mIRC Homepage

bad identh

Posted By: Garou

bad identh - 21/09/07 01:45 AM

I have these notice flooders using random identh like this:
Any script to ban those?

[07:16] * Parts: shake`it (~f3o015oo@24.96.132.143):
[07:16] * Parts: Denying` (~kxx7199kk@24.96.132.143):
[07:16] * Parts: HiGh-TiLL-I-DiE3754 (~b228@24.96.132.143):
[07:16] * Parts: s[e]x (~n193h6388@24.96.132.143):
[07:16] * Parts: ViolinistUSA7328 (~b94947m@24.96.132.143):
[07:16] * Parts: dreamrose2375 (~sw9515918@24.96.132.143):
[07:16] * Parts: Telecom^Engineer1133 (~vl33l2@24.96.132.143):
Posted By: Bekar

Re: bad identh - 21/09/07 02:05 AM

In this particular instance, you could ban the host (*!*@24.96.132.143), or all non-idented users (*!~*@*).
Posted By: Garou

Re: bad identh - 21/09/07 02:08 AM

Yes I did ban that ip but they come back with diff ip but always with those same kind of identh.
Is it possible to ban random identh or identh with numbers in it on join?
Posted By: Garou

Re: bad identh - 21/09/07 03:00 AM

Can my random nick kick be edited to kick bad identh?

Code:
 on @*:JOIN:#:{
  if (($israndom($nick)) && (%consonant == on)) { ban -ku600 # $nick 2 14Random Nick Detected }
}

alias -l israndom {
  var %nr = 1, %count
  while ($mid($1,%nr,1)) { 
    if ($v1 isletter bcdfghjklmnpqrstvwxz) {
      inc %count
      if (%count >= 5) { return $true }
    }
    else { var %count = 0 }
    inc %nr
  }
  return $false
}
 
Posted By: Riamus2

Re: bad identh - 21/09/07 04:14 AM

There may be a better way to do this, but you could set your script in an on JOIN event to count the number of numbers in the ident and if it has 3+ numbers in a row, ban the person. It may catch legitimate people as well, but it's hard to avoid since there doesn't seem to be a lot in common with those. I'm guessing regex is the best way to do that.
Posted By: Garou

Re: bad identh - 21/09/07 06:18 AM

ok Riamus2 thx, hope someone have time code it thx.
Posted By: Thrull

Re: bad identh - 21/09/07 09:20 AM

Regex is indeed the best way to do that. However, I'd need a lot more addresses to text it out on. With the limited number from above, I'm very hesitant that I'd be able to ban 100% of the bots like that.

Instead, I'd suggest a clone checker for the channel.

Code:
on @*:JOIN:#: {
 var %clonemask = $address($nick,2)
 if  $ialchan(%clonemask,$chan,0) > 2 {
  mode $chan +b %clonemask
  var %i = 1
  while $ial(%clonemask,%i).nick != $null {
  if $ial(%clonemask,%i).nick ison $chan {  kick $chan $ial(%clonemask,%i).nick }
   inc %i
  }
 }
}


If someone comes on and then that person has two clones come on, it'll trigger the script to ban all the clones from that ISP.

If you give me more data (as much as you have, preferably) I can write a tighter Regex and ban them that way instead.
Posted By: Garou

Re: bad identh - 21/09/07 01:30 PM

We have lost of cafe users on our channel will that not ban them also? cause some cafe we can get up to 8 clones.
Posted By: noMen

Re: bad identh - 21/09/07 02:20 PM

How many of those flooders join in lets say 3 seconds?
Posted By: Riamus2

Re: bad identh - 21/09/07 03:11 PM

Yeah, as noMen said, you can ban based of how many join at once... the danger of that being netsplits. I'd still recommend a regex method. Just give Thrull as many idents as you have so he has something to work with.
Posted By: Garou

Re: bad identh - 21/09/07 03:36 PM

6 to 8 join at the same time.
Posted By: noMen

Re: bad identh - 21/09/07 03:53 PM

Here's a suggestion. I combined it with Thrull's clonekicker.

Code:
on !@*:JOIN:#:{
  if ($regex($gettok($address($nick, 0), 1, 64), /[0-9]/g) >= 3) && ($isflood(joinfl. [ $+ [ $chan ] $+ [ $wildsite ] ], 6, 3, 1)) { 
    ban -ku600 # $nick 2 14Random Nick Detected 
    kickclones $address($nick, 2)
  }
}

alias isflood {
  if (!$3) return
  var %v = $chr(37) $+ isflood. $+ $1
  if !$(%v,2) {
    set $(-u $+ $3,2) $(%v,1) 1 
  }
  else {
    inc $(%v,1)
  }
  if $(%v,2) >= $2 {
    if ($4) {
      unset $(%v,1)
    }
    return $true
  }
  return $false
}

alias kickclones {
 var %clonemask = $1
 if  $ialchan(%clonemask,$chan,0) > 2 {
  mode $chan +b %clonemask
  var %i = 1
  while $ial(%clonemask,%i).nick != $null {
  if $ial(%clonemask,%i).nick ison $chan {  kick $chan $ial(%clonemask,%i).nick }
   inc %i
  }
 }
}


This code does the following
- it counts the number of ciphers in the identity of the joiner's address ($regex)
- it also counts the number of joins with the same wildsite in a partical channel ($isflood)
- if there are 3 or more ciphers in the address and there are 6 or more of such joins within 3 seconds, it will kick/ban the joiner plus its clones that already had joined

I couldn't test this completely of course, but I tested the $regex and the $isflood separately. Ehm ... Thrull is responsible for the clone kick smile but it looks perfect to me.

Btw, Thrull, Riamus, does mIRC known some kind of identifier to retrive the identity without having to use $gettok? I couldn't find one in the help ...

O, Garou, you can change the 6 and the 3 in $isflood, but leave the 1 as a third parameter!
Posted By: Garou

Re: bad identh - 21/09/07 04:27 PM

that should work great, cool thx guys.
Posted By: Thrull

Re: bad identh - 22/09/07 12:46 AM

Quote:
Btw, Thrull, Riamus, does mIRC known some kind of identifier to retrive the identity without having to use $gettok? I couldn't find one in the help ...


Sadly no. Or if it does, it isn't documented that I know of.
Posted By: deegee

Re: bad identh - 22/09/07 12:52 AM

Originally Posted By: noMen
Btw, Thrull, Riamus, does mIRC known some kind of identifier to retrive the identity without having to use $gettok? I couldn't find one in the help ...


$ial($nick).user
Posted By: Thrull

Re: bad identh - 22/09/07 01:01 AM

Well, yes and no. $ial($nick).user looks at your entire IAL. It doesn't look at a specific channel, which is problematic. This can be scripted around (as I did in my code above), but it is a bit annoying to have to do it that way.
Posted By: deegee

Re: bad identh - 22/09/07 01:07 AM

It's no problem. There can only be one user with a particular nick online at any one time.
Provided <NICK> (and you of course) is on #CHAN, $ial(<NICK>) will always be the same as $ialchan(<NICK>!*@*,#CHAN,1)

Posted By: Thrull

Re: bad identh - 22/09/07 01:33 AM

Ah, yes indeed, you are correct. My apologies. I was answering a question that wasn't asked. smile
Posted By: Garou

Re: bad identh - 22/09/07 06:50 AM

How about using Regex when they join with nicks like this exemple here?

M_2728816
c_8576494
h_3018346
k_5134810
y_9942033

and
`M_2728816
`c_8576494





Posted By: Riamus2

Re: bad identh - 22/09/07 01:58 PM

I don't know regex very well other than to be able to figure out what smaller ones do by looking at them, but here's a non-regex solution for that one.

Code:
if ($right($nick,7) isnum && $mid($nick,-8,1) == _) { ban here }


EDIT:
Well, here's a possible regex solution. I've never made a working regex before, but this seems to work. I'm sure it can be improved, and I'm hoping someone can do so so that I can learn it better. smile

Code:
$regex($nick,/^`?[a-zA-Z]_[0-9]{7}$/)


That will match nicks that have any number of a-z, A-Z, and ` characters followed by a _ and then 6 numbers.

EDIT: I counted the number of numbers wrong. Both examples are changed.

EDIT2: Fixed the regex thanks to help from qwerty-.
Posted By: Garou

Re: bad identh - 22/09/07 03:01 PM

My apologies Riamus2 for posting a new post i just tought I was supose to.
Posted By: Riamus2

Re: bad identh - 22/09/07 04:57 PM

You can make a new post for a new topic, but just don't post the same thing in two locations. That makes people respond to one and not the other and then either you miss a good response or else others repeat what was already said and waste time because of it. Anyhow, you can try the 2 methods I gave you.
© 2019 mIRC Discussion Forums