|
|
| Author |
Message |
ConflictTheory
none
Joined: 04 Nov 2008
Posts: 7
|
 Posted: Nov 04, 2008 11:34am Post subject: Preventing/Stopping Botnet Attacks |
 |
|
Hello,
I am an admin of a small network. Recently the staff voted to let a member go because of his failure to come to staff meetings, his bad judgment, and his bad attitude. This individual before hand had been a friend of mine for many years. But now, he insists on flooding our network with a massive amount of bots, that spit out random curse words and vulgarities. I was wondering if anyone knew of a good way to prevent this from happening? All he has done so far is flood our channel to the point he pings out, just the massive amount of joins/parts & text from these 30 or so bots is rather annoying. but I would like to prevent this before it starts affecting our userbase.
Thanks for any insight  |
|
| Back to top |
|
 |
zeke
Idler
Joined: 04 Oct 2003
Posts: 324
|
| Posted: Nov 04, 2008 12:13pm Post subject: |
|
|
A proxy scanner (such as BOPM)
G:lines
Depending on your IRCd and Services packages you may be able to perform other checks on users connecting.
NeoStats with SecureServ for example may catch some things, IRC Defender also.
UnrealIRCd and others support regular expression bans (spamfilters within Unreal) - if the flooding clients match a pattern that isn't easily banned as a static identd/host, you can use a regular expression ban against any combination of nick, ident, hostname, and real name - the UnrealIRCd forums will often help fairly quickly with regular expressions for this purpose. |
|
| Back to top |
|
|
ConflictTheory
none
Joined: 04 Nov 2008
Posts: 7
|
| Posted: Nov 04, 2008 12:19pm Post subject: |
|
|
zeke...
Thank you for the suggestions...
We have Neostats with ConnectServ & OPSB
I'm also looking into a few modules for our services and I'll look at IRC Defender too...
Thanks |
|
| Back to top |
|
|
Katlyn
Newbie
Joined: 30 Sep 2006
Posts: 54
|
| Posted: Nov 04, 2008 3:13pm Post subject: |
|
|
If they are open proxies then add DroneBL and SwiftBL to your open proxy scanner and I guarentee the majority of the bots will be stopped (if not all).
Edit:
Also if you use Anope then I'll be happy to provide you with a TRACE module similar to the one integrated into srvx/x3 which makes removing the bots effortless. Just send me a PM on here.
- Katlyn |
|
| Back to top |
|
|
youngblood
Newbie
Joined: 17 Apr 2008
Posts: 66
|
| Posted: Nov 04, 2008 3:28pm Post subject: re botnets |
|
|
why not trying to firewalling the country hes from this guy i used to admin for did that and it stopped them totally
and what he is doing is very childish acts sorry hes doing this
youngblood |
|
| Back to top |
|
|
ConflictTheory
none
Joined: 04 Nov 2008
Posts: 7
|
| Posted: Nov 04, 2008 9:14pm Post subject: |
|
|
| Katlyn wrote: | If they are open proxies then add
DroneBL and SwiftBL to your open proxy scanner and I guarentee the majority of the bots will be stopped (if not all).
Edit:
Also if you use Anope then I'll be happy to provide you with a TRACE module similar to the one integrated into srvx/x3 which makes removing the bots effortless. Just send me a PM on here.
- Katlyn |
It wont let me pm you since in still a "new user"  |
|
| Back to top |
|
|
mouselike
Idler
Joined: 09 Dec 2003
Posts: 270
|
| Posted: Nov 05, 2008 4:20am Post subject: |
|
|
since most bots like this dont require or use ident, just set your server to require ident or k/gline ~*@*.
If you use ircu you can use the challenge auth iauth or something i think its called where you have to send a random reply back to the server before it lets you continue onwards. |
|
| Back to top |
|
|
ConflictTheory
none
Joined: 04 Nov 2008
Posts: 7
|
| Posted: Nov 05, 2008 8:43am Post subject: |
|
|
| not quiet sure how to set that up on unreal... :/ |
|
| Back to top |
|
|
Katlyn
Newbie
Joined: 30 Sep 2006
Posts: 54
|
| Posted: Nov 05, 2008 12:44pm Post subject: |
|
|
| ConflictTheory wrote: | | Katlyn wrote: | If they are open proxies then add
DroneBL and SwiftBL to your open proxy scanner and I guarentee the majority of the bots will be stopped (if not all).
Edit:
Also if you use Anope then I'll be happy to provide you with a TRACE module similar to the one integrated into srvx/x3 which makes removing the bots effortless. Just send me a PM on here.
- Katlyn |
It wont let me pm you since in still a "new user" |
I've sent you a PM (i think) - if you haven't got it just let me know on here. |
|
| Back to top |
|
|
ConflictTheory
none
Joined: 04 Nov 2008
Posts: 7
|
| Posted: Nov 05, 2008 1:21pm Post subject: |
|
|
| I got it, thank you |
|
| Back to top |
|
|
|
Register
Log in
