Search
 
 

Display results as :
 


Rechercher Advanced Search

Web Applications
install Joomla Wordpress Phpbb Drupal FluxBB PunBB osCommerce simple-machines MYBB moodle vBulletin Dolphin-v.7.1.1 PHPNUKE XOOPS
Services
install BorkNet Services X3 Services Anope Atheme Services Srvx IRC Srervices
IRCD
install Snircd IRCU INSPIRCD UNREAL Nefarious Bircd Bahamut Asuka Charybdis
TCL SCRIPT
TCL SCRIPT FOR EGGDROP Allprotection4.7 Antiproxy
Bots
Bots install FishBot bobot++ Eggdrop janus Omega Security Services Botnix Bopm SupyBot PyLink Hopm
Latest topics
» מדריך הגנות אופרים בגירסאות IRCD
Mon May 14, 2018 5:50 am by Chief

» install irssi v1.2-1.2-dev in freebsd
Thu Mar 22, 2018 5:43 am by Chief

» install ZNC in Ubuntu 14.04
Sun Mar 04, 2018 5:50 am by Chief

» מדריך שינוי גירסאות ב FREEBSD
Fri Mar 02, 2018 8:35 am by Chief

» מדריך התקנה ZNC על WINDOWS 7
Wed Feb 21, 2018 3:30 am by Chief

» Guide install Znc in FreeBsd
Sun Feb 18, 2018 7:58 am by Chief

» Guide install InspIRCd v3.0.0a5 in FreeBsd
Thu Jan 18, 2018 9:52 pm by Chief

» mIRCx IRC Network Config
Sun Dec 10, 2017 2:22 am by Chief

» מדריך התקנה Pylink על unrealircd4 && inspircd
Sat Nov 18, 2017 6:35 am by Chief

July 2018
MonTueWedThuFriSatSun
      1
2345678
9101112131415
16171819202122
23242526272829
3031     

Calendar Calendar

Affiliates
free forum

Affiliates
free forum


Patternized Botnet Flood Detector

Go down

Patternized Botnet Flood Detector

Post  Admin on Thu Sep 01, 2011 3:21 pm

Code:

/*
* -------------- ------ --- - - --- -------- --- - --
*  Project Focus
*  Patternized Botnet Flood Killer
*
*  by Tim Gunter / IcyLiquid
*  icyliquid@gmail.com
*  version 0.2
* -------------- ------ --- - - --- -------- --- - --
*/

; -------------- ------ --- - - --- -------- --- - --
; Menus
; -------------- ------ --- - - --- -------- --- - --

menu menubar,status,channel,query,nicklist {
  Focus
  .Pattern Botnet Detection
  .. $+ $iif($pbn.act,Disable,Enable) :pbn.tog
  ..Configure:pbn.config
}

; -------------- ------ --- - - --- -------- --- - --
; Events
; -------------- ------ --- - - --- -------- --- - --

on *:start:{ pbn.hash load }
on *:exit:{ pbn.hash save }
on !@*:join:#:{
  if ($pbn.act) {
    if (*.undernet.org !iswm $gettok($fulladdress,2,$asc(@)) && *~* iswm $gettok($fulladdress,1,$asc(@))) {
      var %hs = $pbn.hs($cid,$chan)

      var %nickpattern = $pbn.pattern($nick), %limit = $iif($hget(pbn.hash,limit),$ifmatch,3)
      if ($istok($pbn.get(%hs).bans,%nickpattern,32)) {
        ban -k $chan $nick 2 Pattern Botnet Flood - $nick
      }
      elseif ($pbn.count(%hs,%nickpattern).get >= %limit && !$pbn.isresync($cid,$chan,%nickpattern)) {
        echo -a 03* Flood detected in $+(03,$chan,) $+ , triggered by $+(03,$nick,) ( $+ $+(03,%nickpattern,) $+ )
        pbn.channelstatus $cid $chan %nickpattern
        mode $chan +r
        ban -k $chan $nick 2 Pattern Botnet Flood - $nick
        $pbn.set(%hs,$addtok($pbn.get(%hs).bans,%nickpattern,32)).bans
        .timer 1 300 pbn.remove %nickpattern $cid $chan
        .timer 1 10 pbn.clear %nickpattern $cid $chan
      }

      $pbn.count(%hs,%nickpattern).inc

    }
  }
}

; -------------- ------ --- - - --- -------- --- - --
; Aliases
; -------------- ------ --- - - --- -------- --- - --

alias -l pbn.isresync {
  if ($hget(pbn.hash,$+($pbn.hs($1,$2),-resync))) { return $true }
  var %match = $+($pbn.hs($1,$2),*-count)
  var %items = $hfind(pbn.hash,%match,0,w), %item = 1, %limit = $hget(pbn.hash,limit), %highthresh = $calc(%limit * (1 + (2/3)))
  var %highmatches = 0
  while (%item <= %items) {
    var %name = $hfind(pbn.hash,%match,%item,w)
    if ($gettok(%name,2,45) != $3) {
      if ($hget(pbn.hash,%name) > $calc(%limit * (2/3))) { inc %highmatches }
    }
    inc %item
  }
  if (%highmatches > 3 || %items > %highthresh) { hadd -u10 pbn.hash $+($pbn.hs($1,$2),-resync) 1 | echo -a 03* Mass join in $+(03,$2,) $+ , ignored due to $+(03,suspected resync,) }
  return $iif(%highmatches > 3 || %items > %highthresh,$true,$false)
}

alias pbn.channelstatus {
  var %match = $+($pbn.hs($1,$2),*-count)
  var %items = $hfind(pbn.hash,%match,0,w), %item = 1, %matches = 0, %limit = $hget(pbn.hash,limit)
  echo $2 02 $+ $2 $+ , %items 02 $+ $chr(123) $+ 
  while (%item <= %items) {
    var %name = $hfind(pbn.hash,%match,%item,w)
    var %count = $hget(pbn.hash,%name)
    if (%count > %limit) { var %show = $+(,$gettok(%name,2,45),) }
    else { var %show = $gettok(%name,2,45) }

    echo $2    03 $+ %show 07=>04 $hget(pbn.hash,%name)
    inc %item
  }
  echo $2 02 $+ $chr(125) $+ 
}

alias -l pbn.hash {
  if (!$hget(pbn.hash)) { hmake pbn.hash 100 }
  if ($1 == save) {
    var %active = $hget(pbn.hash,active)
    var %period = $hget(pbn.hash,period)
    var %limit = $hget(pbn.hash,limit)
    hfree pbn.hash | hmake pbn.hash 1
    hadd pbn.hash active %active
    hadd pbn.hash period %period
    hadd pbn.hash limit %limit
    hsave -bo pbn.hash $+(",$scriptdir,pbn.hash.bin,")
  }
  if ($1 == load) {
    if ($exists($+(",$scriptdir,pbn.hash.bin,"))) {
      hload -b pbn.hash $+(",$scriptdir,pbn.hash.bin,")
      .remove $+(",$scriptdir,pbn.hash.bin,")
    }
  }
}

alias -l pbn.hs {
  return $+($2,~,$1)
}

alias pbn.tog {
  pbn.hash
  if ($hget(pbn.hash,active)) { hadd pbn.hash active 0 }
  else { hadd pbn.hash active 1 }
  echo -a 03* Pattern Botnet Detection is $iif($hget(pbn.hash,active),03enabled,04disabled) $+ .
}

alias pbn.config {
  pbn.hash
  var %res = $input(Please configure the detector. The format is <joins>:<seconds> where <joins> matching patterns seen within <seconds> seconds of each other result in a lock. $crlf,eoq,Configure,$+($hget(pbn.hash,limit),:,$hget(pbn.hash,period)))
  if ($numtok(%res,$asc(:)) == 2) {
    var %limit = $gettok(%res,1,$asc(:))
    var %period = $gettok(%res,2,$asc(:))
    if (%limit isnum && %period isnum) {
      hadd pbn.hash period %period
      hadd pbn.hash limit %limit
      echo -a 03* Set flood threshold at $+(03,%limit,) matching joins within $+(03,%period,) seconds.
    }
    else {
      echo -a 04* Invalid flood config. Format is <joins>:<seconds> where both arguments are numerical.
    }
  }
}

alias pbn.act { pbn.hash | return $hget(pbn.hash,active) }

alias -l pbn.get {
  if ($isid && $0 && $prop) {
    pbn.hash
    return $hget(pbn.hash,$+($1,-,$prop))
  }
}

alias -l pbn.count {
  if ($isid) {
    pbn.hash
    if ($prop == get) {
      var %pri = $replace($1-,$chr(32),-)
      return $pbn.get(%pri).count
    }
    elseif ($prop == inc) {
      var %pri = $replace($1-,$chr(32),-)
      hinc pbn.hash $+(%pri,-,count) 1
      .timer 1 $iif($hget(pbn.hash,period),$ifmatch,5) pbn.count dec $1-
    }
    elseif ($prop == set) {
      var %pri = $replace($1- [ $+ [ $calc($0 - 1) ] ],$chr(32),-)
      $pbn.set(%pri,$ [ $+ [ $0 ] ]).count
    }
  }
  else {
    if ($1 == dec) {
      var %pri = $+($replace($2-,$chr(32),-),-count)
      hdec pbn.hash %pri 1
      if ($hget(pbn.hash,%pri) <= 0) { hdel pbn.hash %pri }
    }
  }
}

alias -l pbn.set {
  if ($isid && $0 && $prop) {
    pbn.hash
    if ($0 > 1 && $2 != $null) {
      if ($3 != inc && $3 != dec) {
        hadd pbn.hash $+($1,-,$prop) $2
      }
      else {
        var %cmd = $+(h,$3)
        %cmd pbn.hash $+($1,-,$prop) $2
      }
    }
    else {
      hdel pbn.hash $+($1,-,$prop)
    }
  }
}

alias -l pbn.pattern {
  if ($isid && $0) {
    var %result, %j = $len($1), %i = 1
    while (%i <= %j) {
      var %char = $mid($1,%i,1)
      if (%char isnum) { var %result = $+(%result,n) }
      elseif (%char isalpha) {
        if (%char isupper) { var %result = $+(%result,u) }
        if (%char islower) { var %result = $+(%result,l) }
      }
      else { var %result = $+(%result,e) }
      inc %i
    }
    return %result
  }
}

alias pbn.remove {
  var %hs = $pbn.hs($2,$3)
  if ($istok($pbn.get(%hs).bans,$1,32)) {
    var %newbans = $remtok($pbn.get(%hs).bans,$1,1,32)
    $pbn.set(%hs,%newbans).bans
    if (%newbans == $null) { mode $3 -r }
    echo -a 03* No longer banning pattern $+(03,$1,) on $+(03,$3,)
  }
}

alias -l pbn.clear {
  scid $2
  var %nicks = $nick($3,0,a,oh), %i = 1
  while (%i <= %nicks) {
    var %nick = $nick($3,%i,a,oh)
    if ($pbn.pattern(%nick) == $1) { ban -k $3 %nick 2 Pattern Botnet Flood - %nick }
    inc %i
  }
  echo -a 03* Finished clearing $+(03,$3,)
  scid -r
}
avatar
Admin
Admin

מספר הודעות : 267
Join date : 2009-09-12
Age : 38
מיקום : mIRCX IRC Network

View user profile http://mircx.forumotion.net

Back to top Go down

Back to top

- Similar topics

 
Permissions in this forum:
You cannot reply to topics in this forum