need help finding away to get rid of user with proxy

Toboe · none Joined: 28 May 2004 Posts: 31

hiya.

for the last monthh weve been having this trouble with a lamer who uses a proxy and we cant get rid of him. hes managed to bypass bopm and now scanserv(scanserv ports are set at 3125,8080,81,80 are we missing ports proxies use?) this is really tiresome he just wont leave our network alone. and righ tnow the network is small and gets smaller becuz hesdriving all our users away. does anyone have any good suggestions? (windows fixes, our linux server is down at the moment =/ )

uchat · Idler Joined: 17 Mar 2004 Posts: 335

If you use multiple proxy scanners and they don't pick it up ... then he's most likely not using a proxy server. It's more like an infected machine that he has installed a backdoor on.

As far as what to do ... there are several things that you can do.

1> keep akill/G:Line'ing him until he runs out of IP's
2> Find out his ISP and report him
3> Do a little research when he's online and see if he uses the same bit of info everytime. As in /whois replies. Example: if he uses the same GECOS everytime you can then akill/G:Line him. It's not a picture perfect solution, but it will make it a bit harder to come back because he has to figure out how you banned him and change it.

There are probably other ways than aren't coming to mind at the moment. Hope this helps you.

Ashen · Idler Joined: 05 Jan 2004 Posts: 285

My suggestion is that you :

1) default all channels and users to block joins / msgs from unregistered users.
This means the person has to register with nickserv for each nick he uses to spam with.

2) Use a services program that supports delayed registrations.
For example, lock nickserv so a user has to wait at least 60 seconds after signing on before
he can register with nickserv, and to register he must supply a valid email address, check
for a confirm code, use it to authenticate, and only then can he register. Also, lock it so that
it only accepts one registration per email address, and it doesn't let you register with *@hotmail.com or similar free email providers.

This will nullify the effects of his bots as they will not be able to join any channels or message anyone on the ircd.
For added effect, modify your ircd source code so that only users registered with nickserv can join empty channels / create new channels.
Enable connection throttling on your ircd so that repeated connections/disconnections get the host throttled for a short time to stop connect/quit floods.

http://www.anope.org is a type of irc services that supports all of the features above.
(check their modules list!)

If you truly want to get rid of him, add in an extra module that akills any user that is online for 10 minitues and does not identify to nickserv or oper up for a short akill time.

This is the most effective way I know of to deal with bots, as it uses non-irc means to verify users.

You might also want to look into the darkfire verification system at http://www.darkfire.net

Good luck in getting rid of the evaders.

-Ashen

Toboe · none Joined: 28 May 2004 Posts: 31

JackJumper · none Joined: 12 May 2004 Posts: 6

1080 is a pretty popular socks port

pepolez · Lurker Joined: 05 Oct 2004 Posts: 163 Location: IRC

Most of those scanners check for OPEN proxies, not just any proxy, so your proxy scanner/s will let him/her past if their proxy is secure. Just noticed its something you missed there Smile

Ashen · Idler Joined: 05 Jan 2004 Posts: 285

Try adding your own definition to customviri.dat to akill any IP that he comes online from (if his nick, ident, isp or gecos is the same or similar each time, you can construct a regexp to autogline that IP).

Other then that, just have lots of ops/ircops handy to gline him, and possibly start setting some of your channels +restricted and all your users +iR so he can't message them. (protect services - he doesn't have infinite email addresses, you can ban by domain...)

-Ashen

cythrawll · none Joined: 24 Apr 2005 Posts: 2

I am having very similar problem with a user. There's gotta be a better way to deal with this...I did find out his ISP and tried contacting them, but I've heard nothing back Sad

bopm catches about 4/10 of his attempts...

Ashen · Idler Joined: 05 Jan 2004 Posts: 285

tried secureserv? Or using the extended check with bopm, plus multiple blacklists?

Oh, and try to setup reporting with bopm too.

-Ashen

braindigitalis · Idler Joined: 22 Sep 2003 Posts: 443 Location: IRC

angelic · Lurker Joined: 01 Aug 2003 Posts: 148

Have you tried _talking_ to him? I know it's a novel idea, irc being a means to communicate and all Wink

But why is he using a proxy to connect? Is he banned just because he's using a proxy or is there more to it? Is he causing any harm?

Most persistent annoyances go away when they don't get a reaction from you.

PingBad · Guru Joined: 05 Feb 2005 Posts: 2031 Location: New Zealand

AFter reading the original posting, I'd say this particular user is only doing what they do in the name of fun. My guess as to why the user is using proxies is just to annoy Taboe and the staff of the network in discussion.
There is little that can be done about this sort of annoyance other than what Taboe is doing and what has been suggested.

Phatchat · none Joined: 27 May 2004 Posts: 14

can always try ignoring him if u dont make a big fuse chances are he will leave
Cool

pepolez · Lurker Joined: 05 Oct 2004 Posts: 163 Location: IRC

Cobi · Lurker Joined: 30 Dec 2003 Posts: 121 Location: IRC