This is the new home of the egghelp.org community forum.
All data has been migrated (including user logins/passwords) to a new phpBB version.


For more information, see this announcement post. Click the X in the top right-corner of this box to dismiss this message.

Script containing some abuse.

Old posts that have not been replied to for several years.
User avatar
Sir_Fz
Revered One
Posts: 3793
Joined: Sun Apr 27, 2003 3:10 pm
Location: Lebanon
Contact:

Script containing some abuse.

Post by Sir_Fz »

 I saw the following error in partyline:
[07:08] Tcl error in script for 'timer9320':
[07:08] invalid command name "blade"
I checked what's happenin in the channel, and i saw this:
 · · Joins: ElmOkH[Disconnected]8 [ ~[[blade]]@202.184.1.40]
I also tried to let a user join with ident [die], and the bot died.

so what should I search for in order to detect this backdoor ?
User avatar
Papillon
Owner
Posts: 724
Joined: Fri Feb 15, 2002 8:00 pm
Location: *.no

Post by Papillon »

somewhere in there it is either an exec command, or (most likely) there is some wrong usage of lists/strings...
make sure the list commands is only used on valid lists, and string commands on valid strings
Elen sila lúmenn' omentielvo
User avatar
Sir_Fz
Revered One
Posts: 3793
Joined: Sun Apr 27, 2003 3:10 pm
Location: Lebanon
Contact:

Post by Sir_Fz »

I think Pub.tcl has something of this abuse.

can u plz check if there is anything in this script causing this abuse ?
User avatar
Papillon
Owner
Posts: 724
Joined: Fri Feb 15, 2002 8:00 pm
Location: *.no

Post by Papillon »

it's not that script... it only has one utimer which is perfectly ok..
Elen sila lúmenn' omentielvo
User avatar
Sir_Fz
Revered One
Posts: 3793
Joined: Sun Apr 27, 2003 3:10 pm
Location: Lebanon
Contact:

Post by Sir_Fz »

how about this one ?

Code: Select all

proc clone_pro_join {nick uhost handl chan} {
	global cp_chans cp_j_flood cp_jp_flood cp_btime cp_host_count cp_uh_count cp_notify
	set uhost [string tolower $uhost]
	set host [lindex [split $uhost @] 1]
	set chan [string tolower $chan]
	if {[lsearch -exact $cp_chans $chan] == -1} {return 0}

	if {![info exists cp_host_count($host:$chan)]} {
		set cp_host_count($host:$chan) 1
	} else {
		incr cp_host_count($host:$chan)
	}
	utimer [lindex $cp_j_flood 1] "cp_expire cp_host_count($host:$chan)"

	if {$cp_host_count($host:$chan) > [lindex $cp_j_flood 0]} {
		newchanban $chan *!*@$host ClonePro "Join Flood detected from your host - Banned 10mins." $cp_btime
          sendnote ClonePro $cp_notify "÷ banned *!*@$host (massjoin) on $chan, [ctime [unixtime]] ÷"
		if {[botisop $chan] && [onchan $nick $chan]} {
    putserv "mode $chan +MR"
			putquick "KICK $chan $nick :Join Flood detected from your host - Banned 10mins."
    utimer 15 "pushmode $chan -R"
    utimer 30 "pushmode $chan -M" 
		}
    }

	if {![info exists cp_uh_count($uhost:$chan)]} {
		set cp_uh_count($uhost:$chan) 1
	} else {
		incr cp_uh_count($uhost:$chan)
	}
	utimer [lindex $cp_jp_flood 1] "cp_expire cp_uh_count($uhost:$chan)"
	if {$cp_uh_count($uhost:$chan) >= [expr [lindex $cp_jp_flood 0]*2]} {
		newchanban $chan *!*@$host ClonePro "eXcess Join/Part detected from your host - Banned 10mins." $cp_btime
          sendnote ClonePro $cp_notify "÷ banned *!*@$host (join/part flood) on $chan, [ctime [unixtime]] ÷"
		if {[botisop $chan] && [onchan $nick $chan]} {
    putserv "mode $chan +R"
			putquick "KICK $chan $nick :eXcess Join/Part detected from your host - Banned 10mins."
   utimer 15 "pushmode $chan -R"
		}
    }
}

proc clone_pro_leave {nick uhost handl chan {reason "Left channel"}} {
	global cp_chans cp_jp_flood cp_btime cp_uh_count cp_notify
	set uhost [string tolower $uhost]
	set host [lindex [split $uhost @] 1]
	set chan [string tolower $chan]
	if {[lsearch -exact $cp_chans $chan] == -1} {return 0}
	if {![info exists cp_uh_count($uhost:$chan)]} {
		set cp_uh_count($uhost:$chan) 1
	} else {
		incr cp_uh_count($uhost:$chan)
	}
	utimer [lindex $cp_jp_flood 1] "cp_expire cp_uh_count($uhost:$chan)"
	if {$cp_uh_count($uhost:$chan) >= [expr [lindex $cp_jp_flood 0]*2]} {
		newchanban $chan *!*@$host ClonePro "eXcess Join/Part detected from your host - Banned 10mins." $cp_btime
          sendnote ClonePro $cp_notify "÷ banned *!*@$host (join/part flood) on $chan, [ctime [unixtime]] ÷"
		if {[botisop $chan] && [onchan $nick $chan]} {
putserv "mode $chan +R"
			putquick "KICK $chan $nick :eXcess Join/Part detected from your host - Banned 10mins."
   utimer 15 "pushmode $chan -R"
		}
    }
}

proc cp_expire var_exp {
	upvar $var_exp var_pointer
  
	if {$var_pointer > 1} {
		incr var_pointer -1
	} else {
		unset var_pointer
	}
}

set cp_chans [string tolower $cp_chans]
set cp_j_flood [split $cp_j_flood :]
set cp_jp_flood [split $cp_jp_flood :]


# clear variables and timers on rehash
if {[array exists cp_host_count]} {unset cp_host_count}
if {[array exists cp_uh_count]} {unset cp_uh_count}
foreach check_utimer [utimers] {
	if {[string match cp_*_count* [lindex $check_utimer 1]]} {
		killutimer [lindex $check_utimer 2]
	}
}
e
egghead
Master
Posts: 481
Joined: Mon Oct 29, 2001 8:00 pm
Contact:

Post by egghead »

Sir_Fz wrote:how about this one ?

Code: Select all

proc clone_pro_join {nick uhost handl chan} {

[snip]

proc clone_pro_leave {nick uhost handl chan {reason "Left channel"}} {

That is a good candidate.

Code: Select all

utimer [lindex $cp_jp_flood 1] "cp_expire cp_uh_count($uhost:$chan)"
This is the offending line, which appears multiple times in the snippet you pasted. Note that this script makes a call to the proc "cp_expire" with "cp_uh_count($uhost:$chan)" as its argument. It appears this is a mistake and should be "$cp_uh_count($uhost:$chan)"

It is appreciated if you let us know what script this is and where you got it. If you got it from the egghelp.org tcl scripts repository, please inform slennox on it.
User avatar
Sir_Fz
Revered One
Posts: 3793
Joined: Sun Apr 27, 2003 3:10 pm
Location: Lebanon
Contact:

Post by Sir_Fz »

I got it from the TCL archieve of this site (http://www.egghelp.org), Clonepro.tcl.

so all i have to do is replace from cp_uh_count($uhost:$chan) to $cp_uh_count($uhost:$chan) and it won't have this problem ?
e
egghead
Master
Posts: 481
Joined: Mon Oct 29, 2001 8:00 pm
Contact:

Post by egghead »

Sir_Fz wrote:I got it from the TCL archieve of this site (http://www.egghelp.org), Clonepro.tcl.

so all i have to do is replace from cp_uh_count($uhost:$chan) to $cp_uh_count($uhost:$chan) and it won't have this problem ?
Yes. Note that that line occurs a couple of times in the code you pasted.

Edit: only replace it in the utimers lines. NOT everywhere.
Last edited by egghead on Fri Jul 11, 2003 12:13 pm, edited 1 time in total.
User avatar
Sir_Fz
Revered One
Posts: 3793
Joined: Sun Apr 27, 2003 3:10 pm
Location: Lebanon
Contact:

Post by Sir_Fz »

ok thank you :)
but now this error appears:
[08:58] Tcl error [clone_pro_join]: can't read "cp_uh_count(ident@xx.xx.xxx.xxx:#channel)": no such variable

Note:I replaced all cp_uh_count($uhost:$chan) with $cp_uh_count($uhost:$chan) except the set cp_uh_count($uhost:$chan)
e
egghead
Master
Posts: 481
Joined: Mon Oct 29, 2001 8:00 pm
Contact:

Post by egghead »

Sir_Fz wrote:ok thank you :)
but now this error appears:
[08:58] Tcl error [clone_pro_join]: can't read "cp_uh_count(ident@xx.xx.xxx.xxx:#channel)": no such variable

Note:I replaced all cp_uh_count($uhost:$chan) with $cp_uh_count($uhost:$chan) except the set cp_uh_count($uhost:$chan)
You only need to replace it in the utimers, not everywhere.
User avatar
Sir_Fz
Revered One
Posts: 3793
Joined: Sun Apr 27, 2003 3:10 pm
Location: Lebanon
Contact:

Post by Sir_Fz »

ok thanx again. I did as u told me, but this new error appears:

[09:17] Tcl error in script for 'timer28022':
[09:17] wrong # args: should be "upvar ?level? otherVar localVar ?otherVar localVar ...?"
e
egghead
Master
Posts: 481
Joined: Mon Oct 29, 2001 8:00 pm
Contact:

Post by egghead »

Sir_Fz wrote:ok thanx again. I did as u told me, but this new error appears:

[09:17] Tcl error in script for 'timer28022':
[09:17] wrong # args: should be "upvar ?level? otherVar localVar ?otherVar localVar ...?"
Yeah, my bad.

replace

Code: Select all

utimer [lindex $cp_jp_flood 1] "cp_expire cp_uh_count($uhost:$chan)" 

by

Code: Select all

utimer [lindex $cp_jp_flood 1]  [list cp_expire cp_uh_count($uhost:$chan)]
This will send the name of the array to the cp_expire proc and not the value.

Aren't there any other clone detection scripts out there? This is kind of an odd script which will show interesting behaviour under serious flood conditions.
User avatar
Sir_Fz
Revered One
Posts: 3793
Joined: Sun Apr 27, 2003 3:10 pm
Location: Lebanon
Contact:

Post by Sir_Fz »

ok, thanx again :)
this time it works very well with no errors and no such abuse. :wink:
User avatar
Sir_Fz
Revered One
Posts: 3793
Joined: Sun Apr 27, 2003 3:10 pm
Location: Lebanon
Contact:

Post by Sir_Fz »

Edit:nothing. (mistake reply) sorry
Last edited by Sir_Fz on Tue Aug 12, 2003 7:01 am, edited 1 time in total.
e
egghead
Master
Posts: 481
Joined: Mon Oct 29, 2001 8:00 pm
Contact:

Post by egghead »

Sir_Fz wrote:now the following error appears when the bot parts then joins the channel:
[11:12] Bot joined #channel.
[11:13] Tcl error in script for 'timer32806':
[11:13] can't read "tslines(#channel)": no such element in array
now what's the problem ?? :p
this seems not related to the code you posted earlier, but to some other code. Check for the word "tslines" in the tcl scripts you loaded.
Locked