Need some kind of anti-proxy script. (have tried many)

nsrafk · Post by **nsrafk** » Sun Jun 03, 2007 6:10 pm

Hi.

Im in deeply need of a anti-proxy/trojan script. I've tried a couple of different ones, but nothing seems to work these days since the scripts is from 2003-2004. Can't seem to find any up-to-date ones. If anybody would be able to help me getting an actually working script, i'd be happy!
And for the record, yes i have tried the two in the tcl archive.

Thanks!

Post by **Sir_Fz** » Sun Jun 03, 2007 6:17 pm

What have changed since 2003-2004? It's still the same, if the port is open then it's a proxy...

nsrafk · Post by **nsrafk** » Sun Jun 03, 2007 6:35 pm

Code: Select all

# open proxy checker for eggdrop
# (c) James Seward 2003/4
# version 1.0

# http://www.jamesoff.net/projects/eggdrop
# james@jamesoff.net

# Released under the GPL

## INSTRUCTIONS
###############################################################################

# This script will check the hosts of people joining channels against one or
# RBLs. Choose your RBLs wisely, some of them list DIALUP SPACE and that would
# be a bad thing to be matching your IRC users against :P
#
# Enable the 'proxycheck' flag for channels you want the script active on
# --> .chanset #somechannel +proxycheck
#
# Users who are +o, +v, or +f in your bot (local or global) won't be checked.
#
# Turn on console level d on the partyline to see some debug from the script
# --> .console +d (to enable)
# --> .console -d (to disable)

## CONFIG
###############################################################################

# space-separated list of RBLs to look in
set proxycheck_rbls { "cbl.abuseat.org" "opm.blitzed.org" "dnsbl.ahbl.org" }

# time in minutes to ban for
set proxycheck_bantime 15

# stop editing here unless you're TCL-proof



## CODE
###############################################################################

#add our channel flag
setudef flag proxycheck

#bind our events
bind join - *!*@* proxycheck_join

#swing your pants

# catch joins
proc proxycheck_join { nick host handle channel } {
  #check we're active
  if {![channel get $channel proxycheck]} {
    return 0
  }

  #don't apply to friends, voices, ops
  if {[matchattr $handle fov|fov $channel]} {
    return 0
  }

  #get the actual host
  regexp ".+@(.+)" $host matches newhost
  if [regexp {[0-9]{1,3}.[0-9]{1,3}.[0-9]{1,3}.[0-9]{1,3}$} $newhost] {
    #it's a numeric host, skip the lookup
    proxycheck_check2 $newhost $newhost 1 $nick $newhost $channel
  } else {
    putloglev d * "proxycheck: doing dns lookup on $newhost to get IP"
    dnslookup $newhost proxycheck_check2 $nick $newhost $channel
  }
}

# first callback (runs RBL checks)
proc proxycheck_check2 { ip host status nick orighost channel } {
  global proxycheck_rbls

  if {$status} {
    putloglev d * "proxycheck: $host resolves to $ip"

    # reverse the IP
    regexp {([0-9]{1,3}).([0-9]{1,3}).([0-9]{1,3}).([0-9]{1,3})} $ip matches a b c d
    set newip "$d.$c.$b.$a"

    # look it up in the rbls
    foreach rbl $proxycheck_rbls {
      putloglev d * "proxycheck: looking up $newip.$rbl"
      dnslookup "$newip.$rbl" proxycheck_check3 $nick $host $channel $rbl
    }
  } else {
    putlog "proxycheck: Couldn't resolve $host. (No further action taken.)"
  }
}

# second callback (catches RBL results)
proc proxycheck_check3 { ip host status nick orighost channel rbl } {
  global proxycheck_bantime

  if {$status} {
    putlog "proxycheck: got host $host = ip $ip from RBL $rbl ... banning"
    newchanban $channel "*@$orighost" "proxychk" "proxycheck: $rbl" $proxycheck_bantime
  }
  #if we didn't get a host, they're not in RBL
}

putlog "proxycheck 1.0 by JamesOff loaded"

That's what im using right now - only problem is this @ partyline:

(00:03:09) (fel1cia) [00:03] DNS resolved my.ganja.nl to 85.93.9.59
(00:03:09) (fel1cia) [00:03] proxycheck: my.ganja.nl resolves to 85.93.9.59
(00:03:09) (fel1cia) [00:03] proxycheck: looking up 59.9.93.85.cbl.abuseat.org
(00:03:09) (fel1cia) [00:03] proxycheck: looking up 59.9.93.85.opm.blitzed.org
(00:03:09) (fel1cia) [00:03] proxycheck: looking up 59.9.93.85.dnsbl.ahbl.org
(00:03:09) (fel1cia) [00:03] DNS resolve failed for 59.9.93.85.dnsbl.ahbl.org
(00:03:09) (fel1cia) [00:03] DNS resolve failed for 59.9.93.85.cbl.abuseat.org
(00:03:10) (fel1cia) [00:03] #Nosser: mode change '+o phiL' by |PRINCE|!nsrafk@finds.hacking.quite.c00l.info
(00:03:51) (fel1cia) [00:03] DNS resolve failed for 59.9.93.85.opm.blitzed.org

--- I guess that means it doesnt work

Anything i can do to make this script work?

Post by **nml375** » Sun Jun 03, 2007 6:59 pm

Actually, it just means that 85.93.9.59 is not found in any of the dns-blacklists you use, and thus most likely is not a well-known open-proxy..

nsrafk · Post by **nsrafk** » Sun Jun 03, 2007 7:47 pm

Omg lol. Sorry. I thought the rbls didnt exist anymore. Jesus

Btw, any suggestions which RBL's i should add to the list ^^ ?

awyeah · Post by **awyeah** » Tue Jun 05, 2007 12:12 am

Btw this RBL script is very unaccurate. Not to say the script, but the database of ip's they have, the rbl database websites, yeap. I used these rbl urls to check the script once.

Code: Select all

#Space-separated list of RBLs to look in
set proxycheck_rbls {
"cbl.abuseat.org"
"www.dronebl.org"
"moensted.dk/spam/no-more-funn/"
}