egghelp.org community Forum Index
[ egghelp.org home | forum home ]		 egghelp.org community
Discussion of eggdrop bots, shell accounts and tcl scripts.
 
 FAQFAQ   SearchSearch   MemberlistMemberlist   UsergroupsUsergroups   RegisterRegister 
 ProfileProfile   Log in to check your private messagesLog in to check your private messages   Log inLog in 

Need some kind of anti-proxy script. (have tried many)

 
Post new topic   Reply to topic    egghelp.org community Forum Index -> Script Requests
View previous topic :: View next topic  
Author Message
nsrafk
Halfop


Joined: 11 May 2007
Posts: 73
PostPosted: Sun Jun 03, 2007 6:10 pm    Post subject: Need some kind of anti-proxy script. (have tried many) Reply with quote
Hi.

Im in deeply need of a anti-proxy/trojan script. I've tried a couple of different ones, but nothing seems to work these days since the scripts is from 2003-2004. Can't seem to find any up-to-date ones. If anybody would be able to help me getting an actually working script, i'd be happy!
And for the record, yes i have tried the two in the tcl archive.

Thanks!
Back to top
View user's profile Send private message
Sir_Fz
Revered One


Joined: 27 Apr 2003
Posts: 3793
Location: Lebanon
PostPosted: Sun Jun 03, 2007 6:17 pm    Post subject: Reply with quote
What have changed since 2003-2004? It's still the same, if the port is open then it's a proxy...
_________________
Follow me on GitHub

- Opposing

Public Tcl scripts
Back to top
View user's profile Send private message Visit poster's website
nsrafk
Halfop


Joined: 11 May 2007
Posts: 73
PostPosted: Sun Jun 03, 2007 6:35 pm    Post subject: Reply with quote
Code:
# open proxy checker for eggdrop
# (c) James Seward 2003/4
# version 1.0

# http://www.jamesoff.net/projects/eggdrop
# james@jamesoff.net

# Released under the GPL

## INSTRUCTIONS
###############################################################################

# This script will check the hosts of people joining channels against one or
# RBLs. Choose your RBLs wisely, some of them list DIALUP SPACE and that would
# be a bad thing to be matching your IRC users against :P
#
# Enable the 'proxycheck' flag for channels you want the script active on
# --> .chanset #somechannel +proxycheck
#
# Users who are +o, +v, or +f in your bot (local or global) won't be checked.
#
# Turn on console level d on the partyline to see some debug from the script
# --> .console +d (to enable)
# --> .console -d (to disable)

## CONFIG
###############################################################################

# space-separated list of RBLs to look in
set proxycheck_rbls { "cbl.abuseat.org" "opm.blitzed.org" "dnsbl.ahbl.org" }

# time in minutes to ban for
set proxycheck_bantime 15

# stop editing here unless you're TCL-proof



## CODE
###############################################################################

#add our channel flag
setudef flag proxycheck

#bind our events
bind join - *!*@* proxycheck_join

#swing your pants

# catch joins
proc proxycheck_join { nick host handle channel } {
  #check we're active
  if {![channel get $channel proxycheck]} {
    return 0
  }

  #don't apply to friends, voices, ops
  if {[matchattr $handle fov|fov $channel]} {
    return 0
  }

  #get the actual host
  regexp ".+@(.+)" $host matches newhost
  if [regexp {[0-9]{1,3}.[0-9]{1,3}.[0-9]{1,3}.[0-9]{1,3}$} $newhost] {
    #it's a numeric host, skip the lookup
    proxycheck_check2 $newhost $newhost 1 $nick $newhost $channel
  } else {
    putloglev d * "proxycheck: doing dns lookup on $newhost to get IP"
    dnslookup $newhost proxycheck_check2 $nick $newhost $channel
  }
}

# first callback (runs RBL checks)
proc proxycheck_check2 { ip host status nick orighost channel } {
  global proxycheck_rbls

  if {$status} {
    putloglev d * "proxycheck: $host resolves to $ip"

    # reverse the IP
    regexp {([0-9]{1,3}).([0-9]{1,3}).([0-9]{1,3}).([0-9]{1,3})} $ip matches a b c d
    set newip "$d.$c.$b.$a"

    # look it up in the rbls
    foreach rbl $proxycheck_rbls {
      putloglev d * "proxycheck: looking up $newip.$rbl"
      dnslookup "$newip.$rbl" proxycheck_check3 $nick $host $channel $rbl
    }
  } else {
    putlog "proxycheck: Couldn't resolve $host. (No further action taken.)"
  }
}

# second callback (catches RBL results)
proc proxycheck_check3 { ip host status nick orighost channel rbl } {
  global proxycheck_bantime

  if {$status} {
    putlog "proxycheck: got host $host = ip $ip from RBL $rbl ... banning"
    newchanban $channel "*@$orighost" "proxychk" "proxycheck: $rbl" $proxycheck_bantime
  }
  #if we didn't get a host, they're not in RBL
}

putlog "proxycheck 1.0 by JamesOff loaded"


That's what im using right now - only problem is this @ partyline:

(00:03:09) (fel1cia) [00:03] DNS resolved my.ganja.nl to 85.93.9.59
(00:03:09) (fel1cia) [00:03] proxycheck: my.ganja.nl resolves to 85.93.9.59
(00:03:09) (fel1cia) [00:03] proxycheck: looking up 59.9.93.85.cbl.abuseat.org
(00:03:09) (fel1cia) [00:03] proxycheck: looking up 59.9.93.85.opm.blitzed.org
(00:03:09) (fel1cia) [00:03] proxycheck: looking up 59.9.93.85.dnsbl.ahbl.org
(00:03:09) (fel1cia) [00:03] DNS resolve failed for 59.9.93.85.dnsbl.ahbl.org
(00:03:09) (fel1cia) [00:03] DNS resolve failed for 59.9.93.85.cbl.abuseat.org
(00:03:10) (fel1cia) [00:03] #Nosser: mode change '+o phiL' by |PRINCE|!nsrafk@finds.hacking.quite.c00l.info
(00:03:51) (fel1cia) [00:03] DNS resolve failed for 59.9.93.85.opm.blitzed.org

--- I guess that means it doesnt work Razz

Anything i can do to make this script work?
Back to top
View user's profile Send private message
nml375
Revered One


Joined: 04 Aug 2006
Posts: 2857
PostPosted: Sun Jun 03, 2007 6:59 pm    Post subject: Reply with quote
Actually, it just means that 85.93.9.59 is not found in any of the dns-blacklists you use, and thus most likely is not a well-known open-proxy..
_________________
NML_375, idling at #eggdrop@IrcNET
Back to top
View user's profile Send private message
nsrafk
Halfop


Joined: 11 May 2007
Posts: 73
PostPosted: Sun Jun 03, 2007 7:47 pm    Post subject: Reply with quote
Omg lol. Sorry. I thought the rbls didnt exist anymore. Jesus Smile Btw, any suggestions which RBL's i should add to the list ^^ ?
Back to top
View user's profile Send private message
awyeah
Revered One


Joined: 26 Apr 2004
Posts: 1580
Location: Switzerland
PostPosted: Tue Jun 05, 2007 12:12 am    Post subject: Reply with quote
Btw this RBL script is very unaccurate. Not to say the script, but the database of ip's they have, the rbl database websites, yeap. I used these rbl urls to check the script once.

Code:

#Space-separated list of RBLs to look in
set proxycheck_rbls {
"cbl.abuseat.org"
"www.dronebl.org"
"moensted.dk/spam/no-more-funn/"
}

_________________
·­awyeah·

==================================
Facebook: jawad@idsia.ch (Jay Dee)
PS: Guys, I don't accept script helps or requests personally anymore.
==================================
Back to top
View user's profile Send private message Send e-mail Visit poster's website Yahoo Messenger MSN Messenger
Display posts from previous:   
Post new topic   Reply to topic    egghelp.org community Forum Index -> Script Requests All times are GMT - 4 Hours
Page 1 of 1

 
Jump to:  
You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot vote in polls in this forum


Forum hosting provided by Reverse.net

Powered by phpBB © 2001, 2005 phpBB Group
subGreen style by ktauber