Coders-IRC


IRC for Coders

On @*BAN event


image

If you want to be able to select custom address masks for ban by type "nick!ident@host" to be set, then the following script is suitable for you

If necessary, you can change these data values ​​according to your preference in the "jflood" alias, as this should work for you:

join-max 2 - this is the maximum number of possible joins per channel of one user before it is baned.
time-max 3 - this is the maximum time in seconds during which the user can get banned if he violates the limit on the number of joins.
type-ban 7 - this is number the type for the mask ban, which will be set when the joins limit is exceeded.

With these settings, the script will ban the user who will execute the2 joins or more times within3 seconds.


alias jflood {
  .hadd -m jf join-max 2
  .hadd -m jf time-max 3
  .hadd -m jf kick-text Stop Join Flood!
  ;---------------------
  ;# Type 1 = nick!ident@host
  ;# Type 2 = nick!*@host
  ;# Type 3 = *!ident@host
  ;# Type 4 = nick!*@*
  ;# Type 5 = *!ident@*
  ;# Type 6 = *!*@host
  ;# Type 7 = *!*@subnet*
  ;---------------------
  .hadd -m jf type-ban 7
}
on *:JOIN:#:{
  jflood | var %jf_chan $+(jfchan-,$chan) | var %jf_nick $+(jfnick-,$chan) | var %jf_ip $gettok($address($nick,5),2,64)
  if ($hget(%jf_chan,%jf_ip)) { .hinc -m %jf_chan %jf_ip 1 }
  if (!$hget(%jf_chan,%jf_ip)) { .hadd -mu $+ $hget(jf,time-max) %jf_chan %jf_ip 1 | .hadd -m %jf_nick %jf_ip $nick }
  .echo $chan 04JFLOOD: >>> $hget(%jf_nick,%jf_ip) $+($chr(40),%jf_ip,$chr(41)) = $+(04,$hget(%jf_chan,%jf_ip))
  if ($hget(%jf_chan,%jf_ip) >= $hget(jf,join-max)) {
    ;---------------------
    if ($hget(jf,type-ban) == 1) .mode $chan +b $address($hget(%jf_nick,%jf_ip),5)
    if ($hget(jf,type-ban) == 2) .mode $chan +b $address($hget(%jf_nick,%jf_ip),7)
    if ($hget(jf,type-ban) == 3) .mode $chan +b $address($hget(%jf_nick,%jf_ip),0)
    if ($hget(jf,type-ban) == 4) .mode $chan +b $+($hget(%jf_nick,%jf_ip),!*@*)
    if ($hget(jf,type-ban) == 5) .mode $chan +b $+($gettok($address($hget(%jf_nick,%jf_ip),1),1,64),@*)
    if ($hget(jf,type-ban) == 6) .mode $chan +b $address($hget(%jf_nick,%jf_ip),2)
    if ($hget(jf,type-ban) == 7) .mode $chan +b $+(*!*@,$gettok(%jf_ip,1-2,46),.*)
    ;---------------------
    .kick $chan $hget(%jf_nick,%jf_ip) $hget(jf,kick-text)
    .hdel -sw %jf_chan %jf_ip
  }
}

Expand


Read More

Clone detector


image

on *:Join:#: {
  var %host_to_search_for = $address($nick,2)
  var %number_from_that_host = $ialchan(%host_to_search_for,$chan,0)
  if (%number_from_that_host > 1) {
    ;we have clones!
    ;first set up our vars and loop
    var %count = 0
    unset %clones
    :loop
    inc %count
    ;loop through every nick, adding the nicks to %clones
    var %clones = %clones $ialchan(%host_to_search_for,$chan,%count).nick
    if (%count < %number_from_that_host) { goto loop }
    echo -t $chan 5(Clones Detected) 0 %count 7Clones From 5 $address($nick,2)
    echo -t $chan 5(Clones Nicks) 12 %clones
  }
}

Expand


Read More

AntiProxyScan v1.0


image

#####################################################################
#   Name: AntiProxyScan v1.0
#   Author: Epic (epicnet@mail.ru, http://epicnet.ru)
#   Description: Automatically scans all incoming connections to the server for proxy addresses and sets a server ban if found.
#####################################################################

alias -l proxyscanner_set {
  %ps_servers = all
  %ps_snomask = +cC
  %ps_btype = ZLINE
  %ps_btime = 3d
  %ps_breason = Your IP was found in DNSBL and it is suspected that is (VPN/Tor/Proxy). To unlock contact the chat administration.
  %ps_blogo = DNSBL: 01,04 BAN 
  %ps_mchan = #Services
  %ps_admins = Epic,Sleepyhead,Admin
}
alias -l proxyscanner_list {
  if ($hget(ps-dnsbl,0).item) .hfree -sw ps-dnsbl
  .hadd -m ps-dnsbl dnsbl.dronebl.org 4,5,6,7,8,9,10,13,15,17,255
  .hadd -m ps-dnsbl rbl.efnetrbl.org 1,3,4,5,6,7,8,9,10,11,12,13,14,15
  .hadd -m ps-dnsbl rbl.efnet.org 1,4,5
  .hadd -m ps-dnsbl tor.efnet.org 1
  .hadd -m ps-dnsbl cbl.abuseat.org 1,3,4,5,6,7,8,9,10,11,12,13,14,15
  .hadd -m ps-dnsbl sbl.spamhaus.org 1,5,6,7,8,9,10,12,13,14,15,255
  .hadd -m ps-dnsbl abuse-contacts.abusix.org 2,3,4
  .hadd -m ps-dnsbl safe.dnsbl.sorbs.net 1,3
  .hadd -m ps-dnsbl all.s5h.net 1,3
  .hadd -m ps-dnsbl bl-h1.rbl.polspam.pl 1
  .hadd -m ps-dnsbl postmaster.rfc-clueless.org 3
}
====================================================
on *:LOAD:{ proxyscanner_set | proxyscanner_list | if (!%ps_work) %ps_work = on }
on *:CONNECT: proxyscanner_set | proxyscanner_list | if (!%ps_work) %ps_work = on | if ($istok(%ps_servers,$server,44)) || (%ps_servers == all) { /mode $me +s %ps_snomask }
on *:TEXT:!ps*:#:{
  if ($1 == !ps && $istok(%ps_admins,$nick,44)) {
    if (!$2) { .notice $nick Syntax: !ps <start/stop/reload> | halt }
    if ($2 == start) { %ps_work = on | .notice $nick ProxyScanner on } | if ($2 == stop) { %ps_work = off | .notice $nick ProxyScanner off }
    if ($2 == reload) { proxyscanner_set | proxyscanner_list | .notice $nick ProxyScanner reload }
  }
}
on *:SNOTICE:*Client connecting*:{
  if (%ps_work == on) {
    if ($istok(%ps_servers,$nick,44)) || ($hget(ps,servers) == all) {
      var %ps_mask $remove($wildtok($1-,*@*,1,32),$chr(40),$chr(41)) | var %ps_nick $gettok(%ps_mask,1,33) | var %ps_ip $gettok(%ps_mask,2,64) | var %ps_id $gettok($gettok(%ps_mask,1,64),2,33)
      if ($ps_detectip(%ps_ip)) proxyscanner_check %ps_ip %ps_id %ps_nick
    }
  }
}
====================================================
alias -l proxyscanner_check {
  var %ps_reverse $ps_revip($1) | .hadd -mu60 ps-oip %ps_reverse $1 | .hadd -mu60 ps-oid %ps_reverse $2 | .hadd -mu60 ps-onick %ps_reverse $3
  var %ps_all $hget(ps-dnsbl,0).item | var %ps_q 1 | while (%ps_q <= %ps_all) {
    var %ps_name $hget(ps-dnsbl,%ps_q).item | var %ps_check $+(%ps_reverse,.,%ps_name)
    .dns %ps_check | inc %ps_q
  }
}
on *:DNS:{
  var %ps_i $dns(0) | while (%ps_i > 0) {
    var %ps_dnsname $dns(%ps_i) | var %ps_dnsip $dns(%ps_i).ip | var %ps_dnsnum $gettok(%ps_dnsip,4,46) | var %ps_dnsrip $gettok(%ps_dnsname,1-4,46) | var %ps_dnsrname $gettok(%ps_dnsname,5-,46)
    if (!$hget(ps-banip,%ps_dnsrip) && $istok($hget(ps-dnsbl,%ps_dnsrname),%ps_dnsnum,44)) {
      ;------------------------------------
      if ($me ison %ps_mchan) /msg %ps_mchan %ps_blogo $+(07,$hget(ps-onick,%ps_dnsrip),) => $+(04,$hget(ps-oid,%ps_dnsrip),@,$hget(ps-oip,%ps_dnsrip),) => $+(06,%ps_dnsrname,) $+($chr(40),07,%ps_dnsnum,,$chr(41)) - $ps_gettype(%ps_dnsname,%ps_dnsnum)
      if (%ps_btype == ZLINE) .ZLINE $hget(ps-oip,%ps_dnsrip) %ps_btime %ps_breason
      if (%ps_btype == KLINE) .KLINE $+(*@,$hget(ps-oip,%ps_dnsrip)) %ps_btime %ps_breason
      if (%ps_btype == GLINE) .GLINE $+(*@,$hget(ps-oip,%ps_dnsrip)) %ps_btime %ps_breason
      ;------------------------------------
      .hadd -mu30 ps-banip %ps_dnsrip 1 | .break
    } | dec %ps_i
  }
}
alias -l ps_revip { tokenize 46 $1 | return $+($4,.,$3,.,$2,.,$1) }
alias -l ps_detectip { tokenize 46 $1 | if ($0 == 4 && $1 isnum 0-255 && $2 isnum 0-255 && $3 isnum 0-255 && $4 isnum 0-255) { return 1 } }
alias -l ps_gettype {
  if (dronebl isin $1) { 
    if ($2 == 2) { return Sample }
    if ($2 == 3) { return IRC Drone }
    if ($2 == 5) { return Bottler }
    if ($2 == 6) { return Unknown Spambot/Drone }
    if ($2 == 7) { return DDOS Drone }
    if ($2 == 8) { return SOCKS Proxy }
    if ($2 == 9) { return HTTP Proxy }
    if ($2 == 10) { return Proxy Chain }
    if ($2 == 11) { return Web Page Proxy }
    if ($2 == 12) { return Open DNS Resolver }
    if ($2 == 13) { return Brute Force Attackers }
    if ($2 == 14) { return Open Wingate Proxy }
    if ($2 == 15) { return Compromised Router/Gateway }
    if ($2 == 16) { return Autorooting worms }
    if ($2 == 17) { return Automatically determined botnet IPs (experimental) }
    if ($2 == 18) { return DNS/MX type hostname detected on IRC }
  }
  if (rbl.efnet isin $1) { 
    if ($2 == 1) { return Open Proxy }
    if ($2 == 2) { return Spamtrap666 }
    if ($2 == 3) { return Spamtrap50 }
    if ($2 == 4) { return TOR } 
    if ($2 == 5) { return Drones/Flooding }
  }
  if (tor.efnet isin $1) { return Tor Server }
  if ($2 == 255) { return 10Unknown }
  else { return Unknown Proxy }
}

Expand


Read More