weird bots

theEd · Newbie Joined: 15 Mar 2004 Posts: 75 Location: New Zealand

Willaim, they do certainly seem to be reusing names. That said I'd say the only way we could make a name list would be to just keep an eye out for them and post here if there's a new name used.

As far as zeke and I can tell so far, they're not doing anything. That's what makes it so strange - they only seem to talk if you talk to them via PM, and even then they never advertised anything. Whatsmore, as they are only there for two minutes (never shorter or longer), it doesn't give them too much time if they're only spamming via PM to people who initiate a convo with them.

I also haven't seen them get killed by spamfilters or anything on any of the server I've seen them on, which would also suggest that they're not spamming.

maddog906, most of what you posted is irrelevant. The bots are not posting URLs, are not using random-looking nicks or idents, and they aren't spamming in PM.

greg27 · Lurker Joined: 07 Oct 2006 Posts: 159 Location: Australia

blocking these bots is easy, since they only seem to be connecting from a handful of hosts, but i'd really like to know what the point of these bots is. it's bizarre that they appear on so many networks yet nobody knows what they do :s

maddog906 · Lurker Joined: 08 Mar 2005 Posts: 131 Location: uk

[05:47am] [ConnectServ] SIGNON user: cybergirl
[05:47am] [ConnectServ] SIGNOFF user: cybergirl (cybergirl@*.wanadoo.fr 35 F ) at (mynetwork Z:lined (SomeLameScript contains backdoors),
While been on irc 8 years I have learnt that botz like this always come back with a hidden agenda, you let them in once next time bang your world is turned upside down.
Prevention is always better than a cure; it really makes you sleep better at night.
all my infomation is only advice for things to come,this might be just a chat bot,what about the next genaration of botz?

maddog906 · Lurker Joined: 08 Mar 2005 Posts: 131 Location: uk

theEd · Newbie Joined: 15 Mar 2004 Posts: 75 Location: New Zealand

zeke · Idler Joined: 04 Oct 2003 Posts: 321

So, shall we start a namelist?

[18:10:32] <Global> LOGUSERS: [bang!] (mbullegg@[bang!] => *-DB577F91.rev.numericable.fr) (h 22 oke) [[bang!]] connected to the network (kings.il.us.*.com).

[bang!]

/* Edit */
You know, I've just realised - the host is changing, however they're all from the same IP address - ***.

mouselike · Idler Joined: 09 Dec 2003 Posts: 258

maddog906 · Lurker Joined: 08 Mar 2005 Posts: 131 Location: uk

Is it one more move, from RIAA /media defender and all the other anti-file-sharing and anti p2p, what this world coming too? Gee you will find some one else hand wipe ya as (*) before you do and insert a tracking device

phrozen77 · Posted: Jul 15, 2008 2:33am Post subject:

[bang!]

Thats the few that we had yesterday evening, connecting, sitting there for a while and disconnecting again.

Wonder what theyre up to.

And no, the both hosts i've seen them connect from don't resolve to the same IP, infact they even seem to be 2 seperate ISPs.

[bang!] has address [bang!]
[bang!] has address [bang!]

PingBad · Guru Joined: 05 Feb 2005 Posts: 2064 Location: New Zealand

dv8-123 · none Joined: 16 Jul 2008 Posts: 1 Location: Liverpool Uk

To be honest, Just look out for the rev.numericable.fr host mask ...
They never stick to the same channels, I have seen them in a number of them, I started doing a whois when i saw them join, now I just kill and make sure that some form of Gline is in place.

Strawberry_Kittens · none Joined: 28 Jun 2008 Posts: 5

Here are a couple of regexes that stop bots like that. Worked perfectly on my network.

EcKstasy · Lurker Joined: 23 May 2008 Posts: 135 Location: Scotland

Yup,Those are called CamBots,They spam the network's users with PM's asking the users to go to sites where they can see the *real* people on cam (>>porn),Beware of those and often try to add a spamfilter for sandra_f as I've seen that one a few times,