This is the new home of the egghelp.org community forum.
All data has been migrated (including user logins/passwords) to a new phpBB version.


For more information, see this announcement post. Click the X in the top right-corner of this box to dismiss this message.

help me with this regex please (anti xploiT DCC)

Support & discussion of released scripts, and announcements of new releases.
Post Reply
S
Sedition
Voice
Posts: 17
Joined: Wed Dec 14, 2011 10:04 pm
Location: Bolivia, Beni, Trinidad / DALnet

help me with this regex please (anti xploiT DCC)

Post by Sedition »

good morning I would like all that they help me with this regex to extract of unreal it is an excellent anti dcc xploit

regex "\x01DCC (SEND|RESUME)[ ]+\"(.+ ){20}"

and the attacker uses an exploit that tries to knock down my bot but in partyline its attack goes out for me so:
<(Kantuta> [06:20:00] @#Beni (+tn) : [m/9 o/4 h/0 v/0 n/5 b/0 e/- I/-]
<(Kantuta> [06:20:35] [miguelito!~miguelito@xx.xx.xx.xx] DCC SeND "+ w + w + w + w + w + w + w + w + w + w + w + w + w + w + w + w + w + w + w + w + w + w + w + w + w + w + w + w + w + w + w + w + w + w + w + w + w + w + w + w + w + w + w + w + w + w + w + w + w + w + w + w + w + w + w + w + w + w + w + w + w + w + w + w + w + w + w + w + w + w + w + w + w + w + w + w + w + w + w + w + w + w + w + w + w + w + w + w + w + w + w + w + w + w + w + w + w + w + w + w + w + w + w + w + w + w + w + w + w + w
try to arm the tcl but it me does not work someone please who helps me is so that it detects the attack xploit and punishes it

Code: Select all

bind CTCP - DCC handle_exploit
proc handle_exploit {nick uhost hand dest key arg} {
if {[regexp {(SEND|RESUME)[ ]+\"(.+ ){20}} $arg]} {
 foreach chan [channels] {
   pushmode $chan +b "*!*@[lindex [split $uhost "@"] end]"
   putkick $chan $nick "please stop no xploits Dcc."
  }
}
}
please someone who helps me with this code would be grateful to him very much :lol: :lol: :lol: :lol: :lol:


////////////////// /////////////////////////

I found another tcl that should stamp on users who send exploits in texts, installed it but it does not work

Code: Select all

bind ctcp -|- "DCC" satmd_botnet_antidccbug_ctcp

proc satmd_botnet_antidccbug_ctcp { nick uhost handle dest keyword text } {
global botnick
set dcc_type [string toupper [lindex $text 0]]
if { $dcc_type == "SEND" && ( [string length $text] > 200 || [satmd_botnet_antidccbug_count $text " "] > 20) } {
putloglev "cmdw1" "*" "mIRC DCC SEND exploit detected @ $nick!$uhost/$handle:$dest"
set banmask1 "$nick!*@*"
set banmask2 "*!*@[lindex [split $uhost @] 1]"
catch { satmd_gban_add $banmask1 $botnick "EXPLOIT: mIRC DCC SEND" }
catch { satmd_gban_add $banmask2 $botnick "EXPLOIT: mIRC DCC SEND" }
satmd_botnet_gban_add "$banmask1" "90d" "antidccbug@$botnick" "$botnick" "mIRC DCC exploit detected" 1
satmd_botnet_gban_add "$banmask2" "15d" "antidccbug@$botnick" "$botnick" "mIRC DCC exploit detected" 1
return 1
}
return 0
}
only I want that it detects the attack and stamps on the user but it attacks dcc xploits of texts
Last edited by Sedition on Sun Dec 14, 2014 3:28 pm, edited 1 time in total.
good I wait for all that he learns more on tcl thanks for shaping a solid group of help
S
Sedition
Voice
Posts: 17
Joined: Wed Dec 14, 2011 10:04 pm
Location: Bolivia, Beni, Trinidad / DALnet

Re: some friend who helps me with this regex please

Post by Sedition »

final code

Code: Select all

## This tcl kicked that attack xploit via dcc your eggdrop ##
## my nicks in DALnet: [b]Arnold_X-P[/b] and [b]Sedition[/b] emial: urquizoandrade@hotmail.com
## my server  is /server matrix.2ip.us ##

## ban time in minutes ##
set banxploit "4"

## nick admin ##
set memosadmin "sedition"

bind raw - PRIVMSG raw:exploit

proc raw:exploit {from keyword args} {
global banxploit memosadmin
  set args [string trim $args "{}"]
  if {[regexp -nocase {(SEND|RESUME).*"(?:[^" ]*\s){32}.*$} $args]} {
  set banmask *!*@[lindex [split $from @] 1] 
  set nick [lindex [split $from "!"] 0]
  foreach chan [channels] { 
   newchanban $chan $banmask Exploit "You cannot attack me with its dirty Exploits, high place." $banxploit
   }
    putserv "ms send $memosadmin owner I was attacked by Xploits for 4$nick 7($from) in date of 1(4[strftime %d/%b/%Y@%H:%M]1)."    
    putlog "1\[4ALERTA1\] is detected Attack DCC SEND Xploit for $nick ($from) Proceeding to stamp."
	return 0 
 }
}
good I wait for all that he learns more on tcl thanks for shaping a solid group of help
User avatar
caesar
Mint Rubber
Posts: 3778
Joined: Sun Oct 14, 2001 8:00 pm
Location: Mint Factory

Post by caesar »

This subject has been discussed a long time ago, look at converting a regex from mirc to TCL
Once the game is over, the king and the pawn go back in the same box.
Post Reply