MIRCX IRC Network
Would you like to react to this message? Create an account in a few clicks or log in to continue.
MIRCX IRC Network

Welcome to MIRCX-Help Bots Scripts Eggdrop IRCD

Search
 
 

Display results as :
 

Rechercher Advanced Search

Web Applications
install Joomla Wordpress Phpbb Drupal FluxBB PunBB osCommerce simple-machines MYBB moodle vBulletin Dolphin-v.7.1.1 PHPNUKE XOOPS
Services
install BorkNet Services X3 Services Anope Atheme Services Srvx IRC Srervices
IRCD
install Snircd IRCU INSPIRCD UNREAL Nefarious Bircd Bahamut Asuka Charybdis
TCL SCRIPT
TCL SCRIPT FOR EGGDROP Allprotection4.7 Antiproxy
Bots
Bots install FishBot bobot++ Eggdrop janus Omega Security Services Botnix Bopm SupyBot PyLink Hopm
Keywords

qwebirc  proxy  mircx  install  spamfilter  borknet  SupyBot  srvx  inspircd  conf  mirc  nefarious  Pylink  freebsd  ircd  bahamut  ircu  bopm  snircd  gnuworld  nefarious2  UnrealIRCd  iauth  postgreSQL  socket  2011  

Latest topics
» מדריך גירסה INSPIRCD V4
Patternized Botnet Flood Detector EmptySat Aug 05, 2023 2:09 am by Chief

» mIRCx IRC Network Config
Patternized Botnet Flood Detector EmptySat Jul 15, 2023 9:51 pm by Chief

» ircu2.10.12-pk with dnsbl
Patternized Botnet Flood Detector EmptyFri Mar 10, 2023 2:22 pm by Admin

» Guide install PyLink on New version FreeBSD
Patternized Botnet Flood Detector EmptyThu Dec 15, 2022 9:39 pm by Chief

» מדריך התקנה PBot על מערכת הפעלה FreeBsd-12
Patternized Botnet Flood Detector EmptyMon Dec 05, 2022 5:44 am by Chief

» install Nefarious2 && X3 IRC Services in FreeBsd
Patternized Botnet Flood Detector EmptySat Nov 12, 2022 3:12 pm by Chief

» help problem with adduser in Freebsd 12
Patternized Botnet Flood Detector EmptyFri Nov 11, 2022 9:06 pm by Chief

» מדריך פקודות והתקנה בסרביס X3
Patternized Botnet Flood Detector EmptyFri Oct 28, 2022 1:43 pm by Chief

» מדריך הגדרות WebIRC in Nefarious2
Patternized Botnet Flood Detector EmptyThu Apr 07, 2022 4:45 am by Chief

May 2024
MonTueWedThuFriSatSun
  12345
6789101112
13141516171819
20212223242526
2728293031  

Calendar Calendar

Affiliates
free forum

Affiliates
free forum


Patternized Botnet Flood Detector

MIRCX IRC Network :: MIRCX :: MIRCX

Go down

Patternized Botnet Flood Detector Empty Patternized Botnet Flood Detector

Post  Admin Thu Sep 01, 2011 3:21 pm

Code:

/*
* -------------- ------ --- - - --- -------- --- - --
*  Project Focus
*  Patternized Botnet Flood Killer
*
*  by Tim Gunter / IcyLiquid
*  icyliquid@gmail.com
*  version 0.2
* -------------- ------ --- - - --- -------- --- - --
*/

; -------------- ------ --- - - --- -------- --- - --
; Menus
; -------------- ------ --- - - --- -------- --- - --

menu menubar,status,channel,query,nicklist {
  Focus
  .Pattern Botnet Detection
  .. $+ $iif($pbn.act,Disable,Enable) :pbn.tog
  ..Configure:pbn.config
}

; -------------- ------ --- - - --- -------- --- - --
; Events
; -------------- ------ --- - - --- -------- --- - --

on *:start:{ pbn.hash load }
on *:exit:{ pbn.hash save }
on !@*:join:#:{
  if ($pbn.act) {
    if (*.undernet.org !iswm $gettok($fulladdress,2,$asc(@)) && *~* iswm $gettok($fulladdress,1,$asc(@))) {
      var %hs = $pbn.hs($cid,$chan)

      var %nickpattern = $pbn.pattern($nick), %limit = $iif($hget(pbn.hash,limit),$ifmatch,3)
      if ($istok($pbn.get(%hs).bans,%nickpattern,32)) {
        ban -k $chan $nick 2 Pattern Botnet Flood - $nick
      }
      elseif ($pbn.count(%hs,%nickpattern).get >= %limit && !$pbn.isresync($cid,$chan,%nickpattern)) {
        echo -a 03* Flood detected in $+(03,$chan,) $+ , triggered by $+(03,$nick,) ( $+ $+(03,%nickpattern,) $+ )
        pbn.channelstatus $cid $chan %nickpattern
        mode $chan +r
        ban -k $chan $nick 2 Pattern Botnet Flood - $nick
        $pbn.set(%hs,$addtok($pbn.get(%hs).bans,%nickpattern,32)).bans
        .timer 1 300 pbn.remove %nickpattern $cid $chan
        .timer 1 10 pbn.clear %nickpattern $cid $chan
      }

      $pbn.count(%hs,%nickpattern).inc

    }
  }
}

; -------------- ------ --- - - --- -------- --- - --
; Aliases
; -------------- ------ --- - - --- -------- --- - --

alias -l pbn.isresync {
  if ($hget(pbn.hash,$+($pbn.hs($1,$2),-resync))) { return $true }
  var %match = $+($pbn.hs($1,$2),*-count)
  var %items = $hfind(pbn.hash,%match,0,w), %item = 1, %limit = $hget(pbn.hash,limit), %highthresh = $calc(%limit * (1 + (2/3)))
  var %highmatches = 0
  while (%item <= %items) {
    var %name = $hfind(pbn.hash,%match,%item,w)
    if ($gettok(%name,2,45) != $3) {
      if ($hget(pbn.hash,%name) > $calc(%limit * (2/3))) { inc %highmatches }
    }
    inc %item
  }
  if (%highmatches > 3 || %items > %highthresh) { hadd -u10 pbn.hash $+($pbn.hs($1,$2),-resync) 1 | echo -a 03* Mass join in $+(03,$2,) $+ , ignored due to $+(03,suspected resync,) }
  return $iif(%highmatches > 3 || %items > %highthresh,$true,$false)
}

alias pbn.channelstatus {
  var %match = $+($pbn.hs($1,$2),*-count)
  var %items = $hfind(pbn.hash,%match,0,w), %item = 1, %matches = 0, %limit = $hget(pbn.hash,limit)
  echo $2 02 $+ $2 $+ , %items 02 $+ $chr(123) $+ 
  while (%item <= %items) {
    var %name = $hfind(pbn.hash,%match,%item,w)
    var %count = $hget(pbn.hash,%name)
    if (%count > %limit) { var %show = $+(,$gettok(%name,2,45),) }
    else { var %show = $gettok(%name,2,45) }

    echo $2    03 $+ %show 07=>04 $hget(pbn.hash,%name)
    inc %item
  }
  echo $2 02 $+ $chr(125) $+ 
}

alias -l pbn.hash {
  if (!$hget(pbn.hash)) { hmake pbn.hash 100 }
  if ($1 == save) {
    var %active = $hget(pbn.hash,active)
    var %period = $hget(pbn.hash,period)
    var %limit = $hget(pbn.hash,limit)
    hfree pbn.hash | hmake pbn.hash 1
    hadd pbn.hash active %active
    hadd pbn.hash period %period
    hadd pbn.hash limit %limit
    hsave -bo pbn.hash $+(",$scriptdir,pbn.hash.bin,")
  }
  if ($1 == load) {
    if ($exists($+(",$scriptdir,pbn.hash.bin,"))) {
      hload -b pbn.hash $+(",$scriptdir,pbn.hash.bin,")
      .remove $+(",$scriptdir,pbn.hash.bin,")
    }
  }
}

alias -l pbn.hs {
  return $+($2,~,$1)
}

alias pbn.tog {
  pbn.hash
  if ($hget(pbn.hash,active)) { hadd pbn.hash active 0 }
  else { hadd pbn.hash active 1 }
  echo -a 03* Pattern Botnet Detection is $iif($hget(pbn.hash,active),03enabled,04disabled) $+ .
}

alias pbn.config {
  pbn.hash
  var %res = $input(Please configure the detector. The format is <joins>:<seconds> where <joins> matching patterns seen within <seconds> seconds of each other result in a lock. $crlf,eoq,Configure,$+($hget(pbn.hash,limit),:,$hget(pbn.hash,period)))
  if ($numtok(%res,$asc(:)) == 2) {
    var %limit = $gettok(%res,1,$asc(:))
    var %period = $gettok(%res,2,$asc(:))
    if (%limit isnum && %period isnum) {
      hadd pbn.hash period %period
      hadd pbn.hash limit %limit
      echo -a 03* Set flood threshold at $+(03,%limit,) matching joins within $+(03,%period,) seconds.
    }
    else {
      echo -a 04* Invalid flood config. Format is <joins>:<seconds> where both arguments are numerical.
    }
  }
}

alias pbn.act { pbn.hash | return $hget(pbn.hash,active) }

alias -l pbn.get {
  if ($isid && $0 && $prop) {
    pbn.hash
    return $hget(pbn.hash,$+($1,-,$prop))
  }
}

alias -l pbn.count {
  if ($isid) {
    pbn.hash
    if ($prop == get) {
      var %pri = $replace($1-,$chr(32),-)
      return $pbn.get(%pri).count
    }
    elseif ($prop == inc) {
      var %pri = $replace($1-,$chr(32),-)
      hinc pbn.hash $+(%pri,-,count) 1
      .timer 1 $iif($hget(pbn.hash,period),$ifmatch,5) pbn.count dec $1-
    }
    elseif ($prop == set) {
      var %pri = $replace($1- [ $+ [ $calc($0 - 1) ] ],$chr(32),-)
      $pbn.set(%pri,$ [ $+ [ $0 ] ]).count
    }
  }
  else {
    if ($1 == dec) {
      var %pri = $+($replace($2-,$chr(32),-),-count)
      hdec pbn.hash %pri 1
      if ($hget(pbn.hash,%pri) <= 0) { hdel pbn.hash %pri }
    }
  }
}

alias -l pbn.set {
  if ($isid && $0 && $prop) {
    pbn.hash
    if ($0 > 1 && $2 != $null) {
      if ($3 != inc && $3 != dec) {
        hadd pbn.hash $+($1,-,$prop) $2
      }
      else {
        var %cmd = $+(h,$3)
        %cmd pbn.hash $+($1,-,$prop) $2
      }
    }
    else {
      hdel pbn.hash $+($1,-,$prop)
    }
  }
}

alias -l pbn.pattern {
  if ($isid && $0) {
    var %result, %j = $len($1), %i = 1
    while (%i <= %j) {
      var %char = $mid($1,%i,1)
      if (%char isnum) { var %result = $+(%result,n) }
      elseif (%char isalpha) {
        if (%char isupper) { var %result = $+(%result,u) }
        if (%char islower) { var %result = $+(%result,l) }
      }
      else { var %result = $+(%result,e) }
      inc %i
    }
    return %result
  }
}

alias pbn.remove {
  var %hs = $pbn.hs($2,$3)
  if ($istok($pbn.get(%hs).bans,$1,32)) {
    var %newbans = $remtok($pbn.get(%hs).bans,$1,1,32)
    $pbn.set(%hs,%newbans).bans
    if (%newbans == $null) { mode $3 -r }
    echo -a 03* No longer banning pattern $+(03,$1,) on $+(03,$3,)
  }
}

alias -l pbn.clear {
  scid $2
  var %nicks = $nick($3,0,a,oh), %i = 1
  while (%i <= %nicks) {
    var %nick = $nick($3,%i,a,oh)
    if ($pbn.pattern(%nick) == $1) { ban -k $3 %nick 2 Pattern Botnet Flood - %nick }
    inc %i
  }
  echo -a 03* Finished clearing $+(03,$3,)
  scid -r
}
Admin
Admin
Admin

מספר הודעות : 269
Join date : 2009-09-12
Age : 43
מיקום : mIRCX IRC Network

https://mircx.forumotion.net

Back to top Go down

Back to top

- Similar topics

MIRCX IRC Network :: MIRCX :: MIRCX

 
Permissions in this forum:
You cannot reply to topics in this forum