Forums General Discussion Server Bans on AOL Users

First off, a good hello to all, as I have just joined this community.

I moderate a chat room via mIRC, which has provided great flexibility for administrative functions. Recently we have had a significant problem at our channel with troublesome AOL & Yahoo users having been banned and continuing to slip under the radar. I've been told that, at least in the case of AOL, it's virtually impossible to server ban as it essentially bans anyone using AOL. Does anyone know of a more precise way to zero in on a single such persona non grata? Any feedback would be very appreciated.

AOL is troublesome indeed. I've never seen yahoo users been a pain, but there is a first time for everything. Since AOL uses that IP masking thing, it gets hard to ban a single user. I've seen many ppl setting a ban on *!*@*.ipt.aol.com because they couldn't figure out another way out. Using userid's is a good way, but that can be easily changed. It usually works for those who don't reconnect.

I don't know if this will help you, but the page Cyber Abuse.org (so as many others) has a Whois server, which narrows the alphanumeric IPs down to numeric ones.
Eg:AC8F6.ipt.aol.com == 66.43.95.255 (IP's are made up)

It this case you can try and set a more efficient ban, although those can also be evaded.

Let's just hope AOL changes management and gets that IP masking off.

Greetings,
Zyzzyx

Welcome to the board

In addition to the above full name fields tend also not to be changed as often as nicknames, identds and indeed, hostnames. Most networks do not have a mode char to ban the full name field, although you might ask in your network's #help channel and see if they do.

You can use a fairly simple script to detect the full name field in the /whois, and then kick someone out based on that. Something like the following should work:

on @*:join:#channel:{ whois $nick }

raw 311:*:{
if (*[color:red]whatever* iswm $6-) {
var %i = $comchan($2,0)
while (%i) { if ($me isop $comchan($2,%i)) { ban -k $v2 $2 Naughty ban evader } |
dec %i }
}
}[/color]

So next time you see this particularly abusive user, /whois them, find out what their full name is, and then change *whatever* to something that matches that full name.

Really, if someone is absolutely intent on getting round a ban, and have a dynamic IP such as that AOL provide their customers, it's impossible to keep someone out (except banning all of AOL).

Regards,

It's not really a mask, it is the actual IP address converted to a code written in HEX though the format used by my ISP is probably a better one for room hosts where it simply contains CPE-147-10-19-2.nsw.bigpond.net.au - with the full IP (falsified in this case) and a a part of the hostname dedicated to a geographic location (the bit in brown) makes life much easier.

As for AO-Hell, *!*@ACBF09*.ipt.aol.com would assist when banning a ban evader.

Thanks for the lesson, Watchdog HEX isn't within my small brench of knowledge, but I'm guessing it's some kind of encryption code/format.

One question though: why would *!*@ACBF09*.ipt.aol.com ban the evader?

There's 8 characters in that part of the hostname, each pair represents one octet in the IP address. Banning what represents the last octet gives you a c class ban. I've never actually tested this theory but I've used it and it seems to work. One can only try ay. All the best.

Late mail:

I just played around with some DNS lookups on AO Hell hostnames and it seems that the HEX coding does relate directly to each octet in the users IP address so the above banning method should work in many cases. The thing with dynamic IPs is that the third octet as well as the fourth can sometimes change too (ie: when the luser that got banned redialls). The method used by AO Hell to generate hostnames is not really helpful as ultimately you will end up banning more people than who deserve it, but then again not all your users will be on that ISP so it may not necessarily be a concern.

Oh, I see... llike banning 200.255.255.* Just know that you mentioned that I realized that there were 8 chars in AOL's IPs :P

Thanks

Yeppers.

Aol mask is in fact the same as mIRC $longip( ) in Hexadecimal (base 16).

EX.:
ACCB60EB.ipt.aol.com

ip: 172.203.96.235

Longip: 2899009771

See: /help $base

Hmmm.... *thinks hard*

(Taken from the help file)
$base(N,inbase,outbase,zeropad,precision)
Converts number N from inbase to outbase. The last two parameters are optional.

$base(15,10,16) returns F
$base(1.5,10,16) returns 1.8
$base(2,10,16,3) returns 002

I tried over here a few times, changing the 16 from inbase to outbase and back. This is the order I got for converting one into another:

Data: ACCB60EB.ipt.aol.com
- $base(ACCB60EB,16,10) = 2899009771
- $longip(2899009771) = 172.203.96.235

For the reverse operation:
Data: 172.203.96.235
- $longip(172.203.96.235) = 2899009771
- $base(2899009771,10,16) = ACCB60EB

This is quite interesting I wonder one thing... what is that 10, necessary in both $base's? I tried using 10 because it was present in all examples of the help file.

Another thing: is the $longip always 10 chars lenght? --> $len(28990097710) = 10

Zyzzyx

PS: also I couldn't figure out exaclty what $base is :P

You could type /dns nickname and get their IP, then ban *!*@X.X.X.* where the X's are the actual numbers within it. This will ban a small percentage of the population of AOL users and should keep your charmer out.

This works on most IRCds though I cannot confirm them all.

Edit: Nevermind, Watchdog's way is better. It's essentially the same anyway.

octodecimal => base(8)
decimal => base(10)
hexadecimal => base(16)

$base(number,10,16)
change a decimal number into hexadecimal

$base(number,16,10)
change a hexadecimal number into decimal

longip is calculated as follows:

ip: ddd.ccc.bbb.aaa

a + (b * 2^8) + (c * 2^16) + (d * 2^24)

it's just octal, octodecimal would be something like base 18

The numbers in base just represent the number of different digits you can have before needing double digits (ie 10)

binary: 0, 1, 10 -> 2
octal: 0, 1, 2, 3, 4, 5, 6, 7, 10 -> 8
decimal: 0, 1, 2, 3, 4, 5, 6, 7, 8, 9, 10 -> 10
hexadecimal: 0, 1, 2, 3, 4, 5, 6, 7, 8, 9, A, B, C, D, E, F, 10 -> 16 (0x10 hex means 16 in decimal)

Ohh.. nice.. I knew maths would make sence someday :P

Thanks you four for the IP lesson!

Greetings,
Zyzzyx.

Kelder - Of course you're right :-))

Zyzzyx26 - You're welcome

Thanks so much for all the fabulous brainstorming! I'll be sure to put this information to the test. So many things to learn...I'll definitely remember this board next time I find myself at a loss!

Thanks again for your input, everyone...