diff options
| author |   William Heimbigner <william.heimbigner@gmail.com> | 2012-05-30 22:16:17 +0000 |
|---|---|---|
| committer | William Heimbigner <william.heimbigner@gmail.com> | 2012-05-30 22:16:17 +0000 |
| commit | 5154f3cac3c3537d94b748c365dce88f3805b4a7 (patch) | |
| tree | b4ac8437a14d548b590d0c9770c8de8ea37df18b /config-default | |
| parent | d7aa95f5ee6f1d03c707f5a1ecc87f6c3dee0b05 (diff) | |
Added rules file
Diffstat (limited to 'config-default')
| -rw-r--r-- | config-default/rules.xml | 17 |
1 files changed, 17 insertions, 0 deletions
diff --git a/config-default/rules.xml b/config-default/rules.xml new file mode 100644 index 0000000..a9e3d6f --- /dev/null +++ b/config-default/rules.xml @@ -0,0 +1,17 @@ +<events> + <event id="ahbl" class="dnsbl" reason="host $evhost is in dnsbl.ahbl.org ( $xresult )" risk="info" type="join">dnsbl.ahbl.org</event> + <event id="blacklist" class="strbl" reason="sending message containing blacklisted content" risk="low" type="public,part,quit,caction">blah</event> + <event id="ctcp-dcc" class="re" reason="ctcp-dcc" risk="high" type="cdcc">.*</event> + <event id="ctcp-ping" class="re" reason="channel-wide CTCP PING" risk="medium" type="cping">.*</event> + <event id="ctcp-version" class="re" reason="channel-wide CTCP VERSION" risk="medium" type="cversion">.*</event> + <event id="debugme" class="re" reason="sending a string designed to trigger a debug test alert, disregard this" risk="debug" type="public">debug antispammeta debug</event> + <event id="fakechristel" class="nuhg" reason="christel's nick but not host" risk="medium" type="join">(?i)chr[i1]ste[l1].*</event> + <event id="fakeglobal" class="re" override="notice" reason="fake global notice" risk="high" type="notice">(?i)\[global notice\]</event> + <event id="floodqueue10-20" class="floodqueue" reason="flooding (10 msgs in 20 seconds)" risk="low" type="public,caction">10:20</event> + <event id="massflood" class="splitflood" reason="distributed flooding" risk="high" type="public,caction">4:4</event> + <event id="nickspam" class="nickspam" reason="nickspamming" risk="high" type="public">60:10</event> + <event id="notice" class="re" reason="sending a notice to the channel" risk="medium" type="notice">.*</event> + <event id="phishing1" class="re" override="notice" reason="trying to steal passwords (v1)" risk="high" type="notice">identify.*/msg .* identify <password></event> + <event id="phishing2" class="re" override="notice" reason="trying to steal passwords (v2)" risk="high" type="notice">^This nickname is registered</event> + <event id="proxylist" class="proxy" reason="IP is blacklisted" risk="info" type="join">lolz</event> +</events> |