This is the new home of the egghelp.org community forum.
All data has been migrated (including user logins/passwords) to a new phpBB version.
For more information, see this announcement post . Click the X in the top right-corner of this box to dismiss this message.
Old posts that have not been replied to for several years.
Sir_Fz
Revered One
Posts: 3793 Joined: Sun Apr 27, 2003 3:10 pm
Location: Lebanon
Contact:
Post
by Sir_Fz » Thu Jul 10, 2003 10:14 am
I saw the following error in partyline:
[07:08] Tcl error in script for 'timer9320':
[07:08] invalid command name "blade"
I checked what's happenin in the channel, and i saw this:
· · Joins: ElmOkH[Disconnected]8 [ ~[[blade]]@202.184.1.40]
I also tried to let a user join with ident [die], and the bot died.
so what should I search for in order to detect this backdoor ?
Papillon
Owner
Posts: 724 Joined: Fri Feb 15, 2002 8:00 pm
Location: *.no
Post
by Papillon » Thu Jul 10, 2003 10:59 am
somewhere in there it is either an exec command, or (most likely) there is some wrong usage of lists/strings...
make sure the list commands is only used on valid lists , and string commands on valid strings
Elen sila lúmenn' omentielvo
Sir_Fz
Revered One
Posts: 3793 Joined: Sun Apr 27, 2003 3:10 pm
Location: Lebanon
Contact:
Post
by Sir_Fz » Thu Jul 10, 2003 1:02 pm
I think
Pub.tcl has something of this abuse.
can u plz check if there is anything in this script causing this abuse ?
Papillon
Owner
Posts: 724 Joined: Fri Feb 15, 2002 8:00 pm
Location: *.no
Post
by Papillon » Fri Jul 11, 2003 5:54 am
it's not that script... it only has one utimer which is perfectly ok..
Elen sila lúmenn' omentielvo
Sir_Fz
Revered One
Posts: 3793 Joined: Sun Apr 27, 2003 3:10 pm
Location: Lebanon
Contact:
Post
by Sir_Fz » Fri Jul 11, 2003 6:23 am
how about this one ?
Code: Select all
proc clone_pro_join {nick uhost handl chan} {
global cp_chans cp_j_flood cp_jp_flood cp_btime cp_host_count cp_uh_count cp_notify
set uhost [string tolower $uhost]
set host [lindex [split $uhost @] 1]
set chan [string tolower $chan]
if {[lsearch -exact $cp_chans $chan] == -1} {return 0}
if {![info exists cp_host_count($host:$chan)]} {
set cp_host_count($host:$chan) 1
} else {
incr cp_host_count($host:$chan)
}
utimer [lindex $cp_j_flood 1] "cp_expire cp_host_count($host:$chan)"
if {$cp_host_count($host:$chan) > [lindex $cp_j_flood 0]} {
newchanban $chan *!*@$host ClonePro "Join Flood detected from your host - Banned 10mins." $cp_btime
sendnote ClonePro $cp_notify "÷ banned *!*@$host (massjoin) on $chan, [ctime [unixtime]] ÷"
if {[botisop $chan] && [onchan $nick $chan]} {
putserv "mode $chan +MR"
putquick "KICK $chan $nick :Join Flood detected from your host - Banned 10mins."
utimer 15 "pushmode $chan -R"
utimer 30 "pushmode $chan -M"
}
}
if {![info exists cp_uh_count($uhost:$chan)]} {
set cp_uh_count($uhost:$chan) 1
} else {
incr cp_uh_count($uhost:$chan)
}
utimer [lindex $cp_jp_flood 1] "cp_expire cp_uh_count($uhost:$chan)"
if {$cp_uh_count($uhost:$chan) >= [expr [lindex $cp_jp_flood 0]*2]} {
newchanban $chan *!*@$host ClonePro "eXcess Join/Part detected from your host - Banned 10mins." $cp_btime
sendnote ClonePro $cp_notify "÷ banned *!*@$host (join/part flood) on $chan, [ctime [unixtime]] ÷"
if {[botisop $chan] && [onchan $nick $chan]} {
putserv "mode $chan +R"
putquick "KICK $chan $nick :eXcess Join/Part detected from your host - Banned 10mins."
utimer 15 "pushmode $chan -R"
}
}
}
proc clone_pro_leave {nick uhost handl chan {reason "Left channel"}} {
global cp_chans cp_jp_flood cp_btime cp_uh_count cp_notify
set uhost [string tolower $uhost]
set host [lindex [split $uhost @] 1]
set chan [string tolower $chan]
if {[lsearch -exact $cp_chans $chan] == -1} {return 0}
if {![info exists cp_uh_count($uhost:$chan)]} {
set cp_uh_count($uhost:$chan) 1
} else {
incr cp_uh_count($uhost:$chan)
}
utimer [lindex $cp_jp_flood 1] "cp_expire cp_uh_count($uhost:$chan)"
if {$cp_uh_count($uhost:$chan) >= [expr [lindex $cp_jp_flood 0]*2]} {
newchanban $chan *!*@$host ClonePro "eXcess Join/Part detected from your host - Banned 10mins." $cp_btime
sendnote ClonePro $cp_notify "÷ banned *!*@$host (join/part flood) on $chan, [ctime [unixtime]] ÷"
if {[botisop $chan] && [onchan $nick $chan]} {
putserv "mode $chan +R"
putquick "KICK $chan $nick :eXcess Join/Part detected from your host - Banned 10mins."
utimer 15 "pushmode $chan -R"
}
}
}
proc cp_expire var_exp {
upvar $var_exp var_pointer
if {$var_pointer > 1} {
incr var_pointer -1
} else {
unset var_pointer
}
}
set cp_chans [string tolower $cp_chans]
set cp_j_flood [split $cp_j_flood :]
set cp_jp_flood [split $cp_jp_flood :]
# clear variables and timers on rehash
if {[array exists cp_host_count]} {unset cp_host_count}
if {[array exists cp_uh_count]} {unset cp_uh_count}
foreach check_utimer [utimers] {
if {[string match cp_*_count* [lindex $check_utimer 1]]} {
killutimer [lindex $check_utimer 2]
}
}
egghead
Master
Posts: 481 Joined: Mon Oct 29, 2001 8:00 pm
Contact:
Post
by egghead » Fri Jul 11, 2003 6:49 am
Sir_Fz wrote: how about this one ?
Code: Select all
proc clone_pro_join {nick uhost handl chan} {
[snip]
proc clone_pro_leave {nick uhost handl chan {reason "Left channel"}} {
That is a good candidate.
Code: Select all
utimer [lindex $cp_jp_flood 1] "cp_expire cp_uh_count($uhost:$chan)"
This is the offending line, which appears multiple times in the snippet you pasted. Note that this script makes a call to the proc "cp_expire" with "cp_uh_count($uhost:$chan)" as its argument. It appears this is a mistake and should be "$cp_uh_count($uhost:$chan)"
It is appreciated if you let us know what script this is and where you got it. If you got it from the egghelp.org tcl scripts repository, please inform slennox on it.
Sir_Fz
Revered One
Posts: 3793 Joined: Sun Apr 27, 2003 3:10 pm
Location: Lebanon
Contact:
Post
by Sir_Fz » Fri Jul 11, 2003 11:29 am
I got it from the TCL archieve of this site (
http://www.egghelp.org ), Clonepro.tcl.
so all i have to do is replace from
cp_uh_count($uhost:$chan) to
$cp_uh_count($uhost:$chan) and it won't have this problem ?
egghead
Master
Posts: 481 Joined: Mon Oct 29, 2001 8:00 pm
Contact:
Post
by egghead » Fri Jul 11, 2003 11:43 am
Sir_Fz wrote: I got it from the TCL archieve of this site (
http://www.egghelp.org ), Clonepro.tcl.
so all i have to do is replace from
cp_uh_count($uhost:$chan) to
$cp_uh_count($uhost:$chan) and it won't have this problem ?
Yes. Note that that line occurs a couple of times in the code you pasted.
Edit: only replace it in the utimers lines. NOT everywhere.
Last edited by
egghead on Fri Jul 11, 2003 12:13 pm, edited 1 time in total.
Sir_Fz
Revered One
Posts: 3793 Joined: Sun Apr 27, 2003 3:10 pm
Location: Lebanon
Contact:
Post
by Sir_Fz » Fri Jul 11, 2003 12:00 pm
ok thank you
but now this error appears:
[08:58] Tcl error [clone_pro_join]: can't read "cp_uh_count(
ident@xx.xx.xxx.xxx :#channel)": no such variable
Note:I replaced all cp_uh_count($uhost:$chan) with $cp_uh_count($uhost:$chan) except the
set cp_uh_count($uhost:$chan)
egghead
Master
Posts: 481 Joined: Mon Oct 29, 2001 8:00 pm
Contact:
Post
by egghead » Fri Jul 11, 2003 12:12 pm
Sir_Fz wrote: ok thank you
but now this error appears:
[08:58] Tcl error [clone_pro_join]: can't read "cp_uh_count(
ident@xx.xx.xxx.xxx :#channel)": no such variable
Note:I replaced all cp_uh_count($uhost:$chan) with $cp_uh_count($uhost:$chan) except the
set cp_uh_count($uhost:$chan)
You only need to replace it in the utimers, not everywhere.
Sir_Fz
Revered One
Posts: 3793 Joined: Sun Apr 27, 2003 3:10 pm
Location: Lebanon
Contact:
Post
by Sir_Fz » Fri Jul 11, 2003 12:19 pm
ok thanx again. I did as u told me, but this new error appears:
[09:17] Tcl error in script for 'timer28022':
[09:17] wrong # args: should be "upvar ?level? otherVar localVar ?otherVar localVar ...?"
egghead
Master
Posts: 481 Joined: Mon Oct 29, 2001 8:00 pm
Contact:
Post
by egghead » Fri Jul 11, 2003 12:28 pm
Sir_Fz wrote: ok thanx again. I did as u told me, but this new error appears:
[09:17] Tcl error in script for 'timer28022':
[09:17] wrong # args: should be "upvar ?level? otherVar localVar ?otherVar localVar ...?"
Yeah, my bad.
replace
Code: Select all
utimer [lindex $cp_jp_flood 1] "cp_expire cp_uh_count($uhost:$chan)"
by
Code: Select all
utimer [lindex $cp_jp_flood 1] [list cp_expire cp_uh_count($uhost:$chan)]
This will send the name of the array to the cp_expire proc and not the value.
Aren't there any other clone detection scripts out there? This is kind of an odd script which will show interesting behaviour under serious flood conditions.
Sir_Fz
Revered One
Posts: 3793 Joined: Sun Apr 27, 2003 3:10 pm
Location: Lebanon
Contact:
Post
by Sir_Fz » Fri Jul 11, 2003 12:51 pm
ok, thanx again
this time it works very well with no errors and no such abuse.
Sir_Fz
Revered One
Posts: 3793 Joined: Sun Apr 27, 2003 3:10 pm
Location: Lebanon
Contact:
Post
by Sir_Fz » Fri Jul 11, 2003 2:16 pm
Edit :nothing. (mistake reply) sorry
Last edited by
Sir_Fz on Tue Aug 12, 2003 7:01 am, edited 1 time in total.
egghead
Master
Posts: 481 Joined: Mon Oct 29, 2001 8:00 pm
Contact:
Post
by egghead » Fri Jul 11, 2003 2:19 pm
Sir_Fz wrote: now the following error appears when the bot parts then joins the channel:
[11:12] Bot joined #channel.
[11:13] Tcl error in script for 'timer32806':
[11:13] can't read "tslines(#channel)": no such element in array
now what's the problem ?? :p
this seems not related to the code you posted earlier, but to some other code. Check for the word "tslines" in the tcl scripts you loaded.