| View previous topic :: View next topic |
| Author |
Message |
Reynaldo
Halfop
Joined: 11 May 2005
Posts: 54
|
 Posted: Thu Dec 21, 2006 9:08 pm Post subject: Detecting Nickname Trojan |
 |
|
| Code: |
on *:join:#: {
if ($me !isop $chan) { halt }
if ( $right($nick,2) isnum 0-99 ) && ( $asc($left($nick,1)) isnum 65-90 ) && ( $asc($left($address,1)) isnum 65-90 ) && ( $left($nick,5) != Guest ) && ( $left($nick,3) != ERR ) && ( $right($nick,3) !isnum ) {
.kick $chan $nick Spam!
}
|
The script i made for my mirc, and it works fine.
anyone can help me to translate in to tcl scripts? |
|
| Back to top |
|
 |
Sir_Fz
Revered One
Joined: 27 Apr 2003
Posts: 3793
Location: Lebanon
|
| Posted: Thu Dec 21, 2006 9:23 pm Post subject: |
|
|
Translate it to pseudo or explain what a 'spam nick' is, then we might be able to help you.
_________________
Follow me on GitHub
- Opposing
Public Tcl scripts |
|
| Back to top |
|
|
Reynaldo
Halfop
Joined: 11 May 2005
Posts: 54
|
| Posted: Thu Dec 21, 2006 11:11 pm Post subject: |
|
|
Camille27 (UmacCwm@220.??.???.??) has joined #chan
First character of nickname always using Capital letter and the end of nick always 2 number(s), and First character of Identd using Capital letter without ~ character and nick is not GUEST???. that's what i mean a Drone nick.
Last edited by Reynaldo on Fri Dec 22, 2006 8:28 pm; edited 1 time in total |
|
| Back to top |
|
|
Alchera
Revered One
Joined: 11 Aug 2003
Posts: 3344
Location: Ballarat Victoria, Australia
|
| Posted: Fri Dec 22, 2006 12:07 am Post subject: |
|
|
Try the Search function in future as there is almost always a solution already posted.
As an example:
antidrone.tcl against bots like agra55, valendra23, vicky75
Just use "drone" or "drone AND nick" for your search criterion and you should easily find what you're after.
_________________
Add [SOLVED] to the thread title if your issue has been.
Search | FAQ | RTM |
|
| Back to top |
|
|
Reynaldo
Halfop
Joined: 11 May 2005
Posts: 54
|
| Posted: Tue Dec 26, 2006 10:43 pm Post subject: |
|
|
for detecting only 2 numbers of nickname
| Code: |
set check [regsub -all {[0-9]} $nick "" shortnick]
if { $check <= 1 || $check >= 3 } {
# the nickname consits only 1 digit or more then 3 (so it can`t be that type for drone)
}
|
This proc for detect Capital letter
| Code: |
proc isupper {letter} {
set caps {A B C D E F G H I
J K L M N O P Q R
S T U V W X Y Z}
if {[lsearch -exact $caps $letter] > -1} {
return 1
} else {
return 0
}
}
|
how to detect isupper fist character of nick and isupper first character of identd? or i can use this code?
| Code: |
if {[isupper [string index $nick 1]] && [isupper [string index $uhost 1]] } {
|
|
|
| Back to top |
|
|
Sir_Fz
Revered One
Joined: 27 Apr 2003
Posts: 3793
Location: Lebanon
|
| Posted: Tue Dec 26, 2006 11:07 pm Post subject: |
|
|
You're lucky, I have written this sometime in the past and I found it on my HD:
| Code: | bind join - * bitchkick
proc bitchkick {n u h c} {
set id [string trimleft [lindex [split $u @] 0] ~]
if {[botisop $c] && [string is alpha $id] && [regexp {[A-Z][a-z]{2,}\d{2}$} $n nm] && [regexp {[^aeiou]{4}} [lindex [split $u @] 0] im] && [regexp -all {[A-Z]} $id] <= 6} {
putquick "KICK $c $n :Spammer bot detected. (*$nm!$im*) - Banned 120 minutes."
putquick "mode $c +b [set bm *!*@[lindex [split $u @] 1]]"
timer 120 [list pushmode $c -b $bm]
putlog "Detected \002$n\002!\002[lindex [split $u @] 0]\002 on \002$c\002."
}
} |
_________________
Follow me on GitHub
- Opposing
Public Tcl scripts |
|
| Back to top |
|
|
Reynaldo
Halfop
Joined: 11 May 2005
Posts: 54
|
| Posted: Wed Dec 27, 2006 10:39 pm Post subject: |
|
|
| Code: |
set id [string trimleft [lindex [split $u @] 0] ~]
|
Drones nick, they are using identd without ~ on it
| Code: |
set id [lindex [split [maskhost $uhost] "!"] 1]
|
|
|
| Back to top |
|
|
Sir_Fz
Revered One
Joined: 27 Apr 2003
Posts: 3793
Location: Lebanon
|
| Posted: Thu Dec 28, 2006 7:51 am Post subject: |
|
|
If there is a ~ it will be removed, if not then it stays as it is. Some of these bots don't have their idents resolved.
| Reynaldo wrote: | | Code: | | set id [lindex [split [maskhost $uhost] "!"] 1] |
|
This will return user@host and not user.
_________________
Follow me on GitHub
- Opposing
Public Tcl scripts |
|
| Back to top |
|
|
Reynaldo
Halfop
Joined: 11 May 2005
Posts: 54
|
| Posted: Thu Dec 28, 2006 8:12 pm Post subject: |
|
|
this case, all of these bots have their idents resolved. that make them special for me.
| Code: |
set id [lindex [split [maskhost $uhost] "!"] 1]
|
This will return user@host and not user.
That's ok. they always using nick like this: Lara22, Kelly20, Sarah19. and with idents: User@host (not user@host), so there's 3 point that make the bots different with user (some hopefully  ). It's:
1. First Character of bot nickname is Capital letter, ex: Lara22, Kelly20, etc.
2. First Character of bot ident is Capital letter, ext: User@host (not user@host).
3. Always there the 2number behind the botnick ex: Lara22, Kelly20. |
|
| Back to top |
|
|
user
Joined: 18 Mar 2003
Posts: 1452
Location: Norway
|
| Posted: Fri Dec 29, 2006 12:06 pm Post subject: |
|
|
| Code: | if {[regexp {^[A-Z].*?[0-9]{2}![A-Z]} $nick!$uhost]} {
# the user matches your description
} |
_________________
Have you ever read "The Manual"? |
|
| Back to top |
|
|
Sir_Fz
Revered One
Joined: 27 Apr 2003
Posts: 3793
Location: Lebanon
|
| Posted: Fri Dec 29, 2006 2:15 pm Post subject: |
|
|
| user wrote: | | Code: | if {[regexp {^[A-Z].*?[0-9]{2}![A-Z]} $nick!$uhost]} {
# the user matches your description
} |
|
Exactly, only the script I've wrote has more checks just to make sure (at least increase probability) that the user is indeed a drone.
It checks the following:
1) The ident is made up of alphabets only
2) First alphabet in nick is uppercase followed by at least 2 lowercase alphabets and ends with 2 integers.
3) Ident has at least 4 consecutive alphabets that are not vowels (excluding y)
4) Number of uppercase alphabets in ident is less than or equal to 6 (this is probably useless)
_________________
Follow me on GitHub
- Opposing
Public Tcl scripts |
|
| Back to top |
|
|
Garp
Voice
Joined: 15 Sep 2003
Posts: 29
|
| Posted: Fri Dec 29, 2006 5:04 pm Post subject: |
|
|
It's a worm using a fixed nicklist.
| Code: |
set wormnicks "aldora alysia amalina amorita anita april ara aretina barbra becky bella bettina blenda briana bridget caitlin camille cara carla carmen catherin chelsea cindy clarissa damita danielle daria diana donna dora doris ebony eden eliza emily erika eve evelyn faith gale gilda gloria haley helga holly ida idona iris isabel ivana ivory janet jessica jewel joanna julie juliet kacey kali kara kassia katrin katrina kyle lady lara laura linda lisa lolita lynn maia mary melody mimi mona myra nadia naomi natalie nicole nora nova olga olivia pamela peggy queen rachel rae rita rosa ruby sharon silver ula uma valda valora vanessa vicky violet vivian wendy willa xandra xenia xylia zenia zilya zoe"
if {[regexp {[1-3][0-9]$} $nick] && [regexp {[a-zA-Z]$} [string range $nick 0 end-2]] } {
if { ![string equal [lsearch -exact [split $wormnicks] [string range $nick 0 end-2]] -1]} {
## whatever you want to do - do it here
}
}
|
The advantage is, it doesn't catch nicks like Dieter19 or Manuela22. The source of that wormspreader is killed, there won't be a upgrade of that wormlist. |
|
| Back to top |
|
|
Sir_Fz
Revered One
Joined: 27 Apr 2003
Posts: 3793
Location: Lebanon
|
| Posted: Fri Dec 29, 2006 5:36 pm Post subject: |
|
|
| Garp wrote: | | The source of that wormspreader is killed, there won't be a upgrade of that wormlist. |
The author of that wormspreader is killed? what, electricity shock from his own PC or some other wormspreader-dude murdered him?
_________________
Follow me on GitHub
- Opposing
Public Tcl scripts |
|
| Back to top |
|
|
chandra Sha
Voice
Joined: 31 Oct 2006
Posts: 12
Location: South Borneo
|
| Posted: Sat Dec 30, 2006 7:40 am Post subject: |
|
|
Maybe he killed by his own wormlist
on this 3 days, i'm abble seen taht spam anymore, maybe they got effect from tsunami on taiwan too
BTW for this problem, i using Antidrone by sKy 
_________________
If you tired can't resolve, get rest for a while,
Refresh body and mind |
|
| Back to top |
|
|
silverboy
Halfop
Joined: 11 Feb 2006
Posts: 55
|
| Posted: Mon Jun 04, 2007 11:21 pm Post subject: |
|
|
| Quote: | | ## whatever you want to do - do it here |
could someone please add a command to ban the spam bot nick for 1minute ? 
_________________
proxyz..proxyz...i see everywher... O_o |
|
| Back to top |
|
|
|
FAQ
Search
Memberlist
Usergroups
Register
Profile
Log in to check your private messages
Log in
