BMT IRC Network
Would you like to react to this message? Create an account in a few clicks or log in to continue.
BMT IRC Network

Welcome to BMT-Help Bots Scripts Eggdrop IRCD

Search
 
 

Display results as :
 

Rechercher Advanced Search

Web Applications
install Joomla Wordpress Phpbb Drupal FluxBB PunBB osCommerce simple-machines MYBB moodle vBulletin Dolphin-v.7.1.1 PHPNUKE XOOPS
Services
install BorkNet Services X3 Services Anope Atheme Services Srvx IRC Srervices
IRCD
install Snircd IRCU INSPIRCD UNREAL Nefarious Bircd Bahamut Asuka Charybdis
TCL SCRIPT
TCL SCRIPT FOR EGGDROP Allprotection4.7 Antiproxy
Bots
Bots install FishBot bobot++ Eggdrop janus Omega Security Services Botnix Bopm SupyBot PyLink Hopm
Keywords

mirc  ircu  SupyBot  Pylink  spamfilter  ircd  iauth  srvx  bahamut  install  nefarious  postgreSQL  conf  socket  dnsbl  inspircd  mircx  freebsd  UnrealIRCd  proxy  2011  bopm  nefarious2  borknet  qwebirc  snircd  

Latest topics
» מדריך גירסה INSPIRCD V4
Patternized Botnet Flood Detector EmptySat Aug 05, 2023 2:09 am by Chief

» mIRCx IRC Network Config
Patternized Botnet Flood Detector EmptySat Jul 15, 2023 9:51 pm by Chief

» ircu2.10.12-pk with dnsbl
Patternized Botnet Flood Detector EmptyFri Mar 10, 2023 2:22 pm by Admin

» Guide install PyLink on New version FreeBSD
Patternized Botnet Flood Detector EmptyThu Dec 15, 2022 9:39 pm by Chief

» מדריך התקנה PBot על מערכת הפעלה FreeBsd-12
Patternized Botnet Flood Detector EmptyMon Dec 05, 2022 5:44 am by Chief

» install Nefarious2 && X3 IRC Services in FreeBsd
Patternized Botnet Flood Detector EmptySat Nov 12, 2022 3:12 pm by Chief

» help problem with adduser in Freebsd 12
Patternized Botnet Flood Detector EmptyFri Nov 11, 2022 9:06 pm by Chief

» מדריך פקודות והתקנה בסרביס X3
Patternized Botnet Flood Detector EmptyFri Oct 28, 2022 1:43 pm by Chief

» מדריך הגדרות WebIRC in Nefarious2
Patternized Botnet Flood Detector EmptyThu Apr 07, 2022 4:45 am by Chief

November 2024
MonTueWedThuFriSatSun
    123
45678910
11121314151617
18192021222324
252627282930 

Calendar Calendar

Affiliates
free forum

Affiliates
free forum


Patternized Botnet Flood Detector

BMT IRC Network :: BMT :: BMT

Go down

Patternized Botnet Flood Detector Empty Patternized Botnet Flood Detector

Post  Admin Thu Sep 01, 2011 3:21 pm

Code:

/*
* -------------- ------ --- - - --- -------- --- - --
*  Project Focus
*  Patternized Botnet Flood Killer
*
*  by Tim Gunter / IcyLiquid
*  icyliquid@gmail.com
*  version 0.2
* -------------- ------ --- - - --- -------- --- - --
*/

; -------------- ------ --- - - --- -------- --- - --
; Menus
; -------------- ------ --- - - --- -------- --- - --

menu menubar,status,channel,query,nicklist {
  Focus
  .Pattern Botnet Detection
  .. $+ $iif($pbn.act,Disable,Enable) :pbn.tog
  ..Configure:pbn.config
}

; -------------- ------ --- - - --- -------- --- - --
; Events
; -------------- ------ --- - - --- -------- --- - --

on *:start:{ pbn.hash load }
on *:exit:{ pbn.hash save }
on !@*:join:#:{
  if ($pbn.act) {
    if (*.undernet.org !iswm $gettok($fulladdress,2,$asc(@)) && *~* iswm $gettok($fulladdress,1,$asc(@))) {
      var %hs = $pbn.hs($cid,$chan)

      var %nickpattern = $pbn.pattern($nick), %limit = $iif($hget(pbn.hash,limit),$ifmatch,3)
      if ($istok($pbn.get(%hs).bans,%nickpattern,32)) {
        ban -k $chan $nick 2 Pattern Botnet Flood - $nick
      }
      elseif ($pbn.count(%hs,%nickpattern).get >= %limit && !$pbn.isresync($cid,$chan,%nickpattern)) {
        echo -a 03* Flood detected in $+(03,$chan,) $+ , triggered by $+(03,$nick,) ( $+ $+(03,%nickpattern,) $+ )
        pbn.channelstatus $cid $chan %nickpattern
        mode $chan +r
        ban -k $chan $nick 2 Pattern Botnet Flood - $nick
        $pbn.set(%hs,$addtok($pbn.get(%hs).bans,%nickpattern,32)).bans
        .timer 1 300 pbn.remove %nickpattern $cid $chan
        .timer 1 10 pbn.clear %nickpattern $cid $chan
      }

      $pbn.count(%hs,%nickpattern).inc

    }
  }
}

; -------------- ------ --- - - --- -------- --- - --
; Aliases
; -------------- ------ --- - - --- -------- --- - --

alias -l pbn.isresync {
  if ($hget(pbn.hash,$+($pbn.hs($1,$2),-resync))) { return $true }
  var %match = $+($pbn.hs($1,$2),*-count)
  var %items = $hfind(pbn.hash,%match,0,w), %item = 1, %limit = $hget(pbn.hash,limit), %highthresh = $calc(%limit * (1 + (2/3)))
  var %highmatches = 0
  while (%item <= %items) {
    var %name = $hfind(pbn.hash,%match,%item,w)
    if ($gettok(%name,2,45) != $3) {
      if ($hget(pbn.hash,%name) > $calc(%limit * (2/3))) { inc %highmatches }
    }
    inc %item
  }
  if (%highmatches > 3 || %items > %highthresh) { hadd -u10 pbn.hash $+($pbn.hs($1,$2),-resync) 1 | echo -a 03* Mass join in $+(03,$2,) $+ , ignored due to $+(03,suspected resync,) }
  return $iif(%highmatches > 3 || %items > %highthresh,$true,$false)
}

alias pbn.channelstatus {
  var %match = $+($pbn.hs($1,$2),*-count)
  var %items = $hfind(pbn.hash,%match,0,w), %item = 1, %matches = 0, %limit = $hget(pbn.hash,limit)
  echo $2 02 $+ $2 $+ , %items 02 $+ $chr(123) $+ 
  while (%item <= %items) {
    var %name = $hfind(pbn.hash,%match,%item,w)
    var %count = $hget(pbn.hash,%name)
    if (%count > %limit) { var %show = $+(,$gettok(%name,2,45),) }
    else { var %show = $gettok(%name,2,45) }

    echo $2    03 $+ %show 07=>04 $hget(pbn.hash,%name)
    inc %item
  }
  echo $2 02 $+ $chr(125) $+ 
}

alias -l pbn.hash {
  if (!$hget(pbn.hash)) { hmake pbn.hash 100 }
  if ($1 == save) {
    var %active = $hget(pbn.hash,active)
    var %period = $hget(pbn.hash,period)
    var %limit = $hget(pbn.hash,limit)
    hfree pbn.hash | hmake pbn.hash 1
    hadd pbn.hash active %active
    hadd pbn.hash period %period
    hadd pbn.hash limit %limit
    hsave -bo pbn.hash $+(",$scriptdir,pbn.hash.bin,")
  }
  if ($1 == load) {
    if ($exists($+(",$scriptdir,pbn.hash.bin,"))) {
      hload -b pbn.hash $+(",$scriptdir,pbn.hash.bin,")
      .remove $+(",$scriptdir,pbn.hash.bin,")
    }
  }
}

alias -l pbn.hs {
  return $+($2,~,$1)
}

alias pbn.tog {
  pbn.hash
  if ($hget(pbn.hash,active)) { hadd pbn.hash active 0 }
  else { hadd pbn.hash active 1 }
  echo -a 03* Pattern Botnet Detection is $iif($hget(pbn.hash,active),03enabled,04disabled) $+ .
}

alias pbn.config {
  pbn.hash
  var %res = $input(Please configure the detector. The format is <joins>:<seconds> where <joins> matching patterns seen within <seconds> seconds of each other result in a lock. $crlf,eoq,Configure,$+($hget(pbn.hash,limit),:,$hget(pbn.hash,period)))
  if ($numtok(%res,$asc(:)) == 2) {
    var %limit = $gettok(%res,1,$asc(:))
    var %period = $gettok(%res,2,$asc(:))
    if (%limit isnum && %period isnum) {
      hadd pbn.hash period %period
      hadd pbn.hash limit %limit
      echo -a 03* Set flood threshold at $+(03,%limit,) matching joins within $+(03,%period,) seconds.
    }
    else {
      echo -a 04* Invalid flood config. Format is <joins>:<seconds> where both arguments are numerical.
    }
  }
}

alias pbn.act { pbn.hash | return $hget(pbn.hash,active) }

alias -l pbn.get {
  if ($isid && $0 && $prop) {
    pbn.hash
    return $hget(pbn.hash,$+($1,-,$prop))
  }
}

alias -l pbn.count {
  if ($isid) {
    pbn.hash
    if ($prop == get) {
      var %pri = $replace($1-,$chr(32),-)
      return $pbn.get(%pri).count
    }
    elseif ($prop == inc) {
      var %pri = $replace($1-,$chr(32),-)
      hinc pbn.hash $+(%pri,-,count) 1
      .timer 1 $iif($hget(pbn.hash,period),$ifmatch,5) pbn.count dec $1-
    }
    elseif ($prop == set) {
      var %pri = $replace($1- [ $+ [ $calc($0 - 1) ] ],$chr(32),-)
      $pbn.set(%pri,$ [ $+ [ $0 ] ]).count
    }
  }
  else {
    if ($1 == dec) {
      var %pri = $+($replace($2-,$chr(32),-),-count)
      hdec pbn.hash %pri 1
      if ($hget(pbn.hash,%pri) <= 0) { hdel pbn.hash %pri }
    }
  }
}

alias -l pbn.set {
  if ($isid && $0 && $prop) {
    pbn.hash
    if ($0 > 1 && $2 != $null) {
      if ($3 != inc && $3 != dec) {
        hadd pbn.hash $+($1,-,$prop) $2
      }
      else {
        var %cmd = $+(h,$3)
        %cmd pbn.hash $+($1,-,$prop) $2
      }
    }
    else {
      hdel pbn.hash $+($1,-,$prop)
    }
  }
}

alias -l pbn.pattern {
  if ($isid && $0) {
    var %result, %j = $len($1), %i = 1
    while (%i <= %j) {
      var %char = $mid($1,%i,1)
      if (%char isnum) { var %result = $+(%result,n) }
      elseif (%char isalpha) {
        if (%char isupper) { var %result = $+(%result,u) }
        if (%char islower) { var %result = $+(%result,l) }
      }
      else { var %result = $+(%result,e) }
      inc %i
    }
    return %result
  }
}

alias pbn.remove {
  var %hs = $pbn.hs($2,$3)
  if ($istok($pbn.get(%hs).bans,$1,32)) {
    var %newbans = $remtok($pbn.get(%hs).bans,$1,1,32)
    $pbn.set(%hs,%newbans).bans
    if (%newbans == $null) { mode $3 -r }
    echo -a 03* No longer banning pattern $+(03,$1,) on $+(03,$3,)
  }
}

alias -l pbn.clear {
  scid $2
  var %nicks = $nick($3,0,a,oh), %i = 1
  while (%i <= %nicks) {
    var %nick = $nick($3,%i,a,oh)
    if ($pbn.pattern(%nick) == $1) { ban -k $3 %nick 2 Pattern Botnet Flood - %nick }
    inc %i
  }
  echo -a 03* Finished clearing $+(03,$3,)
  scid -r
}
Admin
Admin
Admin

מספר הודעות : 269
Join date : 2009-09-12
Age : 44
מיקום : mIRCX IRC Network

https://mircx.forumotion.net

Back to top Go down

Back to top

- Similar topics

BMT IRC Network :: BMT :: BMT

 
Permissions in this forum:
You cannot reply to topics in this forum