Forums Scripts & Popups channel and server spam

Hello all,

I run a server which is attracting spammers and botnets. Any good scripts or bots that can help with this issue for me as its becoming unbearable.

Many thanks

can you give an example about what the bots do? like text, host masks or somthing to work with? =)

Do you do any blacklist (DroneBL, EFNet RBL, etc.) checks or open proxy scans at all?
The former will certainly keep most trouble off the server.
I believe BOPM allows you to do both: http://wiki.blitzed.org/BOPM

For botnets that still get through, get some regex skills to keep those off individually based on their patterns.
And you will sometimes have to come up with scripts (or actual client or services bots) to detect and eliminate other things.

Channel protection: http://sanitarium.mircscripting.info/addons/c_floodpro.html

Its a solid script, but may need to be modified a bit to suit your exact needs.

As for the server itself, I suggest you log on to undernet, go to #mircscripting and talk with Sanitarium (or XW depending on what nick he's using). He's dealt with massive amount of flood bots and could give you some pointers.

I had a similar problem on my server a couple months back, and downloaded a mirc bot called pbot. It cleaned up my server and channels and we have our server back again.

It works by a three layer protection. It scans all incoming IP's and bans the proxy ones, and as a previous poster mentions it regex checks all text and bans the spammers text, never had a false positive yet.

I have tried loads of diff bots but pbot is by far the best.

edit: just found the link to the bot

http://mirc.net/projects.php?go=1218035463

Hi, thanks for all the answers.

I downloaded the bot you recommended. It really seems to be working, and is a huge help.

Anyway i can run it constantly off a server though? as my PC has to be kept on all the time now.

Thanks again.

No. You need a dedicated machine to run this; if you're using mIRC scripts, then you need a dedicated machine with mIRC (and probably Windows).

You can get similar scripts/add-ons for your ircd that run directly on your irc server's machine, but those are not mIRC scripts, so we can't really help you there.

I recommend using the spamfilter with some nifty regexps to catch what the bots are saying. IrCQNet was being bombarded with what we call sexbots, so I produced a set of 17 expressions that the ircops used with a tempshun to keep the spam minimalised. E.g.:

^(1[89]|2[0-4]) (fem(ale)?|girl|women) ([uU][Ss])[Aa]? , any (boy|guy|ma(le|n))s? (wann?a|would like|wishes|desire|wants) (chat|talk) , (me?ss?a?ge?|pm|pri?va?t?e?) me$
^any (guy|boy|male)s? (((older|younger) then|above|around) (1[89]|2[0-4]))?[ ?]+$
^Any (boy|guy|ma(le|n))s? (wann?a|would like|wishes|desire|wants) to (talk|chat) or anything else (me?ss?a?ge?|pm|pri?va?t?e?) me$
^(y([ea]p?|es)|dah)!? (ofcourse|thats right|obviously)? ?i ?a?m (a )?(fem(ale)?|girl|women)$
^any sexy (boy|guy|ma(le|n))s? up for a (me?ss?a?ge?|pm|pri?va?t?e?)$
^hi (boy|guy|ma(le|n))s?! any ?(one|body) (wann?a|would like|wishes|desire|wants) to (talk|chat) to a [Uu][Ss][Aa]? (fem(ale)?|girl|women)[ ?]+$
^(w(o(w|o(hoo|w)?)|aaaa?)|yooo) i ?a?m bored , any (boy|guy|ma(le|n))s?[ ?]+$
^[Ii] ?a?m (even|obviously) (a )?(hot|(naut|horne|cut|lovel|but)y|(cut|nic|awesom)e) (fem(ale)?|girl|women)$
^(boy|guy|ma(le|n))s? with (cool|new|live)?( ?weby?)? ?cam(era)? ? here[ ?]+$
^(boy|guy|ma(le|n))s?[ ?]+ (me?ss?a?ge?|pm|pri?va?t?e?) me$
^single (boy|guy|ma(le|n))s? ages (1[89]|2[0-4]) ?- ?3[01] [Uu][Ss][Aa]?[ ?]+$
^any (boy|guy|ma(le|n))s? for (talk|chat) with (fem(ale)?|girl|women) then (me?ss?a?ge?|pm|pri?va?t?e?) me$
^(boy|guy|ma(le|n))s? ages (1[89]|2[0-4]) ?- ?3[01]$
^i ?a?m (hot|(naut|horne|cut|lovel|but)y|(cut|nic|awesom)e)? ?(fem(ale)?|girl|women)$
^i ?a?m (loo?king (4|for)( a)?|into) (boy|guy|ma(le|n))s?$
^who (wann?a|would like|wishes|desire|wants) to (talk|chat) to a (hot|(naut|horne|cut|lovely|but)y|(cut|nic|awesom)e) (fem(ale)?|girl|women)[ ?]+$
^(hot|(naut|horne|cut|lovel|but)y|(cut|nic|awesom)e) (fem(ale)?|girl|women) here$

That's a lot of regex patterns. There has to be a shorter, condensed method to combat the spammers.

Mail spam filters are often thousands of similar regex matches, I don't see anything wrong with this. If anything it's not complete enough. Spam isn't an easy problem to solve; it would be nice if there was something "condensed", but the reality is that there isn't.

If you're worried about a certain type of bot, then a single regex is probably enough (I've done it several times using a single line of code). However, if you're trying to rid something of ALL spam, it takes a LOT of checks to see if its spam or not.

As the poster above me pointed out, 20 lines of code isn't nearly enough to stop all spam. Though, the code posted will probably stop quite a bit of it.