IPBan TCL Help n Combination

[Stealthx]

Hi guys, firstly pardon for my bad english. Right now I'm looking for a TCL that able to kick joining users with non-resolvable IPs (found at Egghelp TCL Archive), this is the following coding:

Code: Select all

# IP BAN for eggdrop
# raspi 2004
# bans users with non-resolvable IPs
# also checks global and channel banlist if that resolved host is banned
# requires: dns module
# report bugs to raspi@IRCNet/Freenode/Quakenet
# ver 0.6 (23.09.2004)
# see also: .help +exempt
# todo:
# - is some of those foreachses unnecessary?
# - run :init when .+chan is used

set opts(cmd) "ipban"; 
set opts(char) "!"; 

bind join -|- * ipban:checkhost
bind pub n|m "$opts(char)$opts(cmd)" ipban:pub
bind dcc -|- $opts(cmd) ipban:dcc

# -- public: --
# !ipban     - shows status
# !ipban on  - toggles it on
# !ipban off - toggles it off
# -- partyline: --
# .ipban - show list of channels and ipban status

# end of config
set opts(udef) "ipban_enabled"; # don't touch!
setudef str $opts(udef); # used by channel set/get

proc ipban:pub {nick uhost handle channel arg} {
  global opts
  set run 0

  switch $arg {
    "on" {
      channel set $channel $opts(udef) "1"
      set run 1
    }
    "off" {
      channel set $channel $opts(udef) "0"
      set run 1
    }
    default {
      if {[channel get $channel $opts(udef)] == "1"} {
        set ipbanstatus "on"
      } else {
        set ipbanstatus "off"
      }

      puthelp "PRIVMSG $channel :$opts(cmd) ($channel): $ipbanstatus"

      if {$run == 1} {
        putcmdlog "#$handle# $opts(cmd) $channel $arg"
      }
    }
  }
 
}

proc ipban:checkhost {nick uhost handle channel} {
  global opts
  if {[botisop $channel] == 1 && [channel get $channel $opts(udef)] == "1"} {
    set hosti [parsehost $uhost]
    set regexip4 {^\d{1,3}\.\d{1,3}\.\d{1,3}\.\d{1,3}$}
    set regexip6 {^\d{1,4}(:\d{1,4}){7}$}
    # does that host match IPv4 or IPv6
    if {[regexp -- $regexip4 $hosti] || [regexp -- $regexip6 $hosti]} {
      dnslookup $hosti resolve_ip $channel $hosti $nick
    }
  }
}

proc resolve_ip {ip host status chan hostip nick} {
  global opts
  if {!$status} {
    set resolved "?"
  } elseif {[regexp -nocase -- $ip $hostip]} {
    set resolved $host
  } else {
    set resolved $ip
  }

  set ban_it 0

  if {$ip == $host && $resolved == "?"} {
    # ip wasn't resolved
    set $ban_it 1
  } else {
    # ip resolved to host
    puthelp "PRIVMSG $chan :$nick $ip -> $resolved"

    # let's see if there's ban concerning that host in global bans
    foreach banni [banlist] {
      set b [parsehost [lindex $banni 0]]
      if {[string match $b $resolved]} {
        set ban_it 1
      }
    }

    foreach banni [banlist $chan] {
      set b [parsehost [lindex $banni 0]]
      if {[string match $b $resolved]} {
        set ban_it 1
      }
    }


    # let's see if there's ban concerning that host in current channel
    foreach banni [chanbans $chan] {
      set b [parsehost [lindex $banni 0]]
      if {[string match $b $resolved]} {
        set ban_it 1
      }
    }

  }

  if {$ban_it == 1} {
    # let's ban!
    # last digit to "*"
    regsub -all {\d+$} $ip "*" banhost
    newchanban $chan "*!*@$banhost" "IP-BAN" " IP"
    putkick $chan $nick "banned"
  }
 
}

proc parsehost {uhost} {
  set re "^(.+?)@(.*)$"
  regexp -- $re $uhost -> identti hosti
  return $hosti
}

proc ipban:dcc {handle idx txt} {
  global opts
  putcmdlog "#$handle# $opts(cmd)"
  set output [listipchansstat]
  putdcc $idx $output
}

proc listipchansstat {} {
  global opts
  set output "$opts(cmd): "

  foreach channel [channels] {
    if {[channel get $channel $opts(udef)] == "1"} {
      set s "on"
    } else {
      set s "off"
    }
    append output "$channel: $s "
  }

  return $output
}

proc ipban:init {} {
  global opts

  # initialize all channels to off
  foreach channel [channels] {
    if {[channel get $channel $opts(udef)] == ""} {
      channel set $channel $opts(udef) "0"
    }
  }

}

# initialize channels to OFF
ipban:init 

putlog "\[x\] IP ban (pub:$opts(char)$opts(cmd) & partyline:.$opts(cmd)) by raspi loaded"
#putlog [listipchansstat]

1) This TCL doesn't works perfect after I've tested. I've typed !ipban on on the channel and the IPban was ON on that channel. However, when there's a unresolved IP's user joined, it doesn't make a ban at all. How come?

2) Right now, I wanted to combine this TCL with another function which is to whois and check a user on JOIN on his/her "RealName" and "Identd".

So now the script will BAN the user on-join first when it detect that it was non-resolve IP and if it checked that the REALNAME and IDENTD is 6 letters, it will kick the user out.

Example of the user is:

Egghelp is ~pcvmgu@221.168.143.52 * fpcvmg

Anyone able t help?

[demond]

why not trust irc server's nameserver and simply ban those who have unresolved irc hostnames? (that is, numeric IP hostname; there is no need to try to resolve that IP through eggdrop's dns module - if irc server's nameserver was unable to do it, chances are you won't be able too)

[demond]

I assume you also want to ban by randomly generated ident/realname, not simply those which length is 6 chars

here's is a checker proc from my script spambuster, proved to be quite effective in such cases; it analyzes a string for randomly generated patterns, using some simple heuristics, and assigns a score reflecting the degree of randomness (not 100% accurate of course, but close enough

Code: Select all

proc sb:score {str} {
	set score 0
	set vowel "aeiouy"
	set cnant "bcdfghjklmnpqrstvwxz"
	set other "{}\\\[\\\]-_^`|\\\\"
	set digit "0123456789"
	set str [string tolower $str]
	incr score [llength [regexp -all -inline \[$vowel\]{3,} $str]]
	incr score [llength [regexp -all -inline \[$cnant\]{3,} $str]]
	incr score [llength [regexp -all -inline \[$other\]{2,} $str]]
	incr score [llength [regexp -all -inline \[$digit\]{2,} $str]]
	incr score [llength [regexp -all -inline \[$vowel$other\]{4,} $str]]
	incr score [llength [regexp -all -inline \[$cnant$other\]{4,} $str]]
	incr score [llength [regexp -all -inline \[$vowel$digit\]{4,} $str]]
	incr score [llength [regexp -all -inline \[$cnant$digit\]{4,} $str]]
	incr score [llength [regexp -all -inline \[$other$digit\]{3,} $str]]
	incr score $score
}

[Stealthx]

Erm... Hmm... Actually I've tried some TCL on random nick generator but majority or all the TCLs I've tried ain't really accurate, like what you've said, it won't be 100% accurate but however it's 1% effective towards those flood bots...

[demond]

well, you can rely on mine, tried, tested & true gives false alarms only on really idiotic nicks/usernames/realnames (depends on the set score threshold of course, but 17 is good enough for me)