|
|
| Author |
Message |
bowbiter
none
Joined: 26 Sep 2003
Posts: 8
|
 Posted: Nov 14, 2003 10:51pm Post subject: any1 know where to get secure serv? (to help akill bots...) |
 |
|
hey
i'm hoping someone can help....
i'm a network founder for a fairly small network of ~650 users. recently our network has been getting a lot of bottler bots (apparently a lot have :? ) when we've never had them before.
i know some bigger networks like irchighway and atomicchat use a scanner that will actually version users and scan ports and things of that nature.
my network is still fairly new and i'm still fairly new at all of this - but i was hoping someone could point me in the right direction to getting some sort of proxy scanner and a module similar to secure serv (like the one irchighway uses)
i'd appreciate any help 
bowbiter
Dejatoons |
|
| Back to top |
|
 |
tiko
none
Joined: 24 Sep 2003
Posts: 49
|
|
| Back to top |
|
|
bowbiter
none
Joined: 26 Sep 2003
Posts: 8
|
| Posted: Nov 15, 2003 1:17am Post subject: |
|
|
i dont think they are the same bots as talked about in the other forum post - but most of the bots join the channel "#" - since we couldnt find secure serv (thanks for the link!!!) we just set a link to another channel to autokill anyone who joined it....we've gotten a few normal users who did some typos but generally its worked so far.....
any ideas where they came from?
thanks
bowbiter
DejaToons |
|
| Back to top |
|
|
Jedi
none
Joined: 07 Jul 2003
Posts: 26
|
| Posted: Nov 15, 2003 12:02pm Post subject: |
|
|
our network has something that kills the bottler bots. Ours is called killserv, as we have no bottler bots on our network and it also sets an akill for 7 days 
If you want to try it out, can send me a pm here as I visit here all the time and maybe I can set it up on my *nix box. |
|
| Back to top |
|
|
Wiggle
Newbie
Joined: 01 Nov 2003
Posts: 81
|
| Posted: Nov 15, 2003 6:05pm Post subject: |
|
|
Or for whoever prefers to do it manually, use this mIRC script:
| Code: | | on *:CTCPREPLY:VERSION*:if (*bottler* iswm $2-) { kill $nick Bottler is not allowed on $network $+ ! } |
/ctcp #channel VERSION the channel and it will kill all the people who run bottler, judging on those version replies. (The same way SecureServ etc works) - Could be usefull when services are down :]
Note that you could also do some more error checking in the script, so it wouldn't act when you are not opered, etc. But I prefer to keep it simple so people would understand. I'm sure someone could explain to you how to do that kind of error checking . |
|
| Back to top |
|
|
bowbiter
none
Joined: 26 Sep 2003
Posts: 8
|
| Posted: Nov 16, 2003 2:14am Post subject: |
|
|
ahh - such a simple and easy script - why didn't i think of that???
actually - i did find out some information about some of the bots - today we realized ircspy.com was responsible for a LARGE # of bots (generally harmless though) - apparently one of the users took it upon himself to register two channels - and another had already been registered. as much as i cant stand those irc sites that log fservs and xdccs and such, i give kudos to ircspy for only going to networks that are submitted to them vs just going on any network with no consent from anyone (think isohunt.com).
as for the other bots - they are still joining # but if possible - they've caught on to the akill for them and join less frequently. i'm pretty sure these bots are different since the ircspy bots have the same nickname/ident and almost all reply to version as mirc 6.03.....while the bots in # have varying nicks and idents and only somtimes reply to version. |
|
| Back to top |
|
|
disting
none
Joined: 08 Oct 2003
Posts: 43
|
| Posted: Nov 17, 2003 9:52am Post subject: Proxy Scanner |
|
|
HeLLo..
ya..BOPM is kool..but it cant scan Globally. If U Have a only one server tnan its okaiz.IF more that one itz meaning less..
Better try OPSB its kool and it wroks GLOBALLY.. Either If u have Background problem try WIn Bopm [locally works] It wll run ur pc's background.
OPSB is nice. If U are running Hybrid Ircd.i might suggest yu some thing better.. SOCKS CLEANER.
about SecureServ. plz be sure your shell provider allow it..coz it takes
81%-87% of CPU.
feel free to mail me..i will do my best...
thnx
Nneel.
irc.golpo.net
mail:nneelbd@msn.com |
|
| Back to top |
|
|
U
Eleet
Joined: 18 Jun 2003
Posts: 521
Location: IRC
|
| Posted: Nov 17, 2003 11:18am Post subject: |
|
|
| He is correct-secureserv can send the neostats process usage way up-thats why I don't currently run it and use other means to stop spambots. Neostats itself isn't bad, but the secureserv scanning on a network with 500+ users does eat up the CPU pretty rapidly-so be prepared for this. |
|
| Back to top |
|
|
bowbiter
none
Joined: 26 Sep 2003
Posts: 8
|
| Posted: Nov 29, 2003 11:27pm Post subject: found a bottlers server.ini |
|
|
for anyone that is intersted, i found a bottlers server.ini while googling my network (to see if any unwanted irc search things had the network listed).
http://e-shorts.deadbyte.de/servers.ini
i've tried going to the main site but it's in german so i cant navigate it through very well...and i'm not even sure that server.ini is used anywhere...but there are a bunch of networks listed..maybe this link can at least explain why you have some bots and clue you into what channels some may be joining.
bowbiter |
|
| Back to top |
|
|
splinter
Guest
|
| Posted: Dec 06, 2003 12:15am Post subject: bopm problem |
|
|
hello ! i hope you can help me....
I had download bopm and make, make install and configure everything look good and i had run the bot and the bot is connecting on my irc server
but when a user connnecting to the irc server it's not working the bot don't want to scan him.... i don't know what's the problem but i guess it's the config look:
| Code: | mode = "+Fsc-h";
/* Hybrid / Bahamut / Unreal (in HCN mode) */
connregex = "\\*\\*\\* Notice -- Client connecting: ([^ ]+) \\(([^@]+)@([^\\)]+)\\) \\[([0-9\\.]+)\\].*"; |
I think the problem is somwhere in that part of the conf but i don't know how to resolv it
thank for your futur help
splinter |
|
| Back to top |
|
|
splinter
Guest
|
| Posted: Dec 06, 2003 12:20am Post subject: |
|
|
i had forgotten something...
The type of my irc server is "unrealircd"
and sorry for my poor english but i still french ^^
kissss
splinter |
|
| Back to top |
|
|
Wiggle
Newbie
Joined: 01 Nov 2003
Posts: 81
|
| Posted: Dec 06, 2003 6:28am Post subject: |
|
|
| http://www.blitzed.org/bopm wrote: | | Please note that bopm will not work with older versions of Unreal without modifying Unreal to send the client's IP address in a connection notice. Patches are available for download. On the latest versions of Unreal this is no longer needed. Remember for all Unreal versions you must set the perform line correctly (documented in the config file). |
Also:
| Quote: | A bug exists in Unreal 3.1.2 and Unreal 3.2 (and most likely in all
versions) that prevents the proper connection (+c) notice from being
sent to bopm.
You no longer need to do this on the latest versions of Unreal,
simply comment the perform line in the example configuration file
that sends the "PROTOCTL HCN" command to the server.
Expected connect notice:
*** Notice -- Client connecting: nick (user@host) [IP] {class}
Unpatched connect notice:
*** Notice -- Client connecting: nick (user@host) [HOST] {class}
A 1 line fix is as follows:
Edit src/send.c and locate the following block of code:
| Code: |
ircsprintf(connecth,
"*** Notice -- Client connecting: %s (%s@%s) [%s] {%d}", nick,
user->username, user->realhost, sptr->sockhost,
get_client_class(sptr));
"sptr->sockhost" should be changed to "inet_ntoa(sptr->ip)" as follows:
ircsprintf(connecth,
"*** Notice -- Client connecting: %s (%s@%s) [%s] {%d}", nick,
user->username, user->realhost, inet_ntoa(sptr->ip),
get_client_class(sptr)); |
|
|
|
| Back to top |
|
|
Guest
|
| Posted: Dec 06, 2003 10:14pm Post subject: Re: Proxy Scanner |
|
|
| disting wrote: | HeLLo..
ya..BOPM is kool..but it cant scan Globally. If U Have a only one server tnan its okaiz.IF more that one itz meaning less..
Better try OPSB its kool and it wroks GLOBALLY.. Either If u have Background problem try WIn Bopm [locally works] It wll run ur pc's background.
OPSB is nice. If U are running Hybrid Ircd.i might suggest yu some thing better.. SOCKS CLEANER.
about SecureServ. plz be sure your shell provider allow it..coz it takes
81%-87% of CPU.
feel free to mail me..i will do my best...
thnx
Nneel.
irc.golpo.net
mail:nneelbd@msn.com |
if that happends for you soemthing is wrong with your version or your shell provider has a shit server, i have been running neostats and secureserv since it was released and have never had that problem |
|
| Back to top |
|
|
Guest
|
| Posted: Jan 04, 2004 11:59am Post subject: |
|
|
Or for whoever prefers to do it manually, use this mIRC script:
| Code: | | on *:CTCPREPLY:VERSION*:if (*bottler* iswm $2-) { kill $nick Bottler is not allowed on $network $+ ! } |
/ctcp #channel VERSION the channel and it will kill all the people who run bottler, judging on those version replies. (The same way  :cry: :oops: :oops: :twisted:  |
|
| Back to top |
|
|
braindigitalis
Idler
Joined: 22 Sep 2003
Posts: 443
Location: IRC
|
| Posted: Mar 12, 2004 11:11am Post subject: bottler |
|
|
The program "irc defender" (http://ircdefender.sf.net) can kill bottler bots (in fact it can kill any bots by regexp hostname or version, check out the site):
Mar 11 13:13:36 <Defender> fa using Bottler v3.3 Build 1201 - http://www.xxxxxxxxxxx.com/xxxxxx/ matches version blacklist entry (Bottler.+), glined.
[16:28] <Defender> User O54587358!O54587358@ACBED02F.ipt.aol.com O54587358 matches regexp akill (^(O\d{5,8})!~?\1\x40[^\s]+\s+\1)! |
|
| Back to top |
|
|
|
Register
Log in
