get tor proxys from website and put them in blacklist...

sdays · Post by **sdays** » Tue Mar 06, 2007 2:56 am

Hi all i need a script that gets the proxys from http://proxy.org/tor.shtml and i want it blacklist in /db/blacklist.txt
i need this script a spammer that use tor proxys wont go away and this is the only way so please help thanks.

rosc2112 · Post by **rosc2112** » Tue Mar 06, 2007 6:03 am

Question: Does the spammer show an ip or a hostname (need to know whether hostnames need to be reverse-resolved into ip for checking against the list.)

sdays · Post by **sdays** » Tue Mar 06, 2007 6:30 am

Both ip and hostname, tor proxys has hostnames and some dont...

* g695239 (~7HX8EW@69.55.232.152) has joined
* g695239 was kicked by Evi1Bot (drone)
* Evi1Bot sets mode: +b *!*@69.55.232.152
* c273508 (~3o3@c-24-21-172-176.hsd1.mn.comcast.net) has joined
* c273508 was kicked by Evi1Bot (drone)
* Evi1Bot sets mode: +b *!*@c-24-21-172-176.hsd1.mn.comcast.net

all the proxys he use comes from http://proxy.org/tor.shtml thats why i need the bot go to the website and put all of them in the blacklist perm

Callisto · Post by **Callisto** » Tue Mar 06, 2007 11:16 am

A search for tor detection or just tor on the forum would have found you this post
http://forum.egghelp.org/viewtopic.php? ... highlight=

however if the network uses any form of hostmasking then you cant really use a dnsbl search script.

Good luck

sdays · Post by **sdays** » Tue Mar 06, 2007 6:37 pm

he has to many tor proxys i tryed.

Callisto · Post by **Callisto** » Tue Mar 06, 2007 7:06 pm

sdays wrote:he has to many tor proxys i tryed.

you tried what? tor proxies dnsbl's are pretty well up to date. I used just 1 that you listed and got this result.
OpmLongshanks check c-24-21-172-176.hsd1.mn.comcast.net
[22:50:45] <OpmLongshanks> CHECK -> Checking '24.21.172.176' for open proxies []
[22:50:45] <OpmLongshanks> CHECK -> DNSBL -> 24.21.172.176 does not appear in BL zone dnsbl.njabl.org
[22:50:45] <OpmLongshanks> CHECK -> DNSBL -> 24.21.172.176 does not appear in BL zone opm.blitzed.org
[22:50:45] <OpmLongshanks> CHECK -> DNSBL -> 24.21.172.176 appears in BL zone tor.dnsbl.sectoor.de (Tor exit server)
[22:50:45] <OpmLongshanks> CHECK -> All tests on 24.21.172.176 completed.

Check at http://jamesoff.net/site/projects/eggdr ... roxycheck/

And
http://www.sectoor.de/tor.php#en-usage

rosc2112 · Post by **rosc2112** » Tue Mar 06, 2007 7:35 pm

I tested the proxycheck script too, seems like it worked to me (ip changed to protect the innocent =) :

[theentity(dcc)] [18:22] proxycheck: doing dns lookup on plns-pppoe.dsl.plns. to get IP

[theentity(dcc)] [18:22] proxycheck: plns-pppoe.dsl.plns. resolves to x.x.x.x.

[theentity(dcc)] [18:22] proxycheck: looking up x.x.x.x in torserver.tor.dnsbl.sectoor.de

[theentity(dcc)] [18:22] x.x.x.x not found in torserver.tor.dnsbl.sectoor.de

[theentity(dcc)] [18:22] proxycheck: looking up x.x.x.x in cbl.abuseat.org

[theentity(dcc)] [18:22] x.x.x.x not found in cbl.abuseat.org

[theentity(dcc)] [18:22] proxycheck: looking up x.x.x.x in opm.blitzed.org

[theentity(dcc)] [18:22] x.x.x.x not found in opm.blitzed.org

[theentity(dcc)] [18:22] proxycheck: looking up x.x.x.x in dnsbl.ahbl.org

[theentity(dcc)] [18:22] x.x.x.x not found in dnsbl.ahbl.org

I put some putcmdlog lines into the script to see the above actions/results.. I used this in the proxycheck config:

set proxycheck_rbls { "torserver.tor.dnsbl.sectoor.de" "cbl.abuseat.org" "opm.blitzed.org" "dnsbl.ahbl.org" }

If those dnsbl's don't work for you, google TOR dnsbl, there are others to pick from. All you need is a dnsbl to use the proxycheck script.

Post by **nml375** » Tue Mar 06, 2007 7:56 pm

I too would say using dnsbl lookups is the way togo..
By merely looking at the source of the page you wished to mine, makes it pretty obvious the author has no intention on making it easy for ppl to use some automated mining tool (inserting ramdom comments, switching between plain-text and &nnn;-style for each digit and decimal, etc).
Although converting these into something usable should'nt be that hard, it surely indicates the service-provider don't want ppl mining it, and is prepared to do quite alot to prevent ppl from doing it...

Besides, dnsbl is pretty standardized these days.

rosc2112 · Post by **rosc2112** » Wed Mar 07, 2007 1:55 am

nml375 wrote:Although converting these into something usable should'nt be that hard, it surely indicates the service-provider don't want ppl mining it, and is prepared to do quite alot to prevent ppl from doing it...
Besides, dnsbl is pretty standardized these days.

In their defense, they do provide an .htaccess formatted file, but, why bother making a new script when dnsbl+proxyscan will do the job infinitely faster than any other method I could think of? I was thinking of pulling the data from the htaccess file, then using lsearch, but dnsbl is super-fast and there's many of em to pick from.

I use several dnsbl's for my sendmail config, works quite well.</offtopic>

silverboy · Post by **silverboy** » Wed Mar 07, 2007 1:56 am

ban ?1*!~*@* ?2*!~*@* ?3*!~*@* ?4*!~*@* ?4*!~*@* ?5*!~*@* ?6*!~*@* ?7*!~*@* ?8*!~*@* ?9*!~*@* and no nicks like that will join your channel.

if ur doin it the other way eggdrop is damn slower.!

rosc2112 · Post by **rosc2112** » Wed Mar 07, 2007 2:26 am

silverboy wrote:if ur doin it the other way eggdrop is damn slower.!

proxyscan.tcl looked pretty fast to me.. Anyone care to use [time] on it and find out exactly how many milliseconds it takes to get the info from a half dozen dnsbl's with it? If I had to guess, I'd say it took maybe 1/100th of a sec to look up the test IP I tried in the 5 dnsbl's..

Of course, there's always the possibility that one of the dnsbl servers doesn't respond immediately, and I already deleted the proxyscan script, so I dont know offhand if/how it handles timeouts.

Considering that it does the query in 1 one proc and handles the response in a separate proc, I don't see any reason it would lag the bot. I suppose the join bind might lag the bot if the channel is extremely busy, but dnsbl lookups as done in proxyscan.tcl is a damn sight faster than the method I had in mind =)

silverboy · Post by **silverboy** » Thu Mar 08, 2007 2:13 am

does the Proxyscan.tcl detec Socks4 as well?

where can i get to download this one.

rosc2112 · Post by **rosc2112** » Thu Mar 08, 2007 3:09 pm

If there is a sock4 dnsbl, sure.. Try google searching for "socks4 dnsbl" and the link for proxyscan was posted in this thread, or just search the tcl archive for proxyscan, it's in the archive.

silverboy · Post by **silverboy** » Fri Mar 09, 2007 11:01 pm

Code: Select all

  variable banport "1080,1081,3380,3381" ;# Most commen port list

it does kick. socks 4 common port = 1080
or does it only kick this port list? if so can i add some more ports to it...

between the tcl sends warning to the users via NOTICE, how to disable this?

shud i remove these lines?

Code: Select all

   putserv "NOTICE $nick :$warnmsg"

rosc2112 · Post by **rosc2112** » Sat Mar 10, 2007 1:29 am

If the variable banport is in the proxycheck script, yes you can add more to it, I dont have the script any longer to look at it, and for your 2nd question, yes you can comment out the putserv line or delete if you prefer to stop sending kick notices to the users.