diff options
| author |   William Heimbigner <william.heimbigner@gmail.com> | 2008-03-25 17:05:22 +0000 |
|---|---|---|
| committer | William Heimbigner <william.heimbigner@gmail.com> | 2008-03-25 17:05:22 +0000 |
| commit | ba55c0675df20a89a452162216af4b6a8e06ce5c (patch) | |
| tree | ecef59649a9a5cef4896057894e072ce68603763 /config-default | |
| parent | 0293b9d684ce2f89a1850b7a0d4819bdd1c947ef (diff) | |
Added dnsbl analysis, better sql, better rules, fixed some commands
Diffstat (limited to 'config-default')
| -rw-r--r-- | config-default/channels.xml | 69 | ||||
| -rw-r--r-- | config-default/commands.xml | 18 | ||||
| -rw-r--r-- | config-default/dnsbl.xml | 23 | ||||
| -rw-r--r-- | config-default/users.xml | 49 |
4 files changed, 115 insertions, 44 deletions
diff --git a/config-default/channels.xml b/config-default/channels.xml index a91e4af..114c673 100644 --- a/config-default/channels.xml +++ b/config-default/channels.xml @@ -54,7 +54,9 @@ <channel id="##tomaw" op="no"> <hilights></hilights> </channel> - <channel id="##wikimedia-ops" op="no" /> + <channel id="##wikimedia-ops" op="no"> + <msgs></msgs> + </channel> <channel id="##windows" op="no"> <hilights> <info>njan</info> @@ -67,6 +69,7 @@ <low>Cpudan80</low> <low>AndrewB</low> <low>pinpoint</low> + <medium>tomaw</medium> </hilights> <msgs></msgs> </channel> @@ -83,30 +86,35 @@ <debug>tomaw</debug> <debug>Dave2</debug> <disable>ST47</disable> - <high>Dave2</high> <info>tomaw</info> <info>njan</info> - <info>Dave2</info> <info>AndrewB</info> <low>AndrewB</low> <low>denny</low> - <low>Dave2</low> + <low>Gary</low> + <low>JonathanD</low> + <low>ZoFreX</low> + <low>DLange</low> + <low>vorian</low> + <low>PriceChild</low> <medium>tomaw</medium> <medium>ompaul</medium> <medium>kloeri</medium> <medium>PhilKC</medium> - <medium>Dave2</medium> + <medium>tomaw</medium> </hilights> <msgs> <debug>#freenode-adb</debug> </msgs> </channel> - <channel id="#gentoo" op="no" silence="yes"> + <channel id="#freenode-adb" op="no"> <hilights></hilights> <msgs></msgs> </channel> - <channel id="#freenode-adb" op="no"> - <hilights></hilights> + <channel id="#gentoo" op="no" silence="yes"> + <hilights> + <high>NeddySeagoon</high> + </hilights> <msgs></msgs> </channel> <channel id="#mediawiki" op="no"> @@ -127,12 +135,17 @@ <msgs></msgs> </channel> <channel id="#ubuntu" op="no" silence="yes"> - <hilights></hilights> + <hilights> + <debug>PriceChild</debug> + <disable>ST47</disable> + <medium>tomaw</medium> + </hilights> <msgs></msgs> </channel> <channel id="#wikimedia" op="no"> <hilights> <debug>Mbimmler</debug> + <debug>Martinp23</debug> <low>Majorly</low> <low>Fabexplosive</low> </hilights> @@ -161,8 +174,11 @@ <hilights> <debug>Cbrown1023</debug> </hilights> - <msgs></msgs> + <msgs> + <debug>##wikimedia-ops</debug> + </msgs> </channel> + <channel id="#wikimedia-ops-internal" op="no" /> <channel id="#wikipedia" op="no"> <hilights> <debug>Cbrown1023</debug> @@ -171,6 +187,11 @@ <debug>TheLetterE</debug> <debug>Golbez</debug> <debug>Mbimmler</debug> + <debug>AndrewB</debug> + <debug>wimt</debug> + <debug>Snowolf</debug> + <debug>Mitchell</debug> + <debug>werdan7</debug> <info>Karlprof</info> <info>Martinp23</info> <info>Pilotguy</info> @@ -192,10 +213,10 @@ <low>mike42</low> <low>Pilotguy</low> <low>kloeri</low> + <low>Cometstyles</low> </hilights> <msgs> <debug>#wikimedia-ops</debug> - <debug>##wikimedia-ops</debug> </msgs> </channel> <channel id="#wikipedia-bag" op="no"> @@ -207,7 +228,7 @@ </msgs> </channel> <channel id="#wikipedia-en" op="yes"> - <hilights none="ST47"> + <hilights> <debug>Cometstyles</debug> <debug>Majorly</debug> <debug>Worby</debug> @@ -218,12 +239,16 @@ <debug>werdan7</debug> <debug>Animum</debug> <debug>Deskana</debug> + <debug>Martinp23</debug> + <debug>Snowolf</debug> + <debug>Mitchell</debug> <low>AppleBoy</low> <low>Soms</low> <low>Martinp23</low> <low>Cbrown1023</low> <low>TheLetterE</low> <low>KFP</low> + <low>Snowolf</low> </hilights> <msgs> <debug>#wikimedia-ops</debug> @@ -236,6 +261,8 @@ <debug>werdan7</debug> <debug>GDonato</debug> <debug>TheLetterE</debug> + <debug>Cometstyles</debug> + <debug>Thehelpfulone</debug> </hilights> <msgs> <debug>#wikimedia-ops</debug> @@ -243,6 +270,7 @@ </channel> <channel id="#wikipedia-en-roads"> <hilights></hilights> + <msgs></msgs> </channel> <channel id="#wikipedia-en-roads-us" op="yes"> <hilights> @@ -254,6 +282,8 @@ </channel> <channel id="#wikipedia-overflow" op="no"> <hilights> + <debug>Mitchell</debug> + <debug>Snowolf</debug> <low>Eagle-101</low> <low>Mbimmler</low> <low>Pilotguy</low> @@ -279,26 +309,26 @@ <msgs></msgs> </channel> <channel id="master"> + <event id="advflood" action="ban" class="advsplitflood" reason="advanced distributed flooding" risk="debug" time="0" type="public,part,caction">5:3</event> <event id="autoremove" action="none" class="re" reason="on chanserv autoremove" risk="info" time="0" type="part">^requested by ChanServ</event> <event id="blacklist" action="none" class="strbl" reason="sending message containing blacklisted content" risk="low" time="0" type="public">blah</event> <event id="ctcp-dcc" action="ban" class="re" reason="ctcp-dcc" risk="high" time="0" type="cdcc">.*</event> - <event id="dcc" action="ban" class="re" override="dcc-medium" reason="using the DC.C SE.ND exploit" risk="high" time="0" type="public">^DCC SEND |\bDCC SEND "?[A-Za-z0-9]+"? \d+ \d+ \d+</event> + <event id="dcc" action="ban" class="re" override="dcc-medium" reason="using the DC.C SE.ND exploit" risk="high" time="0" type="public">^DCC (SEND|S?CHAT) |\bDCC (SEND|S?CHAT) "?[A-Za-z0-9]+"? \d+ \d+ \d+</event> <event id="dcc-medium" action="ban" class="re" reason="using the DC.C SE.ND exploit" risk="medium" time="0" type="public">DCC SEND </event> <event id="dcc-part" action="ban" class="re" reason="using the DC.C SE.ND exploit in a part message" risk="high" time="0" type="part">DCC SEND </event> <event id="dcc-topic" action="ban" class="re" reason="setting a bad topic" risk="medium" time="0" type="topic">\bDCC SEND </event> <event id="ddos_countdown" action="none" class="re" reason="doing the ddos countdown thing" risk="medium" time="0" type="public">^... DDOS COUNTDOWN.*</event> - <event id="dronebl" action="ban" class="dnsbl" override="ahbl" reason="in dnsbl.dronebl.org" risk="info" time="0" type="join">dnsbl.dronebl.org</event> - <event id="efnet_rbl" action="none" class="dnsbl" reason="in rbl.efnet.org" risk="info" time="0" type="join">rbl.efnet.org</event> + <event id="efnet_rbl" action="none" class="dnsbl" reason="host $evhost is in rbl.efnet.org ($mylastreason)" risk="info" time="0" type="join">rbl.efnetrbl.org</event> <event id="genspam1" action="none" class="re" reason="generic spamming" risk="debug" time="0" type="public">([^ ]{4,} +)\1{5,}</event> <event id="goatse" action="ban" class="re" reason="posting goatse link" risk="low" time="0" type="public">goatse\.cz</event> - <event id="joinflood-3to20" action="none" class="floodqueue" reason="join flood (3 joins in 20 seconds)" risk="medium" time="0" type="join">3:20</event> + <event id="joinflood" action="none" class="floodqueue" reason="join flood (5 joins in 20 seconds)" risk="medium" time="0" type="join">5:20</event> <event id="keylogger" action="ban" class="re" override="keylogger-medium" reason="using the norton start-key-logger exploit" risk="high" time="0" type="public">^startkeylogger$|^stopkeylogger$</event> <event id="keylogger-medium" action="ban" class="re" reason="using the norton start-key-logger exploit" risk="medium" time="0" type="public">\bstartkeylogger\b|\bstopkeylogger\b</event> <event id="last_measure_regex" action="kban" class="re" reason="posting what appears to be a last measure link" risk="medium" time="0" type="public">http://\S+\.on\.nimp\.org</event> <event id="levenflood" action="none" class="levenflood" override="flood-5to3" reason="levenshtein flood match" risk="debug" time="0" type="public">contentisuseless</event> + <event id="lilotroll" action="none" class="re" reason="possible lilo-related trolling (" $evcontent ")" risk="medium" time="0" type="public"> cafe.* lilo.* tell.* RV</event> <event id="magical" action="none" class="ident" reason="typical w00t ident" risk="info" time="0" type="join">i=magical</event> - <event id="massflood" action="ban" class="splitflood" reason="distributed flooding" risk="high" time="0" type="public,part,caction">5:3</event> - <event id="advflood" action="ban" class="advsplitflood" reason="advanced distributed flooding" risk="debug" time="0" type="public,part,caction">5:3</event> + <event id="massflood" action="ban" class="splitflood" reason="distributed flooding" risk="high" time="0" type="public,part,caction">4:4</event> <event id="nickspam" action="ban" class="nickspam" reason="nickspamming" risk="high" time="0" type="public">150:20</event> <event id="notice" action="ban" class="re" reason="sending a notice to the channel" risk="medium" time="0" type="notice">.*</event> <event id="redarmyoflol" action="ban" class="re" reason="parting with 'red army of lol'" risk="low" time="0" type="part">RED ARMY OF LOL</event> @@ -307,10 +337,11 @@ <hilights> <debug>AfterDeath</debug> <debug>ST47</debug> - <debug>troubled</debug> <low>alindeman</low> <low>seanw</low> <medium>dave2</medium> + <medium>RichiH</medium> + <medium>troubled</medium> </hilights> <msgs> <debug>##asb-nexus</debug> diff --git a/config-default/commands.xml b/config-default/commands.xml index 5a4341c..3595281 100644 --- a/config-default/commands.xml +++ b/config-default/commands.xml @@ -1,4 +1,9 @@ <commands> + <command cmd="^;source$"> + <![CDATA[ + $conn->privmsg($event->{to}->[0], "source is at http://svn.linuxrulz.org/repos/antispammeta"); + ]]> + </command> <command cmd="^;sql (main|log) (.*)"> <![CDATA[ my $dbh = $::db->{DBH}; @@ -40,7 +45,7 @@ <![CDATA[ my $nick = lc $1; my $flags = $2; - if ($flags eq '') { + if ((!defined($flags)) || ($flags eq '')) { if (defined($::users->{person}->{$nick}->{flags})) { $conn->privmsg($event->{to}->[0], "Flags for $nick: $::users->{person}->{$nick}->{flags}"); } else { @@ -124,7 +129,7 @@ $conn->privmsg($event->{to}->[0], "$nick removed from targets for $chan"); ]]> </command> - <command cmd="^;showhilights (\S+)$" flag="a"> + <command cmd="^;showhilights (\S+)$" flag="h"> <![CDATA[ my $nick = lc $1; my @channels = (); @@ -142,7 +147,7 @@ } ]]> </command> - <command cmd="^;hilight (\S+) (\S+) ?(\S*)$" flag="a"> + <command cmd="^;hilight (\S+) (\S+) ?(\S*)$" flag="h"> <![CDATA[ my $chan = $1; my $nick = $2; @@ -166,7 +171,7 @@ $conn->privmsg($event->{to}->[0], "$nick added to $level risk hilights for $chan"); ]]> </command> - <command cmd="^;dehilight (\S+) (\S+)" flag="a"> + <command cmd="^;dehilight (\S+) (\S+)" flag="h"> <![CDATA[ my $chan = $1; my $nick = $2; @@ -248,11 +253,12 @@ $conn->privmsg($event->{to}->[0], $x . " exempted"); ]]> </command> - <command cmd="^\!ops (#\S+)? ?(.*)"> + <command cmd="^\!ops ?(#\S+)? ?(.*)"> <![CDATA[ my $tgt = $event->{to}->[0]; $tgt = $1 if (defined($1)); - my $msg = $2; + my $msg = $1; + $msg = $2 if defined($2); my $hilite=ASM::Util->commaAndify(ASM::Util->getAlert($tgt, 'opalert', 'hilights')); $conn->privmsg($_, "[$tgt] - $event->{nick} wants op attention ($msg) $hilite") foreach ASM::Util->getAlert($tgt, 'opalert', 'msgs'); ]]> diff --git a/config-default/dnsbl.xml b/config-default/dnsbl.xml new file mode 100644 index 0000000..f4f51a3 --- /dev/null +++ b/config-default/dnsbl.xml @@ -0,0 +1,23 @@ +<dnsbl> + <query id="rbl.efnetrbl.org"> + <response id="127.0.0.1">Open proxy</response> + <response id="127.0.0.2">Trojan spreader</response> + <response id="127.0.0.3">Trojan infected client</response> + <response id="127.0.0.4">TOR exit server</response> + <response id="127.0.0.5">Drones / Flooding</response> + </query> + <query id="dnsbl.dronebl.org"> + <response id="127.0.0.1">Testing data</response> + <response id="127.0.0.2">Sample</response> + <response id="127.0.0.3">IRC Drone</response> + <response id="127.0.0.4">Tor</response> + <response id="127.0.0.5">Bottler</response> + <response id="127.0.0.6">Unknown spambot or drone</response> + <response id="127.0.0.7">DDOS drone</response> + <response id="127.0.0.8">SOCKS proxy</response> + <response id="127.0.0.9">HTTP proxy</response> + <response id="127.0.0.10">ProxyChain</response> + <response id="127.0.0.11">MediaDefender crap</response> + <response id="127.0.0.255">Unknown</response> + </query> +</dnsbl> diff --git a/config-default/users.xml b/config-default/users.xml index f0fc3a6..580d1a6 100644 --- a/config-default/users.xml +++ b/config-default/users.xml @@ -1,22 +1,33 @@ <people> - <person id="afterdeath" flags="odat" host="IDENTIFY" /> - <person id="alindeman" flags="odat" host="freenode/staff/alindeman" /> - <person id="andrewb" flags="a" host="freenode/helper/ubuntu.member.AndrewB" /> + <person id="afterdeath" flags="hodat" host="IDENTIFY" /> + <person id="alindeman" flags="hodat" host="freenode/staff/alindeman" /> + <person id="andrewb" flags="ha" host="freenode/helper/ubuntu.member.AndrewB" /> <person id="animum" /> - <person id="cchan" flags="odat" host="IDENTIFY" /> - <person id="dave2" flags="odat" host="freenode/staff/dave2" /> - <person id="denny" flags="+a" host="freenode/staff/denny" /> - <person id="dmcdevit" flags="oat" host="IDENTIFY" /> - <person id="filiated" flags="odat" host="IDENTIFY" /> - <person id="karlprof" flags="a" host="freenode/helper/pdpc.student.karlprof" /> - <person id="mark_ryan" flags="ot" host="wikimedia/mark" /> - <person id="ompaul" flags="a" host="freenode/staff/gnewsense.ompaul" /> - <person id="philkc" flags="odat" host="freenode/staff/philkc" /> - <person id="sean_william" flags="a" host="IDENTIFY" /> - <person id="seanw" flags="odat" host="freenode/staff/wikimedia.sean-whitton" /> - <person id="slowking_man" flags="ot" host="IDENTIFY" /> - <person id="st47" flags="odat" host="IDENTIFY" /> - <person id="tomaw" flags="odat" host="freenode/staff/tomaw" /> - <person id="troubled" flags="oat" host="pdpc/supporter/sustaining/troubled" /> - <person id="wildpikachu" flags="odat" host="about/linux/staff/wildpikachu" /> + <person id="cchan" flags="hodat" host="IDENTIFY" /> + <person id="dave2" flags="hodat" host="freenode/staff/dave2" /> + <person id="denny" flags="ha" host="freenode/staff/denny" /> + <person id="dlange" host="freenode/staff/dlange" /> + <person id="dmcdevit" flags="hoat" host="IDENTIFY" /> + <person id="errantego" flags="t" host="unaffiliated/errantego" /> + <person id="filiated" flags="hodat" host="IDENTIFY" /> + <person id="gary" flags="hoa" host="freenode/staff/colchester-lug.gary" /> + <person id="jonathand" host="freenode/helper/JonathanD" /> + <person id="karlprof" flags="ha" host="freenode/helper/pdpc.student.karlprof" /> + <person id="kloeri" flags="oah" host="freenode/staff/kloeri" /> + <person id="mark_ryan" flags="hot" host="wikimedia/mark" /> + <person id="monobi" flags="h" host="IDENTIFY" /> + <person id="ompaul" flags="ha" host="freenode/staff/gnewsense.ompaul" /> + <person id="philkc" flags="hodat" host="freenode/staff/philkc" /> + <person id="pricechild" host="freenode/staff/ubuntu.member.pricechild" /> + <person id="richih" flags="hodat" host="freenode/staff/richih" /> + <person id="sean_william" flags="ha" host="IDENTIFY" /> + <person id="seanw" flags="hodat" host="freenode/staff/wikimedia.sean-whitton" /> + <person id="slowking_man" flags="hot" host="IDENTIFY" /> + <person id="st47" flags="hodat" host="IDENTIFY" /> + <person id="tomaw" flags="hodat" host="freenode/staff/tomaw" /> + <person id="troubled" flags="hoat" host="pdpc/supporter/sustaining/troubled" /> + <person id="vorian" host="freenode/staff/ubuntu.member.vorian" /> + <person id="wildpikachu" flags="hodat" host="about/linux/staff/wildpikachu" /> + <person id="wimt" flags="hoat" host="IDENTIFY" /> + <person id="zofrex" host="freenode/helper/zofrex" /> </people> |