egghelp.org community Forum Index
[ egghelp.org home | forum home ]		 egghelp.org community
Discussion of eggdrop bots, shell accounts and tcl scripts.
 
 FAQFAQ   SearchSearch   MemberlistMemberlist   UsergroupsUsergroups   RegisterRegister 
 ProfileProfile   Log in to check your private messagesLog in to check your private messages   Log inLog in 

scan ip from a proxy scanner site
Goto page 1, 2, 3, 4  Next
 
Post new topic   Reply to topic    egghelp.org community Forum Index -> Script Requests
View previous topic :: View next topic  
Author Message
TimeRider
Voice


Joined: 07 Jul 2020
Posts: 27
PostPosted: Sun May 02, 2021 8:25 pm    Post subject: scan ip from a proxy scanner site Reply with quote
Hello all!

Finally, I found this proxy detection site very effective against proxies or even VPN. "proxyscan.io"

So, my idea is to make eggdrop scan proxy IP in IRC through its free API key which offers 1000 queries per day.

If it is possible to make scan option;
1. On connect as eggdrop being IRCop scanning every IPs connecting.
2. On channel join scanning IPs who join the particular channel. (to save the queries as it is limited to 1000 per day)

If the IP is found proxy in the scanning result;
1. gline the user if it is on mode: On connect
2. kick/ban the user from channel if it is on mode: On channel

Also, If it could be enabled on channel as, !proxyscan on and !proxyscan off to turn it off. (Just to save proxy scan queries )

Since, I am no tcl coder, I would like someone (tcl coder) to please help me out.

It would much appreciate it.

Thank you!
_________________
Online chat
Nepal chat
Pakistan chat
Indian chat
Back to top
View user's profile Send private message Visit poster's website
CrazyCat
Revered One


Joined: 13 Jan 2002
Posts: 1108
Location: France
PostPosted: Mon May 03, 2021 4:12 am    Post subject: Reply with quote
Might be possible, I'll have an eye on the api

Edit: the API is not a proxy checker, it just returns random proxy based on some criterias.
You'd better use ip-api.com which can return this kind of info
_________________
https://www.eggdrop.fr - French IRC network
Offer me a coffee - Do not ask me help in PM, we are a community.
Back to top
View user's profile Send private message Visit poster's website
TimeRider
Voice


Joined: 07 Jul 2020
Posts: 27
PostPosted: Mon May 03, 2021 8:36 am    Post subject: Reply with quote
Hello CrazyCat!

Thanks for the reply. Yes, It does return random proxies and mainly VPN. It is actually beneficial for IRC network because VPN have been used to evade ban and generally abuse. VPNs are indeed glorified proxies.

It would be handy for some IRC lovers to run this service from eggdrop to keep out proxy and VPN to keep their IRC channel/network spam and abuse free.

Both IP-API.com and Proxyscan.io look similar so having a tcl script made for any one for now would be nice and appreciable.
_________________
Online chat
Nepal chat
Pakistan chat
Indian chat
Back to top
View user's profile Send private message Visit poster's website
CrazyCat
Revered One


Joined: 13 Jan 2002
Posts: 1108
Location: France
PostPosted: Mon May 03, 2021 9:31 am    Post subject: Reply with quote
No, proxyscan and ip-api are not the same services.

proxyscan returns you a random proxy IP, it can not say you if an IP is proxied or not.
ip-api returns, for a given IP, the proxy information (true/false).

Here is a small tool I did to get ip-api informations:
Code:
bind raw - NOTICE ipcheck
proc ipcheck {frm key text} {
   if {[string match *!*@* $frm] || ![string match -nocase "*client connecting*" $text]} { return }
   regexp {:\ ([^ ]+)\s\(([^@]+)@([^\)])+\)\s\[([^\]]+)} $text - unick ident host ip
   set data [getipdatas $ip]
   if {[dict get $data status] eq "success"} {
      logip $data
   }
}
proc json2dict {JSONtext} {
   string range [string trim [string trimleft [string map {\t {} \n {} \r {} , { } : { } \[ \{ \] \}} $JSONtext] {\uFEFF}]] 1 end-1
}
proc getipdatas { ip } {
   ::http::config -useragent "lynx"
   set ipq [http::geturl http://ip-api.com/json/$ip?fields=status,proxy,query&lang=fr]
   set data [json2dict [http::data $ipq]]
   ::http::cleanup $ipq
   return $data
}
proc logip { data } {
   set ip [dict get $data query]
   if { [dict get $data proxy] eq "true"} {
      putlog "$ip is a proxy"
   }
}

_________________
https://www.eggdrop.fr - French IRC network
Offer me a coffee - Do not ask me help in PM, we are a community.
Back to top
View user's profile Send private message Visit poster's website
TimeRider
Voice


Joined: 07 Jul 2020
Posts: 27
PostPosted: Mon May 03, 2021 11:25 am    Post subject: Reply with quote
CrazyCat, The correct site is proxycheck.io and they have the API and it works same as ip-api.com, Sorry I got confused over the name.

Also, I forgot to tell you my IRC server is inspIRCD. And How do I gline the IP if the proxy is true?
_________________
Online chat
Nepal chat
Pakistan chat
Indian chat
Back to top
View user's profile Send private message Visit poster's website
CrazyCat
Revered One


Joined: 13 Jan 2002
Posts: 1108
Location: France
PostPosted: Mon May 03, 2021 12:42 pm    Post subject: Reply with quote
Ok, I'll look at the API and adapt the script.

BTW, I don't know inspIRCd, I'll peharps need examples of connections notices.
_________________
https://www.eggdrop.fr - French IRC network
Offer me a coffee - Do not ask me help in PM, we are a community.
Back to top
View user's profile Send private message Visit poster's website
TimeRider
Voice


Joined: 07 Jul 2020
Posts: 27
PostPosted: Mon May 03, 2021 12:52 pm    Post subject: Reply with quote
Hello again CrazyCat, the connection notice of the inspIRCD would be;

*** CONNECT: Client connecting on port 6697 (class main): nick!ident@host (IP) [gecos]

Thanks!
_________________
Online chat
Nepal chat
Pakistan chat
Indian chat
Back to top
View user's profile Send private message Visit poster's website
Gulio
Halfop


Joined: 01 Nov 2020
Posts: 73
PostPosted: Mon May 03, 2021 1:30 pm    Post subject: hi Reply with quote
the proxycheck.io have free api 1000 request per day
and for connect is not fast during attack mass connect
can connect 100000 proxy to finish ur api
need to buy api and is spensive api also depend for how many request in day u want to check , what traffic user u have in day 3k 5k 10k + proxy attacker to think
and u need exempt ip to add del for that when is match real ip as abuse server like blacklist

better work with ircd blacklist like drone.dnsbl.org, efnet
also u can add more other blacklist in ur ircd adding and comon ports of sock 4 5 to be more strong to match sock 4 5 and vpn

Code:


blacklist dronebl {
        dns {
                name dnsbl.dronebl.org;
                type record;
                reply { 1; 2; 3; 4; 5; 6; 7; 8; 9; 10; 11; 12; 13; 14; 15; 16; 17; 18; 19; 20; 21; 22; 23; 24; 25; 100; 213; 255; };
        };
        action gzline;
        ban-time 30d;
        reason " 4Proxy14/4VPN ";
};
blacklist efnetrbl {
        dns {
                name rbl.efnetrbl.org;
                type record;
                reply { 1; 2; 3; 4; 5; 6; 7; 8; 9; 10; };
        };
        action gzline;
        ban-time 30d;
        reason " 4Proxy14/4VPN ";
};

Back to top
View user's profile Send private message
TimeRider
Voice


Joined: 07 Jul 2020
Posts: 27
PostPosted: Mon May 03, 2021 2:34 pm    Post subject: Re: hi Reply with quote
Most of the IRCD have those blacklists in them and even Anope. Also there is HOPM for it. These all blacklists won't work.

We are targeting proxies which are not detectable by these and also VPNs.
_________________
Online chat
Nepal chat
Pakistan chat
Indian chat
Back to top
View user's profile Send private message Visit poster's website
Gulio
Halfop


Joined: 01 Nov 2020
Posts: 73
PostPosted: Mon May 03, 2021 2:51 pm    Post subject: hi Reply with quote
The first code crazycat make is good

but u need a code for exemp ip add del first
after for add del asn blacklist file asn.txt
to check on connect asn vpn from asn.txt list provider
and code when proxy is yes to gzline remote if u have linked serv hub
i u have only 1 server local need zline action ip

and also if u use Mibbit website and Mibbit is down the ip of user is on gecos realname so need to make dns ip gecos to check on join or on connect to make snline the ip Smile
Back to top
View user's profile Send private message
CrazyCat
Revered One


Joined: 13 Jan 2002
Posts: 1108
Location: France
PostPosted: Tue May 04, 2021 3:54 am    Post subject: Reply with quote
This is a short script I did:
Code:
package require http
package require json

namespace eval pchecker {

   # proxycheck.io api key
   variable pckey "xxxxxx-xxxxxx-xxxxxx-xxxxxxxx"
   
   # min score to ban
   variable score 10
   
   # gzline message
   variable gmsg "Sorry, VPN are not allowed"
   
   # List of IP not checked
   # they are regexp style
   variable whitelist {"192\.168\.0\.1" "10\.0\.0\.*"}
   
   # List of blacklisted IP
   # regexp too :)
   variable blacklist {}
   
   bind raw - NOTICE ::pchecker::ipcheck
   
   proc ipcheck {frm key text} {
      if {[string match *!*@* $frm] || ![string match -nocase "*client connecting*" $text]} { return }
      regexp {:\ ([^ ]+)\s\(([^@]+)@([^\)])+\)\s\[([^\]]+)} $text - unick ident host ip
      if {[lsearch -regexp $::pchecker::whitelist $ip] ne -1} { return }
      if {[lsearch -regexp $::pchecker::blacklist $ip] ne -1} {
         putquick "GLINE *@$ip +7d :$::pchecker::gmsg"
         return
      }
      ::pchecker::isvpn $ip
   }
   
   proc json2dict {JSONtext} {
      string range [string trim [string trimleft [string map {\t {} \n {} \r {} , { } : { } \[ \{ \] \}} $JSONtext] {\uFEFF}]] 1 end-1
   }
   
   proc isvpn {ip} {
      ::http::config -useragent "lynx"
      set pcheck [::http::geturl http://proxycheck.io/v2/${ip}?key=$::pchecker::pckey&vpn=1&risk=1]
      set data [json2dict [::http::data $pcheck]]
      if {[dict get $data status] == "ok"} {
         set proxy [dict get [dict get $data $ip] proxy]
         set risk [dict get [dict get $data $ip] risk]
         if {[expr $risk - $::pchecker::score] >= 0 } {
            lappend $::pchecker::blacklist [string map {\. \\\.} $ip]
            putquick "GLINE *@$ip +7d :$::pchecker::gmsg"
         }
      }
      ::http::cleanup $pcheck
   }
   
}

It could be enhanced by adding a blacklist file to not loose already banned IP when restarting the eggdrop
_________________
https://www.eggdrop.fr - French IRC network
Offer me a coffee - Do not ask me help in PM, we are a community.

Last edited by CrazyCat on Wed May 05, 2021 2:02 am; edited 2 times in total
Back to top
View user's profile Send private message Visit poster's website
TimeRider
Voice


Joined: 07 Jul 2020
Posts: 27
PostPosted: Tue May 04, 2021 12:19 pm    Post subject: Reply with quote
Thanks CrazyCat for working on it.

But on eggdrop's party line, I get this error;
Quote:
Tcl error [ipcheck]: invalid command name "ipcheck"


Am I missing something?

Also, Is it possible to set query limit to 1000 queries?

Thank you!
_________________
Online chat
Nepal chat
Pakistan chat
Indian chat
Back to top
View user's profile Send private message Visit poster's website
CrazyCat
Revered One


Joined: 13 Jan 2002
Posts: 1108
Location: France
PostPosted: Tue May 04, 2021 12:35 pm    Post subject: Reply with quote
My bad, I forget the namespace in ne bind, I corrected my source.

It's possible to set a query limit, with a reset based on the hour, but its work might depend on proxycheck timezone and how they count.

Do you really have 1000 unique VPN connecting your network a day ?
_________________
https://www.eggdrop.fr - French IRC network
Offer me a coffee - Do not ask me help in PM, we are a community.
Back to top
View user's profile Send private message Visit poster's website
TimeRider
Voice


Joined: 07 Jul 2020
Posts: 27
PostPosted: Tue May 04, 2021 1:21 pm    Post subject: Reply with quote
Hello again CrazyCat, it still has some error that I get in my eggdrop's partyline;

Quote:
Tcl error [::pchecker::ipcheck]: can't read "ip": no such variable


CrazyCat wrote:

Do you really have 1000 unique VPN connecting your network a day ?


May be not 1000 unique VPN connections but yeah, 1000 connections per day (with/without proxies connecting). Since the other eggdrop's proxy scanner tcl I used had 500 to 1000 queries limit regardless of if they scan VPN/Proxy connection or not. Since, Eggdrop as IRCop scans every connection.
_________________
Online chat
Nepal chat
Pakistan chat
Indian chat
Back to top
View user's profile Send private message Visit poster's website
CrazyCat
Revered One


Joined: 13 Jan 2002
Posts: 1108
Location: France
PostPosted: Tue May 04, 2021 5:55 pm    Post subject: Reply with quote
Well, I guess the error come from the regexp, it works with unrealircd notices but I can't verify it with inspIRCd.

Next time you get the error, do .set errorInfo in party-line to get more datas about the error.
_________________
https://www.eggdrop.fr - French IRC network
Offer me a coffee - Do not ask me help in PM, we are a community.
Back to top
View user's profile Send private message Visit poster's website
Display posts from previous:   
Post new topic   Reply to topic    egghelp.org community Forum Index -> Script Requests All times are GMT - 4 Hours
Goto page 1, 2, 3, 4  Next
Page 1 of 4

 
Jump to:  
You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot vote in polls in this forum


Forum hosting provided by Reverse.net

Powered by phpBB © 2001, 2005 phpBB Group
subGreen style by ktauber