|
|
| Author |
Message |
Dutch_com_freak
none
Joined: 20 Feb 2004
Posts: 13
|
 Posted: Jan 24, 2005 8:29am Post subject: You were kicked from #blabla (muhstik powa) |
 |
|
I dont know of this is the right topic for this (moderators move if needed) but on our IRC network sinds a couple of weeks there are created channels that are having 'users' log in, then oper each and kick people when they say something... i think its some kind of Irc bot.tronjan etc... buh mabe someone knows what it is... if you dont say anything noting hapens either...
[15:26] * Now talking in #ajpe2
[15:27] <Ch> huh?
[15:27] * You were kicked by vlwtkbjoq (muhstik powa)
[15:27] * Attempting to rejoin channel #ajpe2
[15:27] * Rejoined channel #ajpe2
the names are random, channel name however changes from time to time... IRC admins forbit #ajpe now its #ajpe2
on a google search i found more channels with other names that have the same users buh have other random generated room names ( Search for muhstik powa )
Does anyone have a clue what this is????
Thnx,
Dutch |
|
| Back to top |
|
 |
Ashen
Idler
Joined: 05 Jan 2004
Posts: 285
|
| Posted: Jan 27, 2005 8:38am Post subject: |
|
|
muhstik is a script that basically generates many connections to a server at once, by bouncing them through psybncs, vhosts, open proxies and many other connection methods.
muhstik as a program is typically used as an attack tool to create huge floods against a target network/channel.
My suggestions for you are threefold :
1) install neostats (with secureserv) and bopm (or another OPM) to screen out bad clients via common patterns.
2) gline/akill/globally ban whatever pattern the clients in those channels match....... I'll give you 10/1 odds that they are a clonenet made of 1 user running hundreds of connections through open proxies all over the world with the intent of flooding.
-Ashen |
|
| Back to top |
|
|
Dutch_com_freak
none
Joined: 20 Feb 2004
Posts: 13
|
| Posted: Jan 27, 2005 6:28pm Post subject: |
|
|
Normally we use BLized Open Proxy monitor... it is down cous of major network upgrades..... GRR not now... well i must get a temp proxy detector online soon i guess  thnx for your help  |
|
| Back to top |
|
|
Ashen
Idler
Joined: 05 Jan 2004
Posts: 285
|
| Posted: Jan 28, 2005 5:31am Post subject: |
|
|
You're welcome.
I find from my experiments with muhstik clones that they usually have a common pattern (e.g. all their usernames/nicks are generated by the same formula).
If you figure out this formula and make a regex for it, and have regex akill support module loaded in anope, you can get rid of them all with one fell swoop.
-Ashen |
|
| Back to top |
|
|
|
Register
Log in
