This is the new home of the egghelp.org community forum.
All data has been migrated (including user logins/passwords) to a new phpBB version.


For more information, see this announcement post. Click the X in the top right-corner of this box to dismiss this message.

Removing Spamming bots with strange nicks

Old posts that have not been replied to for several years.
c
cheesegoduk

Removing Spamming bots with strange nicks

Post by cheesegoduk »

Hello
I currently have a bot that sits about in a channel I am an operator in that I op during the day when I am the only op about, Or if trouble happens, eg botfloods. So far its proved to be quiet effective at removing most troublemakers we have had and its help keep peace in the channel

However of late we have come across a new type of attacking bot, A user signs on with a random nick for example xeohdkysm or hedcoikpl Instead of joining the channel all at once, they join about 30 seconds after each other. However they don't really do any damage apart from just sitting there idling and when one parts, Another user joins a few seconds after.
I was wondering if there was a .tcl script anywhere that would pick up these random nicks and kickban the user. Other than putting +i on the channel I can think of no otherway of removing these bots unless the person who controls the botnet gets bored(or a life) and stops.

Thanks for your help
Cheesegoduk
p
ppslim
Revered One
Posts: 3914
Joined: Sun Sep 23, 2001 8:00 pm
Location: Liverpool, England

Post by ppslim »

You must see the inherant problems with this.

To a bot, all nicknames look random.

To a bot, user A could be perfectly normal, but B is one of those spamming bots. All eggdrop knows is that user A isn't user B

Just the same way you can't tell the hair colour of the person you are speaking to on a phone (provided you don't allready know :) ), eggdrop doesn't know unless it is told.

While Tcl scripts could be created to teckle the problem, they would be over complex and would not work right off.

Alternatives include building a list of known users (IE, the userlist). You can then kick all users that join and idle for periods of time, ignoring those that are in the userlist.
User avatar
Dedan
Master
Posts: 260
Joined: Wed Jul 09, 2003 10:50 pm
Location: Memphis

Post by Dedan »

this is not a fix, but if you set the room +R with
a timer that would unset it in 30 minutes,
might help you until you find a better solution.
I once was an intelligent young man, now i am old and i can not remember who i was.
User avatar
Sir_Fz
Revered One
Posts: 3794
Joined: Sun Apr 27, 2003 3:10 pm
Location: Lebanon
Contact:

Post by Sir_Fz »

ppslim's solution is very good actually. if u collect all their hosts, u can get rid of them.

anyway, in irc there is a script which bans on random nicks, I don't know if it can be done using tcl (bu I think it can).
its like this (in mIRC) : if ( a !isin $nick ) && ( e !isin $nick ) && ( i !isin $nick ) && ( o !isin $nick ) && ( u !isin $nick ) && ( $asc($left($nick,3)) !isnum 65-97 ) && ( _ !isin $nick ) && ( ^ !isin $nick ) && ( - !isin $nick ) && ( 200 !isin $nick ) && ( ` !isin $nick ) && ($len($nick) > 3) && ( $mid($nick,1,1) != $mid($nick,2,1) ) && ( $mid($nick,1,1) != $mid($nick,3,1) ) && ( $right($nick,1) !isnum 0-9 ) && ( $asc($left($nick,1)) != 123 ) && ($nick != wyld)
User avatar
Dedan
Master
Posts: 260
Joined: Wed Jul 09, 2003 10:50 pm
Location: Memphis

Post by Dedan »

&& that's alot of &&'s
I once was an intelligent young man, now i am old and i can not remember who i was.
User avatar
caesar
Mint Rubber
Posts: 3778
Joined: Sun Oct 14, 2001 8:00 pm
Location: Mint Factory

Post by caesar »

Well, I've did a lil forum search cos I've remembered I've noticed something about the random nicks and stuff and found something interesting, this post. Have a look on/over it, maybe it helps. Funny thing is that you and Sir_Fz (among with oters) replied to it.. ;)
Once the game is over, the king and the pawn go back in the same box.
User avatar
Sir_Fz
Revered One
Posts: 3794
Joined: Sun Apr 27, 2003 3:10 pm
Location: Lebanon
Contact:

Post by Sir_Fz »

lol yeah, but that regexp works for only one type of nicks.
and yeah I know we can do a regexp like the mirc code i posted above. even though I've read ppslim's post about regexpr in the TCL faq forum, still i don't have experiance or scripts to learn on...

so if u or somebody else can create a regexpr as the mirc code I mentioned above, it would realy be cool.
p
ppslim
Revered One
Posts: 3914
Joined: Sun Sep 23, 2001 8:00 pm
Location: Liverpool, England

Post by ppslim »

First off, see the mirc forums, they have some greate people doing regexp work there.

Second, what is your above code supposed to do?

Due to all the &&'s, every single one of the tests must equal 1, otherwise the end result is 0.

I have placed a small test into my mIRC client, and I managed to come out with nicknames that would fail some, and some that would pass all.

Thus your code is confusing, and it does both false posatives and failure to detect.
User avatar
Sir_Fz
Revered One
Posts: 3794
Joined: Sun Apr 27, 2003 3:10 pm
Location: Lebanon
Contact:

Post by Sir_Fz »

yeah. but with me, the probability for it to fail is 1/100. as all the nicks that I kick using this code are random and they are spammers or flooders.
T
TsT
Voice
Posts: 16
Joined: Tue Mar 04, 2003 11:03 am
Location: Strasbourg, France
Contact:

Post by TsT »

Sir_Fz wrote:ppslim's solution is very good actually. if u collect all their hosts, u can get rid of them.

anyway, in irc there is a script which bans on random nicks, I don't know if it can be done using tcl (bu I think it can).
its like this (in mIRC) : if ( a !isin $nick ) && ( e !isin $nick ) && ( i !isin $nick ) && ( o !isin $nick ) && ( u !isin $nick ) && ( $asc($left($nick,3)) !isnum 65-97 ) && ( _ !isin $nick ) && ( ^ !isin $nick ) && ( - !isin $nick ) && ( 200 !isin $nick ) && ( ` !isin $nick ) && ($len($nick) > 3) && ( $mid($nick,1,1) != $mid($nick,2,1) ) && ( $mid($nick,1,1) != $mid($nick,3,1) ) && ( $right($nick,1) !isnum 0-9 ) && ( $asc($left($nick,1)) != 123 ) && ($nick != wyld)
if ( a !isin $nick ) && ( e !isin $nick ) && ( i !isin $nick ) && ( o !isin $nick ) && ( u !isin $nick ) && ( _ !isin $nick ) && ( ^ !isin $nick ) && ( - !isin $nick ) && ( ` !isin $nick ) &&
( $right($nick,1) !isnum 0-9 ) &&
($len($nick) > 3) &&


=> in tcl:

Code: Select all

if {[regexp {^[^aeioui_^-`]+$} $nick] \
	&& [regexp {[^0-9]?$} $nick] \
	&& ([string length $nick] > 3)} {...}
?? ( $asc($left($nick,3)) !isnum 65-97 )
?? really ?
?! ( 200 !isin $nick )
like *200* ?
?? ( $mid($nick,1,1) != $mid($nick,2,1) ) && ( $mid($nick,1,1) != $mid($nick,3,1) )
mid ?
?! ( $asc($left($nick,1)) != 123 )
asc(123) = S ?
?! ($nick != wyld)
too simple... lol!
User avatar
Sir_Fz
Revered One
Posts: 3794
Joined: Sun Apr 27, 2003 3:10 pm
Location: Lebanon
Contact:

Post by Sir_Fz »

okay thanx :)
a person can learn it by readin this post :P
User avatar
z_one
Master
Posts: 269
Joined: Mon Jan 14, 2002 8:00 pm
Location: Canada

Post by z_one »

TsT wrote

Code: Select all

if {[regexp {^[^aeioui_^-`]+$} $nick] \ 
   && [regexp {[^0-9]?$} $nick] \ 
   && ([string length $nick] > 3)} {...} 
Isn't the vowel "i" mentioned twice in that code ? Isn't "y" also a vowel and shouldn't be included ?
Shouldn't the code be:

Code: Select all

if {[regexp {^[^aeiouy_^-`]+$} $nick] \ 
   && [regexp {[^0-9]?$} $nick] \ 
   && ([string length $nick] > 3)} {...} 
User avatar
Sir_Fz
Revered One
Posts: 3794
Joined: Sun Apr 27, 2003 3:10 pm
Location: Lebanon
Contact:

Post by Sir_Fz »

ur right about the i, but not the y.
so I guess it should be like this:
if {[regexp {^[^aeiou_^-`]+$} $nick] \
&& [regexp {[^0-9]?$} $nick] \
&& ([string length $nick] > 3)} {...}
(based on the IRC code i have mentioned.)
User avatar
user
 
Posts: 1452
Joined: Tue Mar 18, 2003 9:58 pm
Location: Norway

Post by user »

Here's a great idea which i'm about to patent:
Look the nick up in a dictionary. If not found; kick the person telling them to correct the spelling error.

Seriously though...
Have you tried using soundex? I think it would work much better than just relying on the random string not containing certain chars. I suggest using a soundex "dictionary", a list or array of soundexes based on the words from a real dictionary + common names. This dictionary could then be searched to see if the soundex of a nick == some existing word's soundex, which should weed out most random strings.

Then you could have a mechanism for re-entering the room that you tell about in the kick reason, so those not meant to be kicked can rejoin. (a /msg command or what ever)

This is of course just theory and fairly cpu/memory intensive stuff, but IMO worth a try :)
User avatar
Sir_Fz
Revered One
Posts: 3794
Joined: Sun Apr 27, 2003 3:10 pm
Location: Lebanon
Contact:

Post by Sir_Fz »

yeah, that's not a bad idea. but still there are some nicks that are not in a dictionary (as have no meaning), so it might be more messy than the regexp mentioned.
Locked