diff options
| author |   William Heimbigner <william.heimbigner@gmail.com> | 2009-01-22 03:47:06 +0000 |
|---|---|---|
| committer | William Heimbigner <william.heimbigner@gmail.com> | 2009-01-22 03:47:06 +0000 |
| commit | 64eaaf08db53624733c8b5318bcf066108969d42 (patch) | |
| tree | ef79a6c29eba0409281f5bb1c621b2bac8f13040 | |
| parent | 1575db9f523316cceb1af576d054c93735401923 (diff) | |
hacked up a bunch of stuff to make dnsbl explanations work, and added a crapflood rule
| -rw-r--r-- | config-default/channels.xml | 9 | ||||
| -rw-r--r-- | modules/classes.pl | 2 | ||||
| -rw-r--r-- | modules/inspect.pl | 11 |
3 files changed, 16 insertions, 6 deletions
diff --git a/config-default/channels.xml b/config-default/channels.xml index bb20c9d..4a76a33 100644 --- a/config-default/channels.xml +++ b/config-default/channels.xml @@ -11,6 +11,7 @@ <hilights></hilights> <msgs></msgs> </channel> + <channel id="##asb-test" op="no" /> <channel id="##c++" op="no" silence="yes"> <hilights> <debug>tomaw</debug> @@ -99,6 +100,7 @@ </hilights> <msgs></msgs> </channel> + <channel id="#baadf00d" /> <channel id="#debian" op="no" silence="yes"> <hilights></hilights> <msgs></msgs> @@ -370,6 +372,7 @@ <event id="advflood" action="ban" class="advsplitflood" reason="advanced distributed flooding" risk="debug" time="0" type="public,part,caction">5:3</event> <event id="autoremove" action="none" class="re" reason="on chanserv autoremove" risk="info" time="0" type="part">^requested by ChanServ</event> <event id="blacklist" action="none" class="strbl" reason="sending message containing blacklisted content" risk="low" time="0" type="public">blah</event> + <event id="crapflood1" action="none" class="re" reason="crapflooding (rule crapflood1)" risk="high" time="0" type="public">^([A-Za-z]{12} ){15,}</event> <event id="ctcp-dcc" action="ban" class="re" reason="ctcp-dcc" risk="high" time="0" type="cdcc">.*</event> <event id="ctcp-ping" action="none" class="re" reason="channel-wide CTCP PING" risk="medium" time="0" type="cping">.*</event> <event id="ctcp-version" action="none" class="re" reason="channel-wide CTCP VERSION" risk="medium" time="0" type="cversion">.*</event> @@ -379,8 +382,8 @@ <event id="dcc-topic" action="ban" class="re" reason="setting a bad topic" risk="medium" time="0" type="topic">\bDCC SEND </event> <event id="ddos_countdown" action="none" class="re" reason="doing the ddos countdown thing" risk="medium" time="0" type="public">^... DDOS COUNTDOWN.*</event> <event id="donatespam1" action="none" class="re" override="notice" reason="freenode.donations@gmail.com spammer" risk="high" time="0" type="public,notice">freenode.donations@gmail.com</event> - <event id="dronebl" action="none" class="dnsbl" reason="host $evhost is in dnsbl.dronebl.org ( $mylastreason )" risk="info" time="0" type="join">dnsbl.dronebl.org</event> - <event id="efnetbl" action="none" class="dnsbl" reason="host $evhost is in rbl.efnetrbl.org ( $mylastreason ) " risk="info" time="0" type="join">rbl.efnetrbl.org</event> + <event id="dronebl" action="none" class="dnsbl" reason="host $evhost is in dnsbl.dronebl.org ( $xresult )" risk="info" time="0" type="join">dnsbl.dronebl.org</event> + <event id="efnetbl" action="none" class="dnsbl" reason="host $evhost is in rbl.efnetrbl.org ( $xresult ) " risk="info" time="0" type="join">rbl.efnetrbl.org</event> <event id="genspam1" action="none" class="re" reason="generic spamming" risk="debug" time="0" type="public">([^ ]{4,} +)\1{5,}</event> <event id="goatse" action="ban" class="re" reason="posting goatse link" risk="low" time="0" type="public">goatse\.cz</event> <event id="joinflood" action="none" class="floodqueue" reason="join flood (5 joins in 20 seconds)" risk="medium" time="0" type="join">5:20</event> @@ -394,10 +397,10 @@ <event id="nickspam" action="ban" class="nickspam" reason="nickspamming" risk="high" time="0" type="public">150:20</event> <event id="notice" action="ban" class="re" reason="sending a notice to the channel" risk="medium" time="0" type="notice">.*</event> <event id="pennergame_spam" action="none" class="re" reason="Pennergame reflink spam $evcontent " risk="medium" time="0" type="public">http:\/\/www\.pennergame\.de\/change_please\/(\d+)\/</event> + <event id="phishing1" action="none" class="re" override="notice" reason="trying to steal passwords" risk="high" time="0" type="notice">identify.*/msg .* identify <password></event> <event id="redarmyoflol" action="ban" class="re" reason="parting with 'red army of lol'" risk="low" time="0" type="part">RED ARMY OF LOL</event> <event id="sms_spam" action="none" class="re" reason="spam link / virus" risk="low" time="0" type="public">\.com/sms.exe</event> <event id="wikifags2" action="none" class="re" reason="saying 'sure are a lot of wikifag'..." risk="low" time="0" type="public">(?i)^sure are a ?lot of .*fags? in here</event> - <event id="phishing1" action="none" class="re" reason="trying to steal passwords" risk="high" time="0" type="notice" override="notice">identify.*/msg .* identify <password></event> <hilights> <debug>ST47</debug> <debug>pctony</debug> diff --git a/modules/classes.pl b/modules/classes.pl index b7f6323..1897100 100644 --- a/modules/classes.pl +++ b/modules/classes.pl @@ -90,7 +90,7 @@ sub dnsbl print "strip: $strip\n"; print "result: " . $::dnsbl->{query}->{$chk->{content}}->{response}->{$strip}->{content} . "\n"; # lol really icky hax - return 1; + return $::dnsbl->{query}->{$chk->{content}}->{response}->{$strip}->{content}; } } return 0; diff --git a/modules/inspect.pl b/modules/inspect.pl index 22eac4c..203ed43 100644 --- a/modules/inspect.pl +++ b/modules/inspect.pl @@ -2,7 +2,7 @@ package ASM::Inspect; use warnings; use strict; -#use Data::Dumper; +use Data::Dumper; #use List::Util qw(first); use String::Interpolate qw(interpolate); @@ -25,6 +25,7 @@ sub inspect { my @override = []; our $unmode=''; my $nick = lc $event->{nick}; + my $xresult; return if (defined($::eline{$nick}) || defined($::eline{lc $event->{user}}) || defined($::eline{lc $event->{host}})); $iaddr = gethostbyname($event->{host}); $rev = join('.', reverse(unpack('C4', $iaddr))).'.' if (defined $iaddr); @@ -38,7 +39,12 @@ sub inspect { foreach $id (keys %aonx) { next unless ( grep { $event->{type} eq $_ } split(/[,:; ]+/, $aonx{$id}{type}) ); next if ($aonx{$id}{class} eq 'dnsbl') && ($event->{host} =~ /(fastwebnet\.it|fastres\.net)$/); #this is a bad hack - $dct{$id} = $aonx{$id} if $::classes->check($aonx{$id}{class}, $aonx{$id}, $id, $event, $chan, $rev); + $xresult = $::classes->check($aonx{$id}{class}, $aonx{$id}, $id, $event, $chan, $rev); # this is another bad hack done for dnsbl-related stuff + next if defined($xresult) == 0; + next if $xresult eq 0; + print Dumper( $xresult ); + $dct{$id} = $aonx{$id}; + $dct{$id}{xresult} = $xresult; } } foreach ( keys %dct ) { @@ -52,6 +58,7 @@ sub inspect { my $evhost = $event->{host}; foreach $chan (@{$event->{to}}) { foreach $id ( keys %dct ) { + $xresult = $dct{$id}{xresult}; my $nicereason = interpolate($dct{$id}{reason}); $::db->record($chan, $event->{nick}, $event->{user}, $event->{host}, $::sn{lc $event->{nick}}->{gecos}, $dct{$id}{risk}, $id, $nicereason); $txtz = "\x03" . $::RCOLOR{$::RISKS{$dct{$id}{risk}}} . "\u$dct{$id}{risk}\x03 risk threat [\x02$chan\x02]: ". |