egghelp.org community

[sdays]

Hi all i need a script that gets the proxys from http://proxy.org/tor.shtml and i want it blacklist in /db/blacklist.txt
i need this script a spammer that use tor proxys wont go away and this is the only way so please help thanks.

[rosc2112]

Question: Does the spammer show an ip or a hostname (need to know whether hostnames need to be reverse-resolved into ip for checking against the list.)

[sdays]

Both ip and hostname, tor proxys has hostnames and some dont...

* g695239 (~7HX8EW@69.55.232.152) has joined
* g695239 was kicked by Evi1Bot (drone)
* Evi1Bot sets mode: +b *!*@69.55.232.152
* c273508 (~3o3@c-24-21-172-176.hsd1.mn.comcast.net) has joined
* c273508 was kicked by Evi1Bot (drone)
* Evi1Bot sets mode: +b *!*@c-24-21-172-176.hsd1.mn.comcast.net

all the proxys he use comes from http://proxy.org/tor.shtml thats why i need the bot go to the website and put all of them in the blacklist perm

[Callisto]

A search for tor detection or just tor on the forum would have found you this post
http://forum.egghelp.org/viewtopic.php?t=10626&highlight=

however if the network uses any form of hostmasking then you cant really use a dnsbl search script.

Good luck

[sdays]

he has to many tor proxys i tryed.

[Callisto]

[rosc2112]

I tested the proxycheck script too, seems like it worked to me (ip changed to protect the innocent =) :

[theentity(dcc)] [18:22] proxycheck: doing dns lookup on plns-pppoe.dsl.plns. to get IP

[theentity(dcc)] [18:22] proxycheck: plns-pppoe.dsl.plns. resolves to x.x.x.x.

[theentity(dcc)] [18:22] proxycheck: looking up x.x.x.x in torserver.tor.dnsbl.sectoor.de

[theentity(dcc)] [18:22] x.x.x.x not found in torserver.tor.dnsbl.sectoor.de

[theentity(dcc)] [18:22] proxycheck: looking up x.x.x.x in cbl.abuseat.org

[theentity(dcc)] [18:22] x.x.x.x not found in cbl.abuseat.org

[theentity(dcc)] [18:22] proxycheck: looking up x.x.x.x in opm.blitzed.org

[theentity(dcc)] [18:22] x.x.x.x not found in opm.blitzed.org

[theentity(dcc)] [18:22] proxycheck: looking up x.x.x.x in dnsbl.ahbl.org

[theentity(dcc)] [18:22] x.x.x.x not found in dnsbl.ahbl.org

I put some putcmdlog lines into the script to see the above actions/results.. I used this in the proxycheck config:

set proxycheck_rbls { "torserver.tor.dnsbl.sectoor.de" "cbl.abuseat.org" "opm.blitzed.org" "dnsbl.ahbl.org" }

If those dnsbl's don't work for you, google TOR dnsbl, there are others to pick from. All you need is a dnsbl to use the proxycheck script.

[nml375]

I too would say using dnsbl lookups is the way togo..
By merely looking at the source of the page you wished to mine, makes it pretty obvious the author has no intention on making it easy for ppl to use some automated mining tool (inserting ramdom comments, switching between plain-text and &nnn;-style for each digit and decimal, etc).
Although converting these into something usable should'nt be that hard, it surely indicates the service-provider don't want ppl mining it, and is prepared to do quite alot to prevent ppl from doing it...

Besides, dnsbl is pretty standardized these days.
_________________
NML_375, idling at #eggdrop@IrcNET

[rosc2112]

[silverboy]

ban ?1*!~*@* ?2*!~*@* ?3*!~*@* ?4*!~*@* ?4*!~*@* ?5*!~*@* ?6*!~*@* ?7*!~*@* ?8*!~*@* ?9*!~*@* and no nicks like that will join your channel.


if ur doin it the other way eggdrop is damn slower.!
_________________
proxyz..proxyz...i see everywher... O_o

[rosc2112]

[silverboy]

does the Proxyscan.tcl detec Socks4 as well?

where can i get to download this one.
_________________
proxyz..proxyz...i see everywher... O_o

[rosc2112]

If there is a sock4 dnsbl, sure.. Try google searching for "socks4 dnsbl" and the link for proxyscan was posted in this thread, or just search the tcl archive for proxyscan, it's in the archive.

[silverboy]

[rosc2112]

If the variable banport is in the proxycheck script, yes you can add more to it, I dont have the script any longer to look at it, and for your 2nd question, yes you can comment out the putserv line or delete if you prefer to stop sending kick notices to the users.