This is the new home of the egghelp.org community forum.
All data has been migrated (including user logins/passwords) to a new phpBB version.


For more information, see this announcement post. Click the X in the top right-corner of this box to dismiss this message.

sentinel or bot

Support & discussion of released scripts, and announcements of new releases.
Post Reply
m
mm
Halfop
Posts: 78
Joined: Thu Jul 01, 2004 10:24 pm

sentinel or bot

Post by mm »

Hi, i have 3 bots linked and i am using netbots 4.09 almost 2,3 years, no problems at all, but today some idiot had tried to flood the channel with a lot of (100+) join-part floods with different ip's and then in a mean time he tried "msg flood" to the bots with multiple flood bots(over 100+ with diff ip's) and then all 3 of the bots were quit with this message -> Max sendQ exceeded

sentinel is enable in 3 of the bots.

when he tried "msg floods" sentinel was adding to the ignores like
sentinel: added *!*@222.110.55.166 to ignore list (MSG flooder)

i'll appreciate for your advise? what can be done to prevent this because now they will try to kill the bots again and again.

advance thanks
MM
User avatar
slennox
Owner
Posts: 593
Joined: Sat Sep 22, 2001 8:00 pm
Contact:

Re: sentinel or bot

Post by slennox »

mm wrote:now they will try to kill the bots again and again.
Excellent. Lots of real-world floods to test things against are a gift to those who want to implement protection. If you're serious about having this looked into, send me an e-mail and let me know your network/nickname/channel. I'm currently doing a minor update to sentinel to add the custom lock modes, but I may as well tack on a few other things where possible.
m
mm
Halfop
Posts: 78
Joined: Thu Jul 01, 2004 10:24 pm

Post by mm »

Thanks Slenoxx. That will be great, if we can add "silence"..

I need your kind expert advise on my settings please, i have 3 bots, one hub and 2 leafs. Sentinel is ON in three of them, with the following MSG/CTCP flood settings for bot, after that huge(100+ different ip's) msg/ctcp floods on the bots.
sentinel settings:
Bot CTCP flood: 3 in 20 secs
Bot MSG flood: 2 in 20 secs

while bot's config settings is the following
set flood-msg 2:10
set flood-ctcp 2:10

should i disable sentinel on one of my leaf? is this setting is fine? so if they attack on the bots with 120 diff ips, they won't d/c?

thanks again
MM
User avatar
YooHoo
Owner
Posts: 939
Joined: Thu Feb 13, 2003 10:07 pm
Location: Redwood Coast

Post by YooHoo »

slennox wrote:For greater protection against large channel floods, I recommend you also use the chanlimit.tcl component.
- There is a trade-off between convenience and security. The more automation you enable, the more stress the bot will be under during a flood and the more stuff it will be sending to the server.
- Where security is paramount, have one or two bots that aren't running sentinel.tcl. Since sentinel.tcl is a complex script with many automated and convenience features, there is a potential for vulnerabilities.
this sem pretty clear, no :?:
Post Reply