|
|
Joined: Jul 2006
Posts: 242
Fjord artisan
|
OP
Fjord artisan
Joined: Jul 2006
Posts: 242 |
Hello all,
I run a server which is attracting spammers and botnets. Any good scripts or bots that can help with this issue for me as its becoming unbearable.
Many thanks
Newbie
|
|
|
|
Joined: Feb 2003
Posts: 3,432
Hoopy frood
|
Hoopy frood
Joined: Feb 2003
Posts: 3,432 |
can you give an example about what the bots do? like text, host masks or somthing to work with? =)
if ($me != tired) { return } | else { echo -a Get a pot of coffee now $+($me,.) }
|
|
|
|
Joined: Dec 2008
Posts: 95
Babel fish
|
Babel fish
Joined: Dec 2008
Posts: 95 |
Do you do any blacklist (DroneBL, EFNet RBL, etc.) checks or open proxy scans at all? The former will certainly keep most trouble off the server. I believe BOPM allows you to do both: http://wiki.blitzed.org/BOPMFor botnets that still get through, get some regex skills to keep those off individually based on their patterns. And you will sometimes have to come up with scripts (or actual client or services bots) to detect and eliminate other things.
|
|
|
|
Joined: Aug 2006
Posts: 183
Vogon poet
|
Vogon poet
Joined: Aug 2006
Posts: 183 |
Channel protection: http://sanitarium.mircscripting.info/addons/c_floodpro.htmlIts a solid script, but may need to be modified a bit to suit your exact needs. As for the server itself, I suggest you log on to undernet, go to #mircscripting and talk with Sanitarium (or XW depending on what nick he's using). He's dealt with massive amount of flood bots and could give you some pointers.
Yar
|
|
|
|
Joined: Sep 2006
Posts: 1
Mostly harmless
|
Mostly harmless
Joined: Sep 2006
Posts: 1 |
I had a similar problem on my server a couple months back, and downloaded a mirc bot called pbot. It cleaned up my server and channels and we have our server back again. It works by a three layer protection. It scans all incoming IP's and bans the proxy ones, and as a previous poster mentions it regex checks all text and bans the spammers text, never had a false positive yet. I have tried loads of diff bots but pbot is by far the best. edit: just found the link to the bot http://mirc.net/projects.php?go=1218035463
Last edited by skool; 31/05/10 04:35 PM.
|
|
|
|
Joined: Jul 2006
Posts: 242
Fjord artisan
|
OP
Fjord artisan
Joined: Jul 2006
Posts: 242 |
Hi, thanks for all the answers.
I downloaded the bot you recommended. It really seems to be working, and is a huge help.
Anyway i can run it constantly off a server though? as my PC has to be kept on all the time now.
Thanks again.
Newbie
|
|
|
|
Joined: Oct 2003
Posts: 3,918
Hoopy frood
|
Hoopy frood
Joined: Oct 2003
Posts: 3,918 |
No. You need a dedicated machine to run this; if you're using mIRC scripts, then you need a dedicated machine with mIRC (and probably Windows).
You can get similar scripts/add-ons for your ircd that run directly on your irc server's machine, but those are not mIRC scripts, so we can't really help you there.
- argv[0] on EFnet #mIRC - "Life is a pointer to an integer without a cast"
|
|
|
|
Joined: Apr 2004
Posts: 5
Nutrimatic drinks dispenser
|
Nutrimatic drinks dispenser
Joined: Apr 2004
Posts: 5 |
I recommend using the spamfilter with some nifty regexps to catch what the bots are saying. IrCQNet was being bombarded with what we call sexbots, so I produced a set of 17 expressions that the ircops used with a tempshun to keep the spam minimalised. E.g.:
^(1[89]|2[0-4]) (fem(ale)?|girl|women) ([uU][Ss])[Aa]? , any (boy|guy|ma(le|n))s? (wann?a|would like|wishes|desire|wants) (chat|talk) , (me?ss?a?ge?|pm|pri?va?t?e?) me$ ^any (guy|boy|male)s? (((older|younger) then|above|around) (1[89]|2[0-4]))?[ ?]+$ ^Any (boy|guy|ma(le|n))s? (wann?a|would like|wishes|desire|wants) to (talk|chat) or anything else (me?ss?a?ge?|pm|pri?va?t?e?) me$ ^(y([ea]p?|es)|dah)!? (ofcourse|thats right|obviously)? ?i ?a?m (a )?(fem(ale)?|girl|women)$ ^any sexy (boy|guy|ma(le|n))s? up for a (me?ss?a?ge?|pm|pri?va?t?e?)$ ^hi (boy|guy|ma(le|n))s?! any ?(one|body) (wann?a|would like|wishes|desire|wants) to (talk|chat) to a [Uu][Ss][Aa]? (fem(ale)?|girl|women)[ ?]+$ ^(w(o(w|o(hoo|w)?)|aaaa?)|yooo) i ?a?m bored , any (boy|guy|ma(le|n))s?[ ?]+$ ^[Ii] ?a?m (even|obviously) (a )?(hot|(naut|horne|cut|lovel|but)y|(cut|nic|awesom)e) (fem(ale)?|girl|women)$ ^(boy|guy|ma(le|n))s? with (cool|new|live)?( ?weby?)? ?cam(era)? ? here[ ?]+$ ^(boy|guy|ma(le|n))s?[ ?]+ (me?ss?a?ge?|pm|pri?va?t?e?) me$ ^single (boy|guy|ma(le|n))s? ages (1[89]|2[0-4]) ?- ?3[01] [Uu][Ss][Aa]?[ ?]+$ ^any (boy|guy|ma(le|n))s? for (talk|chat) with (fem(ale)?|girl|women) then (me?ss?a?ge?|pm|pri?va?t?e?) me$ ^(boy|guy|ma(le|n))s? ages (1[89]|2[0-4]) ?- ?3[01]$ ^i ?a?m (hot|(naut|horne|cut|lovel|but)y|(cut|nic|awesom)e)? ?(fem(ale)?|girl|women)$ ^i ?a?m (loo?king (4|for)( a)?|into) (boy|guy|ma(le|n))s?$ ^who (wann?a|would like|wishes|desire|wants) to (talk|chat) to a (hot|(naut|horne|cut|lovely|but)y|(cut|nic|awesom)e) (fem(ale)?|girl|women)[ ?]+$ ^(hot|(naut|horne|cut|lovel|but)y|(cut|nic|awesom)e) (fem(ale)?|girl|women) here$
|
|
|
|
Joined: Jul 2007
Posts: 1,129
Hoopy frood
|
Hoopy frood
Joined: Jul 2007
Posts: 1,129 |
That's a lot of regex patterns. There has to be a shorter, condensed method to combat the spammers.
|
|
|
|
Joined: Oct 2003
Posts: 3,918
Hoopy frood
|
Hoopy frood
Joined: Oct 2003
Posts: 3,918 |
Mail spam filters are often thousands of similar regex matches, I don't see anything wrong with this. If anything it's not complete enough. Spam isn't an easy problem to solve; it would be nice if there was something "condensed", but the reality is that there isn't.
- argv[0] on EFnet #mIRC - "Life is a pointer to an integer without a cast"
|
|
|
|
Joined: Aug 2006
Posts: 183
Vogon poet
|
Vogon poet
Joined: Aug 2006
Posts: 183 |
That's a lot of regex patterns. There has to be a shorter, condensed method to combat the spammers. If you're worried about a certain type of bot, then a single regex is probably enough (I've done it several times using a single line of code). However, if you're trying to rid something of ALL spam, it takes a LOT of checks to see if its spam or not. As the poster above me pointed out, 20 lines of code isn't nearly enough to stop all spam. Though, the code posted will probably stop quite a bit of it.
Yar
|
|
|
|
|
|