botnet

FBI · Posted: Oct 01, 2005 5:34pm Post subject: botnet

Hello i run on unreal ircd and anope....

on Friday botnets started poping up and we started banning them since Friday Night....

We got like 30 pages of glines and gzlines and i did Defcon 1 and CHANKILL but it seems like the more we ban the worse it getts..

They start nicks with

[D00|USA|25307]
|x3|em0|8115
[PD00|CHN|8202]
CHN|603144
|x3|em0|0269
[00|USA|875419]
[D00|CHN|90562]

and the host mask is always different like:

XP-1420@63.130.183.1 - JONES-UPCNAA328

and a lot of others...

We got on Defcon 1 then we made a script that auto joins them into 1 room so we can do CHANKILL but everytime we do that they just come back with a new ip and host mask and we banned 1 Dymic Ip and DSL..

and they always join some room like #w0w# or ##em0##

and once we finsih banning most ips they come up with new ones and make themselves known..:

|x3|em0|2551 is now a Bot (+B)

We did klines,glines,gzlines,OSAKILLs, you name it we did it :/

So question is How can we make them stop connecting Neutral

I can't keep banning them all week Mad

Hope i get a answer....

Aven · Idler Joined: 05 Aug 2005 Posts: 393

since they're bots...

If they keep using the same ident, ban the ident for a while. If they keep using the same nicknames, ban that for a while.

If they keep joining other channels, flooding, etc.

set the channel +R for a few days. That way, no one can join unless they register.

Also, in your case... it looks to me like all those bots are gonna keep coming back, so... everytime you ban them, they find it fun coming back and wanna keep playing.

Also, a good idea would be:

if it always says:

"<insert nickname> is now a Bot (+B)"
Make it so when ConnectServ says that.. to gline the nickname automaticlly.

I don't know much mirc scripting but try to ask ones fimiliar with mirc scripting.

Hope that helps. :\

Willaim · Idler Joined: 27 Jun 2003 Posts: 321 Location: IRC

Try adding IRC Defender and BOPM if you have the extra processes.

http://www.blitzed.org/bopm
http://ircdefender.sourceforge.net/

FBI · Posted: Oct 01, 2005 10:29pm Post subject:

trystan · Eleet Joined: 15 Jun 2005 Posts: 756 Location: SLC Utah

bopm will have no affect on a botnet, they are basically a hijacked system sitting out on the internet that has no idea they are running the botnets client. They often do not have open proxy holes in the system.

Best thing to do is see if their master comes on to control them, until the bots get told otherwise by their own or they have a dynamic dns connection they will keep coming

marc · Posted: Oct 02, 2005 3:53am Post subject:

try SQLine's.

±OperServ± Syntax: SQLINE ADD [+expiry] mask reason

eg:
/os sqline add +0d *00|* drone botnets
/os sqline add +0d *CHN|* drone botnets
/os sqline add +0d *em0|* drone botnets

these qlines are permanent.

Akoshia · Lurker Joined: 27 Sep 2005 Posts: 165 Location: Florida

want those ddos bots off ur net?? tell pookz to remove his bots lol easiest way , when u have staff that puts bots on ur net , its time to clean house, or go down with the ship and its capt. being as pookz owns the bots. pookz aka em0tionalbreakdown

ashfire908 · none Joined: 13 Sep 2005 Posts: 42

HEY! I'm not a bot, you idiot! Mad

why did you ban me?

lollll · Guest

could u get any dumber?

Invisible · Idler Joined: 26 Jul 2005 Posts: 280

Ok, I have seen Akoshia and ashfire908 and em0tionalbreakdown getting at it lately and enough is enough.

1. Do not spam a good going thread like this with a post like

Akoshia · Lurker Joined: 27 Sep 2005 Posts: 165 Location: Florida

ppl should know who they belong to , and if someone ever gets ddos`s and has crossed paths with him , will know where its commin from . all botnets should be reported and who owns them, nuff said.

and the best solution to removing a bot net is not to fill up ur akill or gline space to ban each one, remove the problem from its source, specialy when its a staff member.

Guest · Posted: Oct 02, 2005 11:42am Post subject: Ash

Must everything be all about you Ash? I don't see anyone unless I overread that Noone hasnt mentioned nor askd you if you are the bot or whatever.. Its stupid... Everytime We Post, you gotta come here and make comment which doesn't involve you at all.

You are really stupid Ash, I thought some ppl was stupid but Shit You made them smart. You have been nothing but annoying little boy who constasly bothers people... you bitch and whine, tried to control TaintedX. When There was a sex talk or anything You tried to be the boss and try to tell us to stop? I don't recall you owning TaintedX at all. You was just a user/helpOP which you lost because you threanted/wanted to send a virus to a NetAdmin at TaintedX... not to mention you went and TOLD the Netadmin/Akoshia, asked if she has a virus.. You are really stupid on that by asking the admin.

Please stop coming here and try to make everything yours when Your Name/nick isnt INVOLVED at all... Keep your bullshit/drama out of our business.

b3th · none Joined: 02 Oct 2005 Posts: 2

FBI · Posted: Oct 02, 2005 2:35pm Post subject: