 4 nicknames, for example, won't the 1st raw 318 disable the entire script? The /whois is in the while loop, which is pretty fast (can't compare to a server reply).

Regards,
Zyzzy smile


"All we are saying is give peace a chance" -- John Lennon
Joined: Aug 2004
Posts: 7,252
R
Hoopy frood
Offline
Hoopy frood
R
Joined: Aug 2004
Posts: 7,252
The group is enabled/disabled for each nick that you are checking, one at a time. For the raw information check Raw Numerics

I just took part of my Whois/Whowas dialog and amended it for your request. My dialog can be found at Whois/Whowas Dialog Please note that I have made some small changes to the scripting format of the dialog, but they make no difference in the overall form and usage.

Joined: Feb 2004
Posts: 714
Z
Hoopy frood
Offline
Hoopy frood
Z
Joined: Feb 2004
Posts: 714
RusselB, the numeric reference page you gave me give this info about raw 378:

"This is sent in reply to a MOTD request or on connection. In most cases, multiple replies will be sent, one for each line in the MOTD".

Needless to say I got even more confused smirk I thought raw 311 was the /whois reply that contained nick/userid/host, based on Jeepster's numeric reference (which I know is not very up to date).

I'm still puzzled with that /whois-while loop thing. The way I interpreted it (which can pretty much be far from the real deal): The while loop runs in miliseconds and whois's all the nicks in %nicks. By the time the while is finished, the whois reply is hardly getting to the 2nd nickname, since server replies are much slower than the internal mIRC loop. Once the 2nd (or 3rd) nick is finished with the whois, it's respective 318 would disable #spambot.whois, stopping the rest of the nicknames in %nicks from being 'read'.

Maybe there is a relation with the raw 378 that I'm not seeing which explains my doubt. I tried echo'ing raw 378 on a /whois and on a /motd, without success (on Undernet).

Regards,
Zyzzy =)


"All we are saying is give peace a chance" -- John Lennon
Joined: Aug 2004
Posts: 7,252
R
Hoopy frood
Offline
Hoopy frood
R
Joined: Aug 2004
Posts: 7,252
I'm getting confused myself, based upon what you've relayed and the fact that the code in my Whois/Whowas dialog does work and uses the information from raw 378 to fill in the IP address in the dialog. I think part of the confusion is that the IP address that I'm referring to is the numeric address, which is the true address rather than a possible vhost address.

I can't confirm this on Undernet, as the information is only returned to those with IRCop status (or higher) and I don't have that access on Undernet.

The information is sent from the /whois and returned via the group, before the next whois is sent. ie: raw 318 is processed at the end of each whois before the next nick is whois'd..realistically it creates a pause in the loop until all of the information is sent for the current /whois before the next one. This is one advantage (in my opinion) of the fact that mIRC does not have true multi-threading capabilities (or at least, not in this area).

I hope that clarifies the confusion regarding the /whois-while loop.

Regarding the proper raw for Undernet, using /debug @debug, then /whois <nick> would put the responses from the raws into the debug window, where you can pull up the correct raw. As I said before, I, as a non-IRCop for Undernet, don't have access to that information.

Joined: Feb 2004
Posts: 714
Z
Hoopy frood
Offline
Hoopy frood
Z
Joined: Feb 2004
Posts: 714
A-ha, the IRCop factor I didnt take under consideration. That might be why I'm not familiar with 378. smile

Thank you for the explanation, and sorry for the confusion wink

Zyzzy.


"All we are saying is give peace a chance" -- John Lennon
Joined: Aug 2004
Posts: 7,252
R
Hoopy frood
Offline
Hoopy frood
R
Joined: Aug 2004
Posts: 7,252
Without IRCop access, the best you'd be able to get is the info returned via raw 311 (as you mentioned earlier), however, if the person is using a vhost (virtual address), then kicks/bans/kills etc., based upon the address, is easier to get around (personally I don't like vhosts, since it seems like people are trying to hide)

Joined: May 2005
Posts: 35
N
nutt3 Offline OP
Ameglian cow
OP Offline
Ameglian cow
N
Joined: May 2005
Posts: 35
thx for the replys. Im trying Russels script and if i do /spambot nick it display the same as via whois (cause thats what it should do smile ) and then nothing else happens even if the nick's ip is in list. I then did a echo -a %ip and that shows: ...
3 dots

somehow things not working.

Joined: Aug 2004
Posts: 7,252
R
Hoopy frood
Offline
Hoopy frood
R
Joined: Aug 2004
Posts: 7,252
Do you have IRCop status on your network? If not, then I'll need to re-write the code so that it provides the best information available for a non-IRCop. If you are an IRCop, then I need to review the code I've already given you to figure out what's wrong.

Joined: May 2005
Posts: 35
N
nutt3 Offline OP
Ameglian cow
OP Offline
Ameglian cow
N
Joined: May 2005
Posts: 35
Im an ircop and incase you figuer it out, could it be maded soo it works by turning it on/off soo when on if auto checks all thats joins?


Link Copied to Clipboard