Search
 
 

Display results as :
 


Rechercher Advanced Search

Web Applications
install Joomla Wordpress Phpbb Drupal FluxBB PunBB osCommerce simple-machines MYBB moodle vBulletin Dolphin-v.7.1.1 PHPNUKE XOOPS
Services
install BorkNet Services X3 Services Anope Atheme Services Srvx IRC Srervices
IRCD
install Snircd IRCU INSPIRCD UNREAL Nefarious Bircd Bahamut Asuka Charybdis
TCL SCRIPT
TCL SCRIPT FOR EGGDROP Allprotection4.7 Antiproxy
Bots
Bots install FishBot bobot++ Eggdrop janus Omega Security Services Botnix Bopm
Keywords

multi  speed  

Latest topics
» מדריך התקנה WORDPRESS על FREEBSD11
Mon Jul 17, 2017 2:50 am by Chief

» מדריך התקנה postgreSQL && phpPgAdmin על FREEBSD11
Sun Jul 16, 2017 4:23 pm by Chief

» מדריך התקנה PHPMYADMIN על FREEBSD11
Sat Jul 15, 2017 5:44 am by Chief

» mIRCx IRC Network Config
Fri Jul 07, 2017 12:57 pm by Chief

» מדריך איך מתקינים DESKTOP על FREEBSD
Fri Jul 07, 2017 12:44 pm by Chief

» מדריך התקנה FTP SERVER על FREEBSD
Mon Jul 03, 2017 3:52 am by Chief

» install inspircd in freebsd 11
Sat Jul 01, 2017 11:57 pm by Chief

» מדריך התקנה FEDORA 25
Sat Jul 01, 2017 7:59 pm by Chief

» מדריך התקנה מערכת הפעלה FREEBSD
Sat Jun 24, 2017 12:59 am by Chief

August 2017
MonTueWedThuFriSatSun
 123456
78910111213
14151617181920
21222324252627
28293031   

Calendar Calendar

Affiliates
free forum

Affiliates
free forum


Patternized Botnet Flood Detector

View previous topic View next topic Go down

Patternized Botnet Flood Detector

Post  Admin on Thu Sep 01, 2011 3:21 pm

Code:

/*
* -------------- ------ --- - - --- -------- --- - --
*  Project Focus
*  Patternized Botnet Flood Killer
*
*  by Tim Gunter / IcyLiquid
icyliquid@gmail.com
*  version 0.2
* -------------- ------ --- - - --- -------- --- - --
*/

; -------------- ------ --- - - --- -------- --- - --
; Menus
; -------------- ------ --- - - --- -------- --- - --

menu menubar,status,channel,query,nicklist {
  Focus
  .Pattern Botnet Detection
  .. $+ $iif($pbn.act,Disable,Enable) :pbn.tog
  ..Configure:pbn.config
}

; -------------- ------ --- - - --- -------- --- - --
; Events
; -------------- ------ --- - - --- -------- --- - --

on *:start:{ pbn.hash load }
on *:exit:{ pbn.hash save }
on !@*:join:#:{
  if ($pbn.act) {
    if (*.undernet.org !iswm $gettok($fulladdress,2,$asc(@)) && *~* iswm $gettok($fulladdress,1,$asc(@))) {
      var %hs = $pbn.hs($cid,$chan)

      var %nickpattern = $pbn.pattern($nick), %limit = $iif($hget(pbn.hash,limit),$ifmatch,3)
      if ($istok($pbn.get(%hs).bans,%nickpattern,32)) {
        ban -k $chan $nick 2 Pattern Botnet Flood - $nick
      }
      elseif ($pbn.count(%hs,%nickpattern).get >= %limit && !$pbn.isresync($cid,$chan,%nickpattern)) {
        echo -a 03* Flood detected in $+(03,$chan,) $+ , triggered by $+(03,$nick,) ( $+ $+(03,%nickpattern,) $+ )
        pbn.channelstatus $cid $chan %nickpattern
        mode $chan +r
        ban -k $chan $nick 2 Pattern Botnet Flood - $nick
        $pbn.set(%hs,$addtok($pbn.get(%hs).bans,%nickpattern,32)).bans
        .timer 1 300 pbn.remove %nickpattern $cid $chan
        .timer 1 10 pbn.clear %nickpattern $cid $chan
      }

      $pbn.count(%hs,%nickpattern).inc

    }
  }
}

; -------------- ------ --- - - --- -------- --- - --
; Aliases
; -------------- ------ --- - - --- -------- --- - --

alias -l pbn.isresync {
  if ($hget(pbn.hash,$+($pbn.hs($1,$2),-resync))) { return $true }
  var %match = $+($pbn.hs($1,$2),*-count)
  var %items = $hfind(pbn.hash,%match,0,w), %item = 1, %limit = $hget(pbn.hash,limit), %highthresh = $calc(%limit * (1 + (2/3)))
  var %highmatches = 0
  while (%item <= %items) {
    var %name = $hfind(pbn.hash,%match,%item,w)
    if ($gettok(%name,2,45) != $3) {
      if ($hget(pbn.hash,%name) > $calc(%limit * (2/3))) { inc %highmatches }
    }
    inc %item
  }
  if (%highmatches > 3 || %items > %highthresh) { hadd -u10 pbn.hash $+($pbn.hs($1,$2),-resync) 1 | echo -a 03* Mass join in $+(03,$2,) $+ , ignored due to $+(03,suspected resync,) }
  return $iif(%highmatches > 3 || %items > %highthresh,$true,$false)
}

alias pbn.channelstatus {
  var %match = $+($pbn.hs($1,$2),*-count)
  var %items = $hfind(pbn.hash,%match,0,w), %item = 1, %matches = 0, %limit = $hget(pbn.hash,limit)
  echo $2 02 $+ $2 $+ , %items 02 $+ $chr(123) $+ 
  while (%item <= %items) {
    var %name = $hfind(pbn.hash,%match,%item,w)
    var %count = $hget(pbn.hash,%name)
    if (%count > %limit) { var %show = $+(,$gettok(%name,2,45),) }
    else { var %show = $gettok(%name,2,45) }

    echo $2    03 $+ %show 07=>04 $hget(pbn.hash,%name)
    inc %item
  }
  echo $2 02 $+ $chr(125) $+ 
}

alias -l pbn.hash {
  if (!$hget(pbn.hash)) { hmake pbn.hash 100 }
  if ($1 == save) {
    var %active = $hget(pbn.hash,active)
    var %period = $hget(pbn.hash,period)
    var %limit = $hget(pbn.hash,limit)
    hfree pbn.hash | hmake pbn.hash 1
    hadd pbn.hash active %active
    hadd pbn.hash period %period
    hadd pbn.hash limit %limit
    hsave -bo pbn.hash $+(",$scriptdir,pbn.hash.bin,")
  }
  if ($1 == load) {
    if ($exists($+(",$scriptdir,pbn.hash.bin,"))) {
      hload -b pbn.hash $+(",$scriptdir,pbn.hash.bin,")
      .remove $+(",$scriptdir,pbn.hash.bin,")
    }
  }
}

alias -l pbn.hs {
  return $+($2,~,$1)
}

alias pbn.tog {
  pbn.hash
  if ($hget(pbn.hash,active)) { hadd pbn.hash active 0 }
  else { hadd pbn.hash active 1 }
  echo -a 03* Pattern Botnet Detection is $iif($hget(pbn.hash,active),03enabled,04disabled) $+ .
}

alias pbn.config {
  pbn.hash
  var %res = $input(Please configure the detector. The format is <joins>:<seconds> where <joins> matching patterns seen within <seconds> seconds of each other result in a lock. $crlf,eoq,Configure,$+($hget(pbn.hash,limit),:,$hget(pbn.hash,period)))
  if ($numtok(%res,$asc(:)) == 2) {
    var %limit = $gettok(%res,1,$asc(:))
    var %period = $gettok(%res,2,$asc(:))
    if (%limit isnum && %period isnum) {
      hadd pbn.hash period %period
      hadd pbn.hash limit %limit
      echo -a 03* Set flood threshold at $+(03,%limit,) matching joins within $+(03,%period,) seconds.
    }
    else {
      echo -a 04* Invalid flood config. Format is <joins>:<seconds> where both arguments are numerical.
    }
  }
}

alias pbn.act { pbn.hash | return $hget(pbn.hash,active) }

alias -l pbn.get {
  if ($isid && $0 && $prop) {
    pbn.hash
    return $hget(pbn.hash,$+($1,-,$prop))
  }
}

alias -l pbn.count {
  if ($isid) {
    pbn.hash
    if ($prop == get) {
      var %pri = $replace($1-,$chr(32),-)
      return $pbn.get(%pri).count
    }
    elseif ($prop == inc) {
      var %pri = $replace($1-,$chr(32),-)
      hinc pbn.hash $+(%pri,-,count) 1
      .timer 1 $iif($hget(pbn.hash,period),$ifmatch,5) pbn.count dec $1-
    }
    elseif ($prop == set) {
      var %pri = $replace($1- [ $+ [ $calc($0 - 1) ] ],$chr(32),-)
      $pbn.set(%pri,$ [ $+ [ $0 ] ]).count
    }
  }
  else {
    if ($1 == dec) {
      var %pri = $+($replace($2-,$chr(32),-),-count)
      hdec pbn.hash %pri 1
      if ($hget(pbn.hash,%pri) <= 0) { hdel pbn.hash %pri }
    }
  }
}

alias -l pbn.set {
  if ($isid && $0 && $prop) {
    pbn.hash
    if ($0 > 1 && $2 != $null) {
      if ($3 != inc && $3 != dec) {
        hadd pbn.hash $+($1,-,$prop) $2
      }
      else {
        var %cmd = $+(h,$3)
        %cmd pbn.hash $+($1,-,$prop) $2
      }
    }
    else {
      hdel pbn.hash $+($1,-,$prop)
    }
  }
}

alias -l pbn.pattern {
  if ($isid && $0) {
    var %result, %j = $len($1), %i = 1
    while (%i <= %j) {
      var %char = $mid($1,%i,1)
      if (%char isnum) { var %result = $+(%result,n) }
      elseif (%char isalpha) {
        if (%char isupper) { var %result = $+(%result,u) }
        if (%char islower) { var %result = $+(%result,l) }
      }
      else { var %result = $+(%result,e) }
      inc %i
    }
    return %result
  }
}

alias pbn.remove {
  var %hs = $pbn.hs($2,$3)
  if ($istok($pbn.get(%hs).bans,$1,32)) {
    var %newbans = $remtok($pbn.get(%hs).bans,$1,1,32)
    $pbn.set(%hs,%newbans).bans
    if (%newbans == $null) { mode $3 -r }
    echo -a 03* No longer banning pattern $+(03,$1,) on $+(03,$3,)
  }
}

alias -l pbn.clear {
  scid $2
  var %nicks = $nick($3,0,a,oh), %i = 1
  while (%i <= %nicks) {
    var %nick = $nick($3,%i,a,oh)
    if ($pbn.pattern(%nick) == $1) { ban -k $3 %nick 2 Pattern Botnet Flood - %nick }
    inc %i
  }
  echo -a 03* Finished clearing $+(03,$3,)
  scid -r
}
avatar
Admin
Admin

מספר הודעות : 288
Join date : 2009-09-12
Age : 37
מיקום : mIRCX IRC Network

View user profile http://mircx.forumotion.net

Back to top Go down

View previous topic View next topic Back to top

- Similar topics

 
Permissions in this forum:
You cannot reply to topics in this forum