Hi All, This post isnt really about tcl scripting (yet) but rather, to inquire if a script already exists that does what I want it to. I have a problem with ddos bots connecting to my network, is there a script out there that can somehow detect such bots and place an automatic ban? It seems the person who started them connecting was tricking folks into running a file, which was in effect a trojan which the unsuspecting victims rarely discovered running as a background process. These bots connect with a random nick, username, and ident, something like MYcFUDq|\i, and they also do not respond to a ctcp version. I can only imagine that it would be terribly complicated to make something that detected such randomness without cutting a real user now and then. The easiest way I think to do this would be to ctcp version every user on connect. I have seen some nets with bots that do just that, I assume for this purpose. If the user does not send a reply within a certain amount of time, it could possibly notify an oper (which would be a real pain) or automagically set a gline (preferable). I tried sifting through the tcl archives but had a tough time, because searching for "ddos" pulled up nothing and "version" pulled up a bunch of results that had nothing to do with what I was looking for. I have been known to blunder through some basic tcl, I even have a very simple tcl in the archive, but would rather pass on the couple of weeks it would take a simple mind like me to create something like this, if something like this exists, either to do the version (as I've seen on other nets) or in some other way "seek and destroy" ddos bots.
Thanks
Dan
This is the new home of the egghelp.org community forum.
All data has been migrated (including user logins/passwords) to a new phpBB version.
For more information, see this announcement post. Click the X in the top right-corner of this box to dismiss this message.
All data has been migrated (including user logins/passwords) to a new phpBB version.
For more information, see this announcement post. Click the X in the top right-corner of this box to dismiss this message.
script that ctcp versions users connecting
-
demond
- Revered One
- Posts: 3073
- Joined: Sat Jun 12, 2004 9:58 am
- Location: San Francisco, CA
- Contact:
http://demond.net/tcm.tcl
it autoklines connecting clients for missing CTCP VERSION reply, also for connection flood; works on ircd-hybrid only (but it should be easy to port that script for any other ircd that issues "Client connecting" notices to opers)
it autoklines connecting clients for missing CTCP VERSION reply, also for connection flood; works on ircd-hybrid only (but it should be easy to port that script for any other ircd that issues "Client connecting" notices to opers)
there is another version checker called noversions1.05.tcl, that can be found at tclscript.com
