diff options
| author |   William Heimbigner <william.heimbigner@gmail.com> | 2012-01-26 09:32:27 +0000 |
|---|---|---|
| committer | William Heimbigner <william.heimbigner@gmail.com> | 2012-01-26 09:32:27 +0000 |
| commit | 13784acc824dab355f82e09ca7828f9bddacf880 (patch) | |
| tree | b421341cebdaf4000309bb577cb57fb28781e52e | |
| parent | d07473ba85ec8ab030162e68244575f2c87e0389 (diff) | |
more fat trimming
| -rw-r--r-- | config-default/channels.xml | 42 | ||||
| -rw-r--r-- | modules/event.pl | 1 | ||||
| -rw-r--r-- | modules/inspect.pl | 8 | ||||
| -rw-r--r-- | modules/services.pl | 10 | ||||
| -rw-r--r-- | modules/util.pl | 26 |
5 files changed, 23 insertions, 64 deletions
diff --git a/config-default/channels.xml b/config-default/channels.xml index 780ae18..d0a0bf9 100644 --- a/config-default/channels.xml +++ b/config-default/channels.xml @@ -510,40 +510,38 @@ <msgs></msgs> </channel> <channel id="default"> - <event id="flood-15to45" class="floodqueue" reason="flooding 15 to 45" risk="low" time="0">15:45</event> <hilights></hilights> <msgs></msgs> </channel> <channel id="master"> - <event id="advflood" class="advsplitflood" reason="advanced distributed flooding" risk="debug" type="public,part,caction" xresult="1">5:3</event> - <event id="anontalk1" class="re" reason="anontalk.com spam" risk="medium" type="public" xresult="1">(?i)w(.?)w\1w\1?.\1?a\1n\1o\1n\1t\1a\1l\1k\1?.\1?c\1o\1m</event> + <event id="advflood" class="advsplitflood" reason="advanced distributed flooding" risk="debug" type="public,part,caction">5:3</event> + <event id="anontalk1" class="re" reason="anontalk.com spam" risk="medium" type="public">(?i)w(.?)w\1w\1?.\1?a\1n\1o\1n\1t\1a\1l\1k\1?.\1?c\1o\1m</event> <event id="autoremove" class="re" reason="on chanserv autoremove" risk="info" type="part">^requested by ChanServ</event> - <event id="blacklist" class="strbl" reason="sending message containing blacklisted content" risk="low" type="public" xresult="1">blah</event> - <event id="cheeesespammar" class="nuhg" reason="matches a dcc-exploiter (02/23/09)" risk="medium" type="join" xresult="1">(?i).*!.=aaaah@.*!hehehe</event> - <event id="ctcp-dcc" class="re" reason="ctcp-dcc" risk="high" type="cdcc" xresult="1">.*</event> - <event id="ctcp-ping" class="re" reason="channel-wide CTCP PING" risk="medium" type="cping" xresult="1">.*</event> - <event id="ctcp-version" class="re" reason="channel-wide CTCP VERSION" risk="medium" type="cversion" xresult="1">.*</event> - <event id="dcc" class="re" override="dcc-medium" reason="using the DC.C SE.ND exploit" risk="high" type="public" xresult="1">^DCC (SEND|S?CHAT) |\bDCC (SEND|S?CHAT) "?[A-Za-z0-9]+"? \d+ \d+ \d+</event> - <event id="dcc-medium" class="re" reason="using the DC.C SE.ND exploit" risk="medium" type="public" xresult="1">DCC SEND </event> + <event id="blacklist" class="strbl" reason="sending message containing blacklisted content" risk="low" type="public">blah</event> + <event id="ctcp-dcc" class="re" reason="ctcp-dcc" risk="high" type="cdcc">.*</event> + <event id="ctcp-ping" class="re" reason="channel-wide CTCP PING" risk="medium" type="cping">.*</event> + <event id="ctcp-version" class="re" reason="channel-wide CTCP VERSION" risk="medium" type="cversion">.*</event> + <event id="dcc" class="re" override="dcc-medium" reason="using the DC.C SE.ND exploit" risk="high" type="public">^DCC (SEND|S?CHAT) |\bDCC (SEND|S?CHAT) "?[A-Za-z0-9]+"? \d+ \d+ \d+</event> + <event id="dcc-medium" class="re" reason="using the DC.C SE.ND exploit" risk="medium" type="public">DCC SEND </event> <event id="dcc-part" class="re" reason="using the DC.C SE.ND exploit in a part message" risk="high" type="part">DCC SEND </event> <event id="dcc-topic" class="re" reason="setting a bad topic" risk="medium" type="topic">\bDCC SEND </event> <event id="debugme" class="re" reason="sending a string designed to trigger a debug test alert, disregard this" risk="debug" type="public">debugantispambotdebug</event> - <event id="dronebl" class="dnsbl" reason="host $evhost is in dnsbl.dronebl.org ( $xresult )" risk="info" type="join" xresult="ALERT AFTERDEATH">dnsbl.dronebl.org</event> - <event id="efnetbl" class="dnsbl" reason="host $evhost is in rbl.efnetrbl.org ( $xresult )" risk="info" type="join" xresult="ALERT AFTERDEATH">rbl.efnetrbl.org</event> - <event id="genspam1" class="re" reason="generic spamming" risk="debug" type="public" xresult="1">([^ ]{4,} +)\1{5,}</event> - <event id="joinflood" class="floodqueue" reason="join flood (5 joins in 20 seconds)" risk="medium" type="join" xresult="1">5:20</event> - <event id="keylogger" class="re" override="keylogger-medium" reason="using the norton start-key-logger exploit" risk="high" type="public" xresult="1">^startkeylogger$|^stopkeylogger$</event> - <event id="keylogger-medium" class="re" reason="using the norton start-key-logger exploit" risk="medium" type="public" xresult="1">\bstartkeylogger\b|\bstopkeylogger\b</event> - <event id="last_measure_regex" class="re" reason="posting what appears to be a last measure link" risk="medium" type="public" xresult="1">http://\S+\.on\.nimp\.org</event> - <event id="levenflood" class="levenflood" override="flood-5to3" reason="levenshtein flood match" risk="debug" type="public" xresult="1">contentisuseless</event> - <event id="massflood" class="splitflood" reason="distributed flooding" risk="high" type="public,part,caction" xresult="1">4:4</event> - <event id="nickspam" class="nickspam" reason="nickspamming" risk="high" type="public" xresult="1">60:10</event> - <event id="notice" class="re" reason="sending a notice to the channel" risk="medium" type="notice" xresult="1">.*</event> + <event id="dronebl" class="dnsbl" reason="host $evhost is in dnsbl.dronebl.org ( $xresult )" risk="info" type="join">dnsbl.dronebl.org</event> + <event id="efnetbl" class="dnsbl" reason="host $evhost is in rbl.efnetrbl.org ( $xresult )" risk="info" type="join">rbl.efnetrbl.org</event> + <event id="genspam1" class="re" reason="generic spamming" risk="debug" type="public">([^ ]{4,} +)\1{5,}</event> + <event id="joinflood" class="floodqueue" reason="join flood (5 joins in 20 seconds)" risk="medium" type="join">5:20</event> + <event id="keylogger" class="re" override="keylogger-medium" reason="using the norton start-key-logger exploit" risk="high" type="public">^startkeylogger$|^stopkeylogger$</event> + <event id="keylogger-medium" class="re" reason="using the norton start-key-logger exploit" risk="medium" type="public">\bstartkeylogger\b|\bstopkeylogger\b</event> + <event id="last_measure_regex" class="re" reason="posting what appears to be a last measure link" risk="medium" type="public">http://\S+\.on\.nimp\.org</event> + <event id="levenflood" class="levenflood" override="flood-5to3" reason="levenshtein flood match" risk="debug" type="public">contentisuseless</event> + <event id="massflood" class="splitflood" reason="distributed flooding" risk="high" type="public,part,caction">4:4</event> + <event id="nickspam" class="nickspam" reason="nickspamming" risk="high" type="public">60:10</event> + <event id="notice" class="re" reason="sending a notice to the channel" risk="medium" type="notice">.*</event> <event id="phishing1" class="re" override="notice" reason="trying to steal passwords (v1)" risk="high" type="notice">identify.*/msg .* identify <password></event> <event id="phishing2" class="re" override="notice" reason="trying to steal passwords (v2)" risk="high" type="notice">^This nickname is registered</event> <event id="proxybl" class="dnsbl" reason="host $evhost is in dnsbl.proxybl.org" risk="info" type="join">dnsbl.proxybl.org</event> <event id="redarmyoflol" class="re" reason="parting with 'red army of lol'" risk="low" type="part">RED ARMY OF LOL</event> - <event id="sms_spam" class="re" reason="spam link / virus" risk="low" type="public" xresult="1">\.com/sms.exe</event> + <event id="sms_spam" class="re" reason="spam link / virus" risk="low" type="public">\.com/sms.exe</event> <event id="suckmynick" class="re" reason="using a potentially offensive nick" risk="low" type="join">(suck.*dick)</event> <event id="wikifags2" class="re" reason="saying 'sure are a lot of wikifag'..." risk="low" type="public">(?i)^sure are a ?lot of .*fags? in here</event> <event id="sorbsbl" class="dnsbl" reason="host $evhost is in dnsbl.sorbs.net ( $xresult )" risk="info" type="join">dnsbl.sorbs.net</event> diff --git a/modules/event.pl b/modules/event.pl index 95df7f4..a8a9d99 100644 --- a/modules/event.pl +++ b/modules/event.pl @@ -89,7 +89,6 @@ sub on_join { $::sc{$chan} = {}; mkdir($::settings->{log}->{dir} . $chan); $conn->sl("who $chan"); - $conn->privmsg('ChanServ', "op $chan" ) if (defined cs($chan)->{op}) && (cs($chan)->{op} eq 'yes'); # I don't know what the hell this was for but I'm disabling it for now # #TODO: make it settable via config. Hardcoded channames ftl. # if ($chan eq '##linux') { diff --git a/modules/inspect.pl b/modules/inspect.pl index 72a5438..f77d727 100644 --- a/modules/inspect.pl +++ b/modules/inspect.pl @@ -17,13 +17,11 @@ sub new sub inspect { our ($self, $conn, $event) = @_; - my (%conx, %monx); my (%aonx, %dct, $rev, $chan, $id); %aonx=(); %dct=(); $chan=""; $id=""; - my (@dnsbl, @unpakt, @uniq, @cut); + my (@dnsbl, @uniq); my ($match, $txtz, $iaddr); my @override = []; - our $unmode=''; my $nick = lc $event->{nick}; my $xresult; return if (index($nick, ".") != -1); @@ -46,8 +44,7 @@ sub inspect { next unless ( grep { $event->{type} eq $_ } split(/[,:; ]+/, $aonx{$id}{type}) ); next if ($aonx{$id}{class} eq 'dnsbl') && ($event->{host} =~ /(fastwebnet\.it|fastres\.net)$/); #this is a bad hack $xresult = $::classes->check($aonx{$id}{class}, $aonx{$id}, $id, $event, $chan, $rev); # this is another bad hack done for dnsbl-related stuff - next if defined($xresult) == 0; - next if $xresult eq 0; + next unless (defined($xresult)) && ($xresult ne 0); ASM::Util->dprint(Dumper( $xresult )); $dct{$id} = $aonx{$id}; $dct{$id}{xresult} = $xresult; @@ -59,7 +56,6 @@ sub inspect { } } delete $dct{$_} foreach @override; - my $mylastreason = $::lastreason; my $evcontent = $event->{args}->[0]; my $evhost = $event->{host}; foreach $chan (@{$event->{to}}) { diff --git a/modules/services.pl b/modules/services.pl index 1306381..594e2e0 100644 --- a/modules/services.pl +++ b/modules/services.pl @@ -38,18 +38,10 @@ sub doServices { elsif ($event->{from} eq 'ChanServ!ChanServ@services.') { print "ChanServ: $event->{args}->[0] \n"; - if ($event->{args}->[0] =~ /You are already opped on \[.(.*).\]/) - { - $::oq->doQueue($conn, $1); - } - elsif ( $event->{args}->[0] =~ /^All.*bans matching.*have been cleared on(.*)/) + if ( $event->{args}->[0] =~ /^All.*bans matching.*have been cleared on(.*)/) { $conn->join($1); } - elsif ( $event->{args}->[0] =~ /You are not authorized to perform this operation/ ) - { - $::oq->clean(); - } } } diff --git a/modules/util.pl b/modules/util.pl index 0a5c6c4..109882b 100644 --- a/modules/util.pl +++ b/modules/util.pl @@ -4,7 +4,6 @@ use warnings; use strict; my %sf; -my %oq; %::RISKS = ( @@ -114,31 +113,6 @@ sub hostip { return gethostbyname($_[0]); } -# Send something that requires ops -sub o_send { - my ( $conn, $send ) = @_; - my @splt = split(/ /, $send); - my $chan = lc $splt[1]; - $oq{$chan} = [] unless defined($oq{$chan}); - if ( cs($chan)->{op} ne 'no' ) { - print Dumper(lc $::settings->{nick}, $::sc{$chan}{users}{lc $::settings->{nick}}); - print Dumper($send, $chan); - if ( $::sc{$chan}{users}{lc $::settings->{nick}}{op} eq 1) { - $conn->sl($send); - } - else { - push( @{$oq{$chan}},$send ); - $conn->privmsg( 'chanserv', "op $chan" ); - } - } -} - -sub doQueue { - my ( $conn, $chan ) = @_; - return unless defined $oq{$chan}; - $conn->sl(shift(@{$oq{$chan}})) while (@{$oq{$chan}}); -} - sub flood_add { my ( $chan, $id, $host, $to ) = @_; push( @{$sf{$id}{$chan}{$host}}, time ); |