Time to do something real naughty.
no-spam will help detect these drones.
At full functionality, it will detect people sending files (it can be set to ignore certain files), private messages/notices, public messages/notices and invites.
In a hub and leaf style fasion (not eggdrop botnet hubs), the hub will sit in a channel wihout ops and cycle the channel at random times.
The hub will send a OPd leaf (set in the config file), which will then punish the offender.
On top of this, it is entirly up to you, what channels a each detection is done in, and you can set the masks used for detection.
advert mode off
As for detecting drones using CTCP messages.
Most specificaly designed span drones, have the stupid mistake (advantage for us), of replying with certain answers for VERSION and so on. These can be used to ban offenders.
This is the new home of the egghelp.org community forum.
All data has been migrated (including user logins/passwords) to a new phpBB version.
For more information, see this announcement post. Click the X in the top right-corner of this box to dismiss this message.
All data has been migrated (including user logins/passwords) to a new phpBB version.
For more information, see this announcement post. Click the X in the top right-corner of this box to dismiss this message.
Figured out why ctcp finger tcl wasnt catching spam drones
-
tttigger
ppslim,
Yes that works fine for spammers that are sitting in the channel. The kind of spammer I am talking about is a bit more complex than that.
These spammers have either an eggdrop bot or an mirc bot (not sure yet of which kind) sitting in the channel quietly. Either when a person joins or at random times it will take the nick of the person they want to spam and pass that info onto another bot sitting outside the channel. Again not sure if this bot is eggdrop or mirc either. The bot sitting outside the channel is the one acually spamming the guests/users and not the bot sitting in the channel. It use to be an eggdrop that was sitting in the channel passing nicks/hosts to the spam bot outside the channel. I know this because I used to be able to do a /ctcp #chan ERRMSG Hi and if I got a replay of Hi in return there was a very high probability that it was an eggdrop bot. 95% of the time if I banned that bot the spam would stop. Obviously the bot being banned was not an authorized channel bot. Even if the spam didn't stop (rare) I left the ban stand because there was no reason for an eggdrop that I didn't know about to be sitting in my channel.
Well the times have changed and the coders are getting smarter. I now get private messages from bots outside the channel ALL the time. They private message everything. +o, +v it doesn't matter. Why would they care because the bot is sitting outside of the channel and a +ban is useless. The relay bot sitting in the channel obviously isn't on the same host and I have not found a way to track these loosers down just yet. The spam bots change hosts on a pretty regular basis. I believe using open proxies on port 3128 maybe. Reason I say this is because the bots are almost never IDENT'd and on the network I am on (Undernet). Just about every proxy port I can think of is already banned from the irc servers.
We are having someone now come up with an idle logging script to write to a file rather than kick ilde users over 'x' amount of minutes. This log could be reviewed and we may possibly track down spammers in the channel. It is a shot in the dark but it's a start.
If you have ever come across these kinds of spammers you may have already come up with a solution. If so please let me know. I have a little bit of hair left.
Regards,
ttigger
Yes that works fine for spammers that are sitting in the channel. The kind of spammer I am talking about is a bit more complex than that.
These spammers have either an eggdrop bot or an mirc bot (not sure yet of which kind) sitting in the channel quietly. Either when a person joins or at random times it will take the nick of the person they want to spam and pass that info onto another bot sitting outside the channel. Again not sure if this bot is eggdrop or mirc either. The bot sitting outside the channel is the one acually spamming the guests/users and not the bot sitting in the channel. It use to be an eggdrop that was sitting in the channel passing nicks/hosts to the spam bot outside the channel. I know this because I used to be able to do a /ctcp #chan ERRMSG Hi and if I got a replay of Hi in return there was a very high probability that it was an eggdrop bot. 95% of the time if I banned that bot the spam would stop. Obviously the bot being banned was not an authorized channel bot. Even if the spam didn't stop (rare) I left the ban stand because there was no reason for an eggdrop that I didn't know about to be sitting in my channel.
Well the times have changed and the coders are getting smarter. I now get private messages from bots outside the channel ALL the time. They private message everything. +o, +v it doesn't matter. Why would they care because the bot is sitting outside of the channel and a +ban is useless. The relay bot sitting in the channel obviously isn't on the same host and I have not found a way to track these loosers down just yet. The spam bots change hosts on a pretty regular basis. I believe using open proxies on port 3128 maybe. Reason I say this is because the bots are almost never IDENT'd and on the network I am on (Undernet). Just about every proxy port I can think of is already banned from the irc servers.
We are having someone now come up with an idle logging script to write to a file rather than kick ilde users over 'x' amount of minutes. This log could be reviewed and we may possibly track down spammers in the channel. It is a shot in the dark but it's a start.
If you have ever come across these kinds of spammers you may have already come up with a solution. If so please let me know. I have a little bit of hair left.
Regards,
ttigger
Must be a big network to have these sorts of problems. We get spam floods or join floods now or then, which is why we have crowdcontrol script and a spam filter on channel, surprisingly enough, no-spam 
Have you thought about contacting the Admins about this problem, or perhaps taking more drastic measures. IE invite only, moderated, or perm banning prone isps?
Have you thought about contacting the Admins about this problem, or perhaps taking more drastic measures. IE invite only, moderated, or perm banning prone isps?
What he is saying, can't be covered by no-spam.
It's as simple, as me joining your channel, talking normaly, and not doing any spamming.
Yet, while I do this, I am feeding a drone the nicklist of the channel.
This drone isn't on the channel. but is messaging each person in the nicklist.
There is method of detection for this. How can you tell it was me sending the nicklist?
You can't ban them, the drone was not in the channle to begin with.
You can't prevent messages from ourside the channel, because they are being sent directly to the nicknames in the nicklist.
This is a far bigger problem than people think, and it will get worse.
Using a simalar system, to the one no-spam uses (in it's leaf-hub system), you could turn 2 bots into automated spam drones, that are practialy impossible to detect.
It's as simple, as me joining your channel, talking normaly, and not doing any spamming.
Yet, while I do this, I am feeding a drone the nicklist of the channel.
This drone isn't on the channel. but is messaging each person in the nicklist.
There is method of detection for this. How can you tell it was me sending the nicklist?
You can't ban them, the drone was not in the channle to begin with.
You can't prevent messages from ourside the channel, because they are being sent directly to the nicknames in the nicklist.
This is a far bigger problem than people think, and it will get worse.
Using a simalar system, to the one no-spam uses (in it's leaf-hub system), you could turn 2 bots into automated spam drones, that are practialy impossible to detect.
Well this comes back to the fact, "How do you know your channel users can be trusted?"
although the two bot system is an interesating way of doing it. But it still is damn iffy. Only way to prevent it is to find out who is feeding the nicklist, and since that is pratically impossible, all you can do is to ignore the spammers really. Make a script that only accepts pms from people who are on channels you are on. Or something like that.
Only way i see this is to work is by doing something on the server side TBH, and i know most networks wont do that. the spamming sheite is the whole reason why we stay off the big networks. Too much hassle all round
although the two bot system is an interesating way of doing it. But it still is damn iffy. Only way to prevent it is to find out who is feeding the nicklist, and since that is pratically impossible, all you can do is to ignore the spammers really. Make a script that only accepts pms from people who are on channels you are on. Or something like that.
Only way i see this is to work is by doing something on the server side TBH, and i know most networks wont do that. the spamming sheite is the whole reason why we stay off the big networks. Too much hassle all round