|
|
| Author |
Message |
Pepper-Tech
none
Joined: 30 Aug 2004
Posts: 13
|
 Posted: Feb 14, 2005 9:09pm Post subject: Repeat akill evasion |
 |
|
I've got a pest on my network who was once a netadmin who is constantly using numerous nicknames and connections to get past an akill. I've done my akills with nick@*.dsl.isp.com to make sure anytime he uses that nick he's blocked, but he's using multiple nicks and I'd hate to get to the point where I have to block a whole city. Any suggestions?
I"m using unrealircd 3.2.2 and anope 1.6.3. |
|
| Back to top |
|
 |
v3|0c17y
Eleet
Joined: 28 Jan 2005
Posts: 650
|
| Posted: Feb 15, 2005 3:53am Post subject: |
|
|
/os akill add +expiredays ident*@* some reason
that usually works and most users take a while to figure out its their ident being akilled |
|
| Back to top |
|
|
Dr-Voodo
Eleet
Joined: 07 Nov 2003
Posts: 535
Location: IRC
|
| Posted: Feb 15, 2005 4:34am Post subject: Hmm. |
|
|
| Well yeah that should work , however if they use vhosts or proxies it might be a hard task. Anyways I think you should try that command. |
|
| Back to top |
|
|
v3|0c17y
Eleet
Joined: 28 Jan 2005
Posts: 650
|
| Posted: Feb 15, 2005 7:08am Post subject: |
|
|
i believe IRC clients should not have an option to change ident anyways, i mean sure set ur own and whatnot once like on install of a fresh new client but any kiddie can get around any ban with just changing their ident, using a proxy and a new nick which is very easy to do, and brings problems to the network and once again opers and admins are tasked on getting rid of the pest.
anyone else agrees with me on this? seriously we have all expirienced problems with kiddies im sure of it |
|
| Back to top |
|
|
Proto
Lurker
Joined: 23 May 2004
Posts: 148
Location: IRC
|
| Posted: Feb 15, 2005 7:36am Post subject: |
|
|
| I know I have. Far as the VHosts go, just ban the IP block unless you have a ton of users within the same ip range. In anope I cant remember which command it is, but try akilling/glining the real name field, usually works for me. |
|
| Back to top |
|
|
W-Unit
Newbie
Joined: 29 Jul 2004
Posts: 83
|
| Posted: Feb 15, 2005 8:12am Post subject: |
|
|
A realname G:Line would have to be added in the IRCd conf wouldn't it?
I know there's a certain block for disallowing GECOS names (don't remember what it's called) but I don't think there's a command for it..
I suppose on Unreal an oper could use repeated /addline's if absolutely neccessary, but I think all server admins hate that. I know I do. |
|
| Back to top |
|
|
v3|0c17y
Eleet
Joined: 28 Jan 2005
Posts: 650
|
| Posted: Feb 15, 2005 8:57am Post subject: |
|
|
| I forgot as well but I recall setting it once on services not actualy on ircd.conf |
|
| Back to top |
|
|
Proto
Lurker
Joined: 23 May 2004
Posts: 148
Location: IRC
|
| Posted: Feb 15, 2005 10:24am Post subject: |
|
|
| Its in anope, i think its SGLINE or SQLINE |
|
| Back to top |
|
|
Pepper-Tech
none
Joined: 30 Aug 2004
Posts: 13
|
| Posted: Feb 15, 2005 10:26am Post subject: |
|
|
The guy I'm trying to akill is a former netadmin on my network. He changes idents & nicknames faster than a mother can change diapers so the only way to really stop this guy is *@*.city.isp.com and block the whole city for a month or two. I just risk blocking innocent people who may use the network.
/os akill add +0 *@*.city.isp.com banned! <-- last resort, need other options or do that and find exception bans for innocents. |
|
| Back to top |
|
|
Ashen
Idler
Joined: 05 Jan 2004
Posts: 284
|
| Posted: Feb 15, 2005 12:31pm Post subject: |
|
|
My suggestion would be that you load up the NEOSTATS proram and specifically its SECURESERV module.
Then you will be able to define custom metabans........ such as :
*ident@*.*
These metabans are different from normal bans in that they don't ban anyone themselves, they just cause *@IP bans to be set for anyone matching them.
E.g.
I ban ident@* using metaban.
User signs on using ident@1.1.1.1 and *@1.1.1.1 gets akilled
User signs on using ident@2.2.2.2 and *@2.2.2.2 gets akilled
User signs on using ident@3.3.3.3 and *@3.3.3.3 gets akilled
User signs on using ident@4.4.4.4 and *@4.4.4.4 gets akilled
By the time he's figured out we're banning his ident, most of the IP addresses he can use have been blocked at the IP level.
He then signs on using another ident (with the same reason, so he doesn't know the difference)
You do the same thing, and pretty soon all of his IPs are blocked.
There ARE faults with this method.
For example, to use it you have to download neostats, and secureserv, and create a customviri.dat with an exact format, which if you mess up with, can wipe out everyone on your network....
Also, the akill disconnection is slightly different using this method so if he's really smart he could figure it out.
Nevertheless, this is one method I use to combat persistent evaders, because by the time they've hit the ban, their IP is blocked for a long time... and they have to hit the ban many times with different IPs each time (chewing through their avalible IPs) before they realise HOW they are being blocked.
Two other suggestions for you are :
1) install bopm on all your servers, using more then just dnsbl.blitzed.org as your blacklist......... make sure that you block open proxies.
2) set all your channels +R and use email verification on nickname registration....... this will slow him down and enable you to pick up his email addresses and block them too.
3) CTCP version him....... and block any clients with that VERSION from connecting. This won't work if he uses mirc latest version as you'd block half your network..... but it can work if they use some really rare client.
-Ashen |
|
| Back to top |
|
|
v3|0c17y
Eleet
Joined: 28 Jan 2005
Posts: 650
|
| Posted: Feb 15, 2005 12:55pm Post subject: |
|
|
that ident akill with neostats is pretty much like operserv ident akill 
it does the same |
|
| Back to top |
|
|
Pepper-Tech
none
Joined: 30 Aug 2004
Posts: 13
|
| Posted: Feb 15, 2005 1:38pm Post subject: |
|
|
LOL You're missing the point.. he changes his ident every connection, it's impossible to pin this guy down without blocking the entire city. It's getting to where I may have to knock out 589,824 connections to block the guy. Presently I'm having to ban...
nick1@*.dsl.city.isp.com
nick2@*.dsl.city.isp.com
Every ident he uses I've had to block and the akill list looks like a world wide phone book, it's annoying. It's getting to where *@*.dsl.city.isp.com and take out everyone from that city on one shot. |
|
| Back to top |
|
|
Ashen
Idler
Joined: 05 Jan 2004
Posts: 284
|
| Posted: Feb 16, 2005 6:03am Post subject: |
|
|
In this sort of situation I would suggest either :
1) block his client version - as he likely does NOT change that much/often
2) mlock all your channels +MR and all your users +R, then set email confirmation required to register, and ban him by email address.
3) Keep blocking entire cities at a time until he runs out of cities :)
This is one of the problems of the internet - someone really clueful really can evade bans quite easily, as there is llittle to no secure means of identification.
-Ashen |
|
| Back to top |
|
|
v3|0c17y
Eleet
Joined: 28 Jan 2005
Posts: 650
|
| Posted: Feb 16, 2005 6:30am Post subject: |
|
|
| that sounds like "ban the whole world" to get rid of just one user ashen lol |
|
| Back to top |
|
|
Pepper-Tech
none
Joined: 30 Aug 2004
Posts: 13
|
| Posted: Feb 16, 2005 10:41am Post subject: |
|
|
| LOL I think I'll just block the one city, he doesn't travel much for a teen. |
|
| Back to top |
|
|
|
Register
Log in
