Fetch list of banned masks.

[Alt]

I'm looking for a script that will connect to a website, grab a text file that has a list of host masks and then ban anyone entering that fits those masks. The masks would all be in their own line being something like

*!*@*aol.com @Aol for repeated abuse
*!*@66.243.100.* @Proxy
*!*@66.243.97.* @Proxy

ect ect.

I'm looking so that it will ban those masks but NOT add them to the internal ban list for the bot. So if someone removes a mask from the text file on the server and the bot regets it that the ban wont still be in the internal list. Plus it makes it easier that I can see the other bans I manually added to the bot with .bans. It would also be helpful if I could maybe have a command to see that list and then maybe add a flag to search it for a ban with wildcard search. So I can maybe go .extban -s *!*@*66.243* and have it give me the 2 proxy bans from that list. Maybe another flag to refetch the list using ".extban -f" and have it fetch a list. So I can do ".extban -f http://www.url.com/list2.txt" and have it grab that text file and use both list 1 and list 2. I know this is kind of drawn out and complex but I figured it would be useful.


So, features list I guess

Type ".extban -f url.txt" to fetch list of banned masks.

".extban -s *!*@*mask*" to search lists for masks matching. Just output the lines to the paryline that have that match since all masks will have their own line anyway.

".extban -l" Lists current lists and gives you a number next to them. (1, 2, 3 ect)
Example:
Current Ban Lists
1) http://www.url.com/list1.txt
2) http://www.url.com/list2.txt
3) * http://www.url.com/list3.txt

".extban -e (#number)" to remove a list.

".extban -r (#number)" to refetch the list of that number.

".extban -i (#number)" Temporarily disactive a list. Which is why the asterisk is next to list 3 telling you its deactivated.

".extban -a (#number)" Reactive that disabled list.

Have maybe a console flag to tell you when someone matching a mask is banned, from what room, and the mask they matched that got them banned.

Again, this got to be really complex but I think it would be really really useful and really really helpful. Infact I would say i'm in a really big need for it.

Big reason I want seperate lists is because i'm being targeted by a large group of proxy users and I want one list of temporary ones, one list of dynamic ones, one list of ISP ones, one list of targeted ones. Ect ect. That kind of stuff. Plus I can colaborate with multiple people who dont need access to the bot to see the lists and such.

[demond]

I highly doubt anyone would bother to write such elaborated and virtually useless for wider audience script (unless you pay, that is)

my advice is: create 4 +k users and start adding proxy masks - or get a decent anti-openproxy script (I haven't seen one)

[Alt]

Well the hardest part would be looking at a text file and banning users from it. Would that really be so insanely hard? Everything else would seem easy to me but then again I dont work with TCL or any other script languages for that matter. Also, I dont see it useless at all. I think many people would find a use for that type of script.

[demond]

well, Einstein said everything is relative

it's not hard to code, it's hard to waste time to code it - knowing that you waste time to implement something for a stranger you don't know, specifically tailored to their needs, practically useless for anyone else - see my point?

I myself would much rather waste my time to write a generic multi-purpose script that many people could use - but that's me... maybe someone elese will be willing to code this thing for you, there's always hope

[Callisto]

I use a proxy check from
http://www.jamesoff.net/projects/eggdrop/

But if the server you are on masks clients IP in anyway then unless your bot has an O line it wont work.

Good luck

[minted]

i was messing with this just yesterday

Code: Select all

# open proxy checker for eggdrop
# (c) James Seward 2003/4
# version 1.0

# http://www.jamesoff.net/projects/eggdrop
# james@jamesoff.net

# Released under the GPL

## INSTRUCTIONS
###############################################################################

# This script will check the hosts of people joining channels against one or
# RBLs. Choose your RBLs wisely, some of them list DIALUP SPACE and that would
# be a bad thing to be matching your IRC users against :P
#
# Enable the 'proxycheck' flag for channels you want the script active on
# --> .chanset #somechannel +proxycheck
#
# Users who are +o, +v, or +f in your bot (local or global) won't be checked.
#
# Turn on console level d on the partyline to see some debug from the script
# --> .console +d (to enable)
# --> .console -d (to disable)

## CONFIG
###############################################################################

# space-separated list of RBLs to look in
set proxycheck_rbls { "cbl.abuseat.org" "opm.blitzed.org" "dnsbl.ahbl.org" }

# time in minutes to ban for
set proxycheck_bantime 15

# stop editing here unless you're TCL-proof



## CODE
###############################################################################

#add our channel flag
setudef flag proxycheck

#bind our events
bind join - *!*@* proxycheck_join

#swing your pants

# catch joins
proc proxycheck_join { nick host handle channel } {
  #check we're active
  if {![channel get $channel proxycheck]} {
    return 0
  }

  #don't apply to friends, voices, ops
  if {[matchattr $handle fov|fov $channel]} {
    return 0
  }

  #get the actual host
  regexp ".+@(.+)" $host matches newhost
  if [regexp {[0-9]{1,3}.[0-9]{1,3}.[0-9]{1,3}.[0-9]{1,3}$} $newhost] {
    #it's a numeric host, skip the lookup
    proxycheck_check2 $newhost $newhost 1 $nick $newhost $channel
  } else {
    putloglev d * "proxycheck: doing dns lookup on $newhost to get IP"
    dnslookup $newhost proxycheck_check2 $nick $newhost $channel
  }
}

# first callback (runs RBL checks)
proc proxycheck_check2 { ip host status nick orighost channel } {
  global proxycheck_rbls

  if {$status} {
    putloglev d * "proxycheck: $host resolves to $ip"

    # reverse the IP
    regexp {([0-9]{1,3}).([0-9]{1,3}).([0-9]{1,3}).([0-9]{1,3})} $ip matches a b c d
    set newip "$d.$c.$b.$a"

    # look it up in the rbls
    foreach rbl $proxycheck_rbls {
      putloglev d * "proxycheck: looking up $newip.$rbl"
      dnslookup "$newip.$rbl" proxycheck_check3 $nick $host $channel $rbl
    }
  } else {
    putlog "proxycheck: Couldn't resolve $host. (No further action taken.)"
  }
}

# second callback (catches RBL results)
proc proxycheck_check3 { ip host status nick orighost channel rbl } {
  global proxycheck_bantime

  if {$status} {
    putlog "proxycheck: got host $host = ip $ip from RBL $rbl ... banning"
    newchanban $channel "*@$orighost" "proxychk" "proxycheck: $rbl" $proxycheck_bantime
  }
  #if we didn't get a host, they're not in RBL
}

putlog "proxycheck 1.0 by JamesOff loaded"

will this work with windrop?
i tried running bopm previously but its not compatible with our servers snotices(which we cant change)
a script that simply checks with a good dnsbl would be sufficient, though i couldnt seem to get this to work
no errors, just the reverse dns never seemed to work
edit: got it working.
still though, does this seem like a good script?
how do u find it callisto?

[Alchera]

will this work with windrop?

Too lazy to try?

[minted]

i edited my post
i had tried, just had no luck
then it worked!

seems to be as good as i'll get, the bopm guys had no interest helping make it work with our snotices
i dont really blame them, and i wouldnt know where to start
so querying their list is the next best thing

[demond]

setting up bopm is really easy, you simply need the right regexp - and you really should be using bopm instead of scripts

as long as your ircd provides client's IP in connection notices, bopm will work for you

[Callisto]

setting up bopm is really easy, you simply need the right regexp - and you really should be using bopm instead of scripts

as long as your ircd provides client's IP in connection notices, bopm will work for you

I agree 100% and I really question the sense of any network administrator who doesnt run some kind of protection, still each to their own.

[minted]

setting up bopm is really easy, you simply need the right regexp - and you really should be using bopm instead of scripts

as long as your ircd provides client's IP in connection notices, bopm will work for you

it doesnt
its a chatspace server, and we cant change the default snotice
*** Notice -- Client connecting on port 7000: nick (ident@hostname)
i tried to get bopm to work a while back, but i was unsuccessful.
a quick email to them got a reply that its not compatible with chatspace servers. unless u can give me a solution that fits

so, querying their dnsbl is the next best thing.

saying that, do u know of any other good dnsbl's, apart from blitzed.