| View previous topic :: View next topic |
| Author |
Message |
SaPrOuZy
Halfop
Joined: 24 Mar 2004
Posts: 75
Location: Lebanon
|
 Posted: Mon Jan 09, 2006 5:03 am Post subject: a ban script based on number of ip from same domain |
 |
|
Hello there,
it's a small script (and an easy one too) but am not really finding the time (or the mood) to write it..
here the idea:
suppose 10 ip from a domain xy.z.net joined a channel to flood (notice/msg...) they started noticing the chan and started to get banned quickly one after the other..
now what i want to do is ban the domain xy.z.net since i'd consider these hosts to be infected range of ips or something...
so what should be done is couting the bans that are set in a specified period of time, and ban the biggest common part of those addresses
ex:
if the address is in host format:
45-122-211-11.terra.net
45-123-11-21.terra.net
45-122-213-33.terra.net
idealy what should be banned is *!*@45*.terra.net but i think it would be hard so the script should ban *!*@*.terra.net (and remove the others)
if the address is in numeric ip format:
192.168.0.22
192.168.0.56
192.168.0.85
192.168.0.99
we should ban *!*@192.168.0.*
195.10.112.36
195.10.122.12
195.10.141.233
195.10.165.153
we should ban *!*@195.10.1*
this script intends to keep the number of bans limited to a minimum, of course exemptions should be added.
i hope i made it clear enough for you guys...
and thanks in advance if anyone decided to do it |
|
| Back to top |
|
 |
Sir_Fz
Revered One
Joined: 27 Apr 2003
Posts: 3793
Location: Lebanon
|
| Posted: Mon Jan 09, 2006 6:18 am Post subject: |
|
|
| Code: | proc fixBans c {
set cbs [chanbans $c]
foreach cb $cbs {
set b *!*@[lindex [split [lindex $cb 0] @] 1]
set mb [maskhost $b]
set cbs [lreplace $cbs [lsearch -exact $cbs $cb] [lsearch -exact $cbs $cb]]
foreach cb2 $cbs {
set b2 *!*@[lindex [split [lindex $cb2 0] @] 1]
if {[string match -nocase $mb $b2]} {
lappend gb($mb) [lindex $cb2 0]
set cbs [lreplace $cbs [lsearch -exact $cbs $cb2] [lsearch -exact $cbs $cb2]]
}
}
}
foreach {a b} [array get gb] {
if {[llength $b] > 1} {
foreach ban $b {
pushmode $c -b $ban
}
pushmode $c +b $a
}
}
} |
fixBans $chan should do what you asked for but not totally, only bans matching like 127.0.0.* will be removed and replaced by that one or bans like *.fz.net.
_________________
Follow me on GitHub
- Opposing
Public Tcl scripts |
|
| Back to top |
|
|
SaPrOuZy
Halfop
Joined: 24 Mar 2004
Posts: 75
Location: Lebanon
|
| Posted: Mon Jan 09, 2006 6:29 am Post subject: |
|
|
thx dude, i'll start from here to continue coding the rest of features
- autmating through x bans/ T time
- and get the biggest common part of the ips ...
regards. |
|
| Back to top |
|
|
demond
Revered One
Joined: 12 Jun 2004
Posts: 3073
Location: San Francisco, CA
|
| Posted: Tue Jan 10, 2006 12:19 am Post subject: |
|
|
see my posting in the FAQ forum about CIDR bans
ircd-hybrid supports them, I'd guess ratbox too and maybe ircu (yes qpeople, that's where qnet is coming from)
_________________
connection, sharing, dcc problems? click <here>
before asking for scripting help, read <this>
use [code] tag when posting logs, code |
|
| Back to top |
|
|
|
FAQ
Search
Memberlist
Usergroups
Register
Profile
Log in to check your private messages
Log in
