Just a suggestion ...
We all know there are spam/ddos drones all over irc, and little can be done to completely wipe them all out.
But I have a suggestion to all the opers out there that might help minimize some of them on your individual servers.
Notice that a lot of drones seem to always be in 20+ channels ... No real person that I know have can have that many windows open and remain sane. Kill all clients that are in 20+ channels (or 30+ if that works better).
Also, a lot of the bot code out there that is infecting people thus creating these drones will automatically quit when a /WHOIS is done on that user -- yet another way to identify the drones.
Drones also like to move around, Join/Part out of the same set of channels (mostly XXX and WAREZ related) -- maybe there is a way to ident them this way?
As of now, in the shell host channel which I support, I use a JoinInfoKick script in my irssi that I customized to WHOIS all joins and check for certain criteria such as # of channels, and Names of certain known channels that have alot of drones in them --- when the criteria is met, that user is kickbanned from the channel.
Anyway, these are only suggestions to maybe help lighten the load on some of the servers --- feel free to comment or not comment, but at least consider.
Thanks!
Death to all Drones!
Moderators: Website/Forum Admins, Website/Ideas/Suggestions Moderators
Death to all Drones!
--
Majestic teh Vibe
"Work like you don`t need the money,
Dance like nobody is watching,
and Love like you`ve never been hurt!"
Majestic teh Vibe
"Work like you don`t need the money,
Dance like nobody is watching,
and Love like you`ve never been hurt!"
Oh I just thought of another idea ...
Drones can`t reply to private msgs right?
So maybe some sort of random talker bot could be used to talk to those who meet a certain criteria from my original post ... after a set amount of time, if no actual dialoged response is received then the user is temp k-lined ................
Drones can`t reply to private msgs right?
So maybe some sort of random talker bot could be used to talk to those who meet a certain criteria from my original post ... after a set amount of time, if no actual dialoged response is received then the user is temp k-lined ................
--
Majestic teh Vibe
"Work like you don`t need the money,
Dance like nobody is watching,
and Love like you`ve never been hurt!"
Majestic teh Vibe
"Work like you don`t need the money,
Dance like nobody is watching,
and Love like you`ve never been hurt!"
Re: Death to all Drones!
Actually, a LOT of people DO stay in that many channels, and have legitimate reasons to do so. Not all of these channels have people talking all the time, and not all are very big channels, but killing everything that tries to join more than 20 channels would hit a lot more innocent people than drones, I am sure.mvibe wrote:Notice that a lot of drones seem to always be in 20+ channels ... No real person that I know have can have that many windows open and remain sane. Kill all clients that are in 20+ channels (or 30+ if that works better).
I don't think any servers currently allow normal users to see when they are being /whois'ed. Opers can have this, and I know one server (in .nl?) used to allow users to have this, too, but I know most server admins don't want to do this.Also, a lot of the bot code out there that is infecting people thus creating these drones will automatically quit when a /WHOIS is done on that user -- yet another way to identify the drones.
A lot of users also like to join/part channels, especially xxx- and warez-related channels... in many of these types of channels, this is all users do... come to get files and then leave, not stay in the channel and chat.Drones also like to move around, Join/Part out of the same set of channels (mostly XXX and WAREZ related) -- maybe there is a way to ident them this way?
To me, that sounds great as a channel policy. When running a channel like that, it doesn't matter too much if a lot of innocents get hit, but it's not usually the way a server is run.As of now, in the shell host channel which I support, I use a JoinInfoKick script in my irssi that I customized to WHOIS all joins and check for certain criteria such as # of channels, and Names of certain known channels that have alot of drones in them --- when the criteria is met, that user is kickbanned from the channel.
Yeah, and then again, I am neither an admin nor an oper, so my comments don't really have much effect, anywayAnyway, these are only suggestions to maybe help lighten the load on some of the servers
Well...
Some of the ideas would likely catch drones, but the number of innocents would be way to high aswell, especally with the 20+ channels thingy.
Its simply not an good enough way to identify drones on, and making sure it is drones we are dealing with, and because of that we cant use it.
Today efnet have several "programs" fighting spam, drones, proxies etc and we are slowly walking toward better solutions with new technology to identify the drones. When it comes to drones and efnet we are way way better then we was just a year ago and with requireing glines on all efnet servers, and working on ways to have better redundancy on proxy scanning we are reducing the drones connecting every day.
The real problem is however not fixed. the machines are still vulnerable, infiltrated and can be used to things like flooding, attacks and warez sharing.
Some of the ideas would likely catch drones, but the number of innocents would be way to high aswell, especally with the 20+ channels thingy.
Its simply not an good enough way to identify drones on, and making sure it is drones we are dealing with, and because of that we cant use it.
Today efnet have several "programs" fighting spam, drones, proxies etc and we are slowly walking toward better solutions with new technology to identify the drones. When it comes to drones and efnet we are way way better then we was just a year ago and with requireing glines on all efnet servers, and working on ways to have better redundancy on proxy scanning we are reducing the drones connecting every day.
The real problem is however not fixed. the machines are still vulnerable, infiltrated and can be used to things like flooding, attacks and warez sharing.
actually, most ddos drones are in 1 channel, if any, and it is something like ##your_mother_likes_me##, which is usually +sk
the ones that are joining 20-30 xxx/warez channels are usually xdcc grabber/bottler type clients. these are generally harmless, other than being a nuisance.
the ones that are joining 20-30 xxx/warez channels are usually xdcc grabber/bottler type clients. these are generally harmless, other than being a nuisance.
In God we trust,
Everyone else must have an X.509 certificate.
Everyone else must have an X.509 certificate.
I can see everyone's point .. I guess most of my suggestions would work better as channel solutions.
I know efnet is busting their humps in trying to minimize unwanted traffic from drones and such.
I guess I saw that these solutions were working in my channel(s) and wondered if they would work as a server solution as well.
Oh well .. maybe something will spawn one day that is a flawless server solution ... Until then All Hail the KICK/BAN
I know efnet is busting their humps in trying to minimize unwanted traffic from drones and such.
I guess I saw that these solutions were working in my channel(s) and wondered if they would work as a server solution as well.
Oh well .. maybe something will spawn one day that is a flawless server solution ... Until then All Hail the KICK/BAN
--
Majestic teh Vibe
"Work like you don`t need the money,
Dance like nobody is watching,
and Love like you`ve never been hurt!"
Majestic teh Vibe
"Work like you don`t need the money,
Dance like nobody is watching,
and Love like you`ve never been hurt!"
Though .. You have got to admit, when you see this every few minutes:
----------------
T-14:28:15 y0-> ProsPer ~ProsPer@dD5E0CC05.access.telenet.be |-|az j01|\|3|) #veritynet
T-14:28:16 y0-> ProsPer is "..." on #veritynet #fauske #I'm a spammer!-iso #counterstrike #hdp #dvdrs #narcotics #idol #windows2000
#gbanow #xxxpasswords #redhat #html #mp3addicts #TrudawgZ #0day-Xdcc #warez-iso #music-videos #xboxzone #mp3channel
#DivX-Movies #BAYTIGHT #Naruto #fedora #M_TOWN #METALMETAL #chatlife #novascotia #prime-tyme-movies #bay2la #roms-isos
#bootlegcentral #VIDEO-DEVILZ #houseofmovies-kidney stones #SpAnKiN-NeW #xxxpassworld #warez_sitez #videopimp #PS2PEOPLE
#lost.no
T-14:28:19 y0-> mode/#veritynet >>+v ProsPer<< |3Y ilec
T-14:28:41 y0-> ProsPer ~ProsPer@dD5E0CC05.access.telenet.be has quit >>Connection closed<<
-----------------------------
You really have got to wonder why a user would be in so many channels then all of a sudden quit inside of a few seconds?
----------------
T-14:28:15 y0-> ProsPer ~ProsPer@dD5E0CC05.access.telenet.be |-|az j01|\|3|) #veritynet
T-14:28:16 y0-> ProsPer is "..." on #veritynet #fauske #I'm a spammer!-iso #counterstrike #hdp #dvdrs #narcotics #idol #windows2000
#gbanow #xxxpasswords #redhat #html #mp3addicts #TrudawgZ #0day-Xdcc #warez-iso #music-videos #xboxzone #mp3channel
#DivX-Movies #BAYTIGHT #Naruto #fedora #M_TOWN #METALMETAL #chatlife #novascotia #prime-tyme-movies #bay2la #roms-isos
#bootlegcentral #VIDEO-DEVILZ #houseofmovies-kidney stones #SpAnKiN-NeW #xxxpassworld #warez_sitez #videopimp #PS2PEOPLE
#lost.no
T-14:28:19 y0-> mode/#veritynet >>+v ProsPer<< |3Y ilec
T-14:28:41 y0-> ProsPer ~ProsPer@dD5E0CC05.access.telenet.be has quit >>Connection closed<<
-----------------------------
You really have got to wonder why a user would be in so many channels then all of a sudden quit inside of a few seconds?
--
Majestic teh Vibe
"Work like you don`t need the money,
Dance like nobody is watching,
and Love like you`ve never been hurt!"
Majestic teh Vibe
"Work like you don`t need the money,
Dance like nobody is watching,
and Love like you`ve never been hurt!"
That client is most likely a bottler/xdcc catcher type client that joined all those channels, then attempted to join a juped channel one or more times resulting in a kline.mvibe wrote:Though .. You have got to admit, when you see this every few minutes:
----------------
T-14:28:15 y0-> ProsPer ~ProsPer@dD5E0CC05.access.telenet.be |-|az j01|\|3|) #veritynet
T-14:28:16 y0-> ProsPer is "..." on #veritynet #fauske #I'm a spammer!-iso #counterstrike #hdp #dvdrs #narcotics #idol #windows2000
#gbanow #xxxpasswords #redhat #html #mp3addicts #TrudawgZ #0day-Xdcc #warez-iso #music-videos #xboxzone #mp3channel
#DivX-Movies #BAYTIGHT #Naruto #fedora #M_TOWN #METALMETAL #chatlife #novascotia #prime-tyme-movies #bay2la #roms-isos
#bootlegcentral #VIDEO-DEVILZ #houseofmovies-kidney stones #SpAnKiN-NeW #xxxpassworld #warez_sitez #videopimp #PS2PEOPLE
#lost.no
T-14:28:19 y0-> mode/#veritynet >>+v ProsPer<< |3Y ilec
T-14:28:41 y0-> ProsPer ~ProsPer@dD5E0CC05.access.telenet.be has quit >>Connection closed<<
-----------------------------
You really have got to wonder why a user would be in so many channels then all of a sudden quit inside of a few seconds?
Re: Death to all Drones!
I guess I am a Nobody!!mvibe wrote:Just a suggestion ...
We all know there are spam/ddos drones all over irc, and little can be done to completely wipe them all out.
But I have a suggestion to all the opers out there that might help minimize some of them on your individual servers.
Notice that a lot of drones seem to always be in 20+ channels ... No real person that I know have can have that many windows open and remain sane. Kill all clients that are in 20+ channels (or 30+ if that works better).
Also, a lot of the bot code out there that is infecting people thus creating these drones will automatically quit when a /WHOIS is done on that user -- yet another way to identify the drones.
Drones also like to move around, Join/Part out of the same set of channels (mostly XXX and WAREZ related) -- maybe there is a way to ident them this way?
As of now, in the shell host channel which I support, I use a JoinInfoKick script in my irssi that I customized to WHOIS all joins and check for certain criteria such as # of channels, and Names of certain known channels that have alot of drones in them --- when the criteria is met, that user is kickbanned from the channel.
Anyway, these are only suggestions to maybe help lighten the load on some of the servers --- feel free to comment or not comment, but at least consider.
Thanks!
Dario : jmjames@whaddu.com (Jeffrey M. (maybe) James) [Commercial]
Channels : @#yes_I_am_that_lame_that_being_idle_on
@#20_channels_makes_me_feel_31337 @#561 @#DarioJames @#megatokyo #whaddu
@#idleville @#lamerdude #scrollz #bored_as_fuck @#medievaltotalwar
@#irc4kids @#treehouse @#new2linux @#new2irc @#ircanonymous @#global
@#Help @#zarbsworld @#OlsenTwins @#newbies #EFnet
Member DNRC
Although many of those ideas would work as chan ideas the problems with having them on the servers would probably create as much hassel as it might solve, as you would get people who are in over 20chans (im only in an average of 18) complaining. Many of those people who are in over 15chans have been online over a period of a long time and have developed networks of friends in various chans.
The problem of having Klines for people who join and quit quickly would probably hit many of the new users to Efnet. I am in many of the chans that are mentioned in the mIRC channel list and i often see the same person go through many of these chans, and as many of them do not have many ppl in and a few are just the same people over various chans, the user does not see the point and moves on to a larger channel, cycling through all of those chans in about 10min staying in only 3 or so out of all of them.
What ever ideas users and servers come up with to stop the problem the people who write the code for these bots will come up with ways to get round it. the problem of keeping these bots off efnet will be an ongoing process, and although the number of them may drop they will always be around I feel and it will be a damage limitation job and a job of containment to keep their effects to a minimum.
The problem of having Klines for people who join and quit quickly would probably hit many of the new users to Efnet. I am in many of the chans that are mentioned in the mIRC channel list and i often see the same person go through many of these chans, and as many of them do not have many ppl in and a few are just the same people over various chans, the user does not see the point and moves on to a larger channel, cycling through all of those chans in about 10min staying in only 3 or so out of all of them.
What ever ideas users and servers come up with to stop the problem the people who write the code for these bots will come up with ways to get round it. the problem of keeping these bots off efnet will be an ongoing process, and although the number of them may drop they will always be around I feel and it will be a damage limitation job and a job of containment to keep their effects to a minimum.
Who is online
Users browsing this forum: No registered users and 2 guests