From ba55c0675df20a89a452162216af4b6a8e06ce5c Mon Sep 17 00:00:00 2001
From: William Heimbigner <william.heimbigner@gmail.com>
Date: Tue, 25 Mar 2008 17:05:22 +0000
Subject: Added dnsbl analysis, better sql, better rules, fixed some commands

---
 config-default/channels.xml | 69 ++++++++++++++++++++++++++++++++-------------
 config-default/commands.xml | 18 ++++++++----
 config-default/dnsbl.xml    | 23 +++++++++++++++
 config-default/users.xml    | 49 +++++++++++++++++++-------------
 4 files changed, 115 insertions(+), 44 deletions(-)
 create mode 100644 config-default/dnsbl.xml

(limited to 'config-default')

diff --git a/config-default/channels.xml b/config-default/channels.xml
index a91e4af..114c673 100644
--- a/config-default/channels.xml
+++ b/config-default/channels.xml
@@ -54,7 +54,9 @@
   <channel id="##tomaw" op="no">
     <hilights></hilights>
   </channel>
-  <channel id="##wikimedia-ops" op="no" />
+  <channel id="##wikimedia-ops" op="no">
+    <msgs></msgs>
+  </channel>
   <channel id="##windows" op="no">
     <hilights>
       <info>njan</info>
@@ -67,6 +69,7 @@
       <low>Cpudan80</low>
       <low>AndrewB</low>
       <low>pinpoint</low>
+      <medium>tomaw</medium>
     </hilights>
     <msgs></msgs>
   </channel>
@@ -83,30 +86,35 @@
       <debug>tomaw</debug>
       <debug>Dave2</debug>
       <disable>ST47</disable>
-      <high>Dave2</high>
       <info>tomaw</info>
       <info>njan</info>
-      <info>Dave2</info>
       <info>AndrewB</info>
       <low>AndrewB</low>
       <low>denny</low>
-      <low>Dave2</low>
+      <low>Gary</low>
+      <low>JonathanD</low>
+      <low>ZoFreX</low>
+      <low>DLange</low>
+      <low>vorian</low>
+      <low>PriceChild</low>
       <medium>tomaw</medium>
       <medium>ompaul</medium>
       <medium>kloeri</medium>
       <medium>PhilKC</medium>
-      <medium>Dave2</medium>
+      <medium>tomaw</medium>
     </hilights>
     <msgs>
       <debug>#freenode-adb</debug>
     </msgs>
   </channel>
-  <channel id="#gentoo" op="no" silence="yes">
+  <channel id="#freenode-adb" op="no">
     <hilights></hilights>
     <msgs></msgs>
   </channel>
-  <channel id="#freenode-adb" op="no">
-    <hilights></hilights>
+  <channel id="#gentoo" op="no" silence="yes">
+    <hilights>
+      <high>NeddySeagoon</high>
+    </hilights>
     <msgs></msgs>
   </channel>
   <channel id="#mediawiki" op="no">
@@ -127,12 +135,17 @@
     <msgs></msgs>
   </channel>
   <channel id="#ubuntu" op="no" silence="yes">
-    <hilights></hilights>
+    <hilights>
+      <debug>PriceChild</debug>
+      <disable>ST47</disable>
+      <medium>tomaw</medium>
+    </hilights>
     <msgs></msgs>
   </channel>
   <channel id="#wikimedia" op="no">
     <hilights>
       <debug>Mbimmler</debug>
+      <debug>Martinp23</debug>
       <low>Majorly</low>
       <low>Fabexplosive</low>
     </hilights>
@@ -161,8 +174,11 @@
     <hilights>
       <debug>Cbrown1023</debug>
     </hilights>
-    <msgs></msgs>
+    <msgs>
+      <debug>##wikimedia-ops</debug>
+    </msgs>
   </channel>
+  <channel id="#wikimedia-ops-internal" op="no" />
   <channel id="#wikipedia" op="no">
     <hilights>
       <debug>Cbrown1023</debug>
@@ -171,6 +187,11 @@
       <debug>TheLetterE</debug>
       <debug>Golbez</debug>
       <debug>Mbimmler</debug>
+      <debug>AndrewB</debug>
+      <debug>wimt</debug>
+      <debug>Snowolf</debug>
+      <debug>Mitchell</debug>
+      <debug>werdan7</debug>
       <info>Karlprof</info>
       <info>Martinp23</info>
       <info>Pilotguy</info>
@@ -192,10 +213,10 @@
       <low>mike42</low>
       <low>Pilotguy</low>
       <low>kloeri</low>
+      <low>Cometstyles</low>
     </hilights>
     <msgs>
       <debug>#wikimedia-ops</debug>
-      <debug>##wikimedia-ops</debug>
     </msgs>
   </channel>
   <channel id="#wikipedia-bag" op="no">
@@ -207,7 +228,7 @@
     </msgs>
   </channel>
   <channel id="#wikipedia-en" op="yes">
-    <hilights none="ST47">
+    <hilights>
       <debug>Cometstyles</debug>
       <debug>Majorly</debug>
       <debug>Worby</debug>
@@ -218,12 +239,16 @@
       <debug>werdan7</debug>
       <debug>Animum</debug>
       <debug>Deskana</debug>
+      <debug>Martinp23</debug>
+      <debug>Snowolf</debug>
+      <debug>Mitchell</debug>
       <low>AppleBoy</low>
       <low>Soms</low>
       <low>Martinp23</low>
       <low>Cbrown1023</low>
       <low>TheLetterE</low>
       <low>KFP</low>
+      <low>Snowolf</low>
     </hilights>
     <msgs>
       <debug>#wikimedia-ops</debug>
@@ -236,6 +261,8 @@
       <debug>werdan7</debug>
       <debug>GDonato</debug>
       <debug>TheLetterE</debug>
+      <debug>Cometstyles</debug>
+      <debug>Thehelpfulone</debug>
     </hilights>
     <msgs>
       <debug>#wikimedia-ops</debug>
@@ -243,6 +270,7 @@
   </channel>
   <channel id="#wikipedia-en-roads">
     <hilights></hilights>
+    <msgs></msgs>
   </channel>
   <channel id="#wikipedia-en-roads-us" op="yes">
     <hilights>
@@ -254,6 +282,8 @@
   </channel>
   <channel id="#wikipedia-overflow" op="no">
     <hilights>
+      <debug>Mitchell</debug>
+      <debug>Snowolf</debug>
       <low>Eagle-101</low>
       <low>Mbimmler</low>
       <low>Pilotguy</low>
@@ -279,26 +309,26 @@
     <msgs></msgs>
   </channel>
   <channel id="master">
+    <event id="advflood" action="ban" class="advsplitflood" reason="advanced distributed flooding" risk="debug" time="0" type="public,part,caction">5:3</event>
     <event id="autoremove" action="none" class="re" reason="on chanserv autoremove" risk="info" time="0" type="part">^requested by ChanServ</event>
     <event id="blacklist" action="none" class="strbl" reason="sending message containing blacklisted content" risk="low" time="0" type="public">blah</event>
     <event id="ctcp-dcc" action="ban" class="re" reason="ctcp-dcc" risk="high" time="0" type="cdcc">.*</event>
-    <event id="dcc" action="ban" class="re" override="dcc-medium" reason="using the DC.C SE.ND exploit" risk="high" time="0" type="public">^DCC SEND |\bDCC SEND &quot;?[A-Za-z0-9]+&quot;? \d+ \d+ \d+</event>
+    <event id="dcc" action="ban" class="re" override="dcc-medium" reason="using the DC.C SE.ND exploit" risk="high" time="0" type="public">^DCC (SEND|S?CHAT) |\bDCC (SEND|S?CHAT) &quot;?[A-Za-z0-9]+&quot;? \d+ \d+ \d+</event>
     <event id="dcc-medium" action="ban" class="re" reason="using the DC.C SE.ND exploit" risk="medium" time="0" type="public">DCC SEND </event>
     <event id="dcc-part" action="ban" class="re" reason="using the DC.C SE.ND exploit in a part message" risk="high" time="0" type="part">DCC SEND </event>
     <event id="dcc-topic" action="ban" class="re" reason="setting a bad topic" risk="medium" time="0" type="topic">\bDCC SEND </event>
     <event id="ddos_countdown" action="none" class="re" reason="doing the ddos countdown thing" risk="medium" time="0" type="public">^... DDOS COUNTDOWN.*</event>
-    <event id="dronebl" action="ban" class="dnsbl" override="ahbl" reason="in dnsbl.dronebl.org" risk="info" time="0" type="join">dnsbl.dronebl.org</event>
-    <event id="efnet_rbl" action="none" class="dnsbl" reason="in rbl.efnet.org" risk="info" time="0" type="join">rbl.efnet.org</event>
+    <event id="efnet_rbl" action="none" class="dnsbl" reason="host $evhost is in rbl.efnet.org ($mylastreason)" risk="info" time="0" type="join">rbl.efnetrbl.org</event>
     <event id="genspam1" action="none" class="re" reason="generic spamming" risk="debug" time="0" type="public">([^ ]{4,} +)\1{5,}</event>
     <event id="goatse" action="ban" class="re" reason="posting goatse link" risk="low" time="0" type="public">goatse\.cz</event>
-    <event id="joinflood-3to20" action="none" class="floodqueue" reason="join flood (3 joins in 20 seconds)" risk="medium" time="0" type="join">3:20</event>
+    <event id="joinflood" action="none" class="floodqueue" reason="join flood (5 joins in 20 seconds)" risk="medium" time="0" type="join">5:20</event>
     <event id="keylogger" action="ban" class="re" override="keylogger-medium" reason="using the norton start-key-logger exploit" risk="high" time="0" type="public">^startkeylogger$|^stopkeylogger$</event>
     <event id="keylogger-medium" action="ban" class="re" reason="using the norton start-key-logger exploit" risk="medium" time="0" type="public">\bstartkeylogger\b|\bstopkeylogger\b</event>
     <event id="last_measure_regex" action="kban" class="re" reason="posting what appears to be a last measure link" risk="medium" time="0" type="public">http://\S+\.on\.nimp\.org</event>
     <event id="levenflood" action="none" class="levenflood" override="flood-5to3" reason="levenshtein flood match" risk="debug" time="0" type="public">contentisuseless</event>
+    <event id="lilotroll" action="none" class="re" reason="possible lilo-related trolling (&quot; $evcontent &quot;)" risk="medium" time="0" type="public"> cafe.* lilo.* tell.* RV</event>
     <event id="magical" action="none" class="ident" reason="typical w00t ident" risk="info" time="0" type="join">i=magical</event>
-    <event id="massflood" action="ban" class="splitflood" reason="distributed flooding" risk="high" time="0" type="public,part,caction">5:3</event>
-    <event id="advflood" action="ban" class="advsplitflood" reason="advanced distributed flooding" risk="debug" time="0" type="public,part,caction">5:3</event>
+    <event id="massflood" action="ban" class="splitflood" reason="distributed flooding" risk="high" time="0" type="public,part,caction">4:4</event>
     <event id="nickspam" action="ban" class="nickspam" reason="nickspamming" risk="high" time="0" type="public">150:20</event>
     <event id="notice" action="ban" class="re" reason="sending a notice to the channel" risk="medium" time="0" type="notice">.*</event>
     <event id="redarmyoflol" action="ban" class="re" reason="parting with 'red army of lol'" risk="low" time="0" type="part">RED ARMY OF LOL</event>
@@ -307,10 +337,11 @@
     <hilights>
       <debug>AfterDeath</debug>
       <debug>ST47</debug>
-      <debug>troubled</debug>
       <low>alindeman</low>
       <low>seanw</low>
       <medium>dave2</medium>
+      <medium>RichiH</medium>
+      <medium>troubled</medium>
     </hilights>
     <msgs>
       <debug>##asb-nexus</debug>
diff --git a/config-default/commands.xml b/config-default/commands.xml
index 5a4341c..3595281 100644
--- a/config-default/commands.xml
+++ b/config-default/commands.xml
@@ -1,4 +1,9 @@
 <commands>
+  <command cmd="^;source$">
+  <![CDATA[
+    $conn->privmsg($event->{to}->[0], "source is at http://svn.linuxrulz.org/repos/antispammeta");
+  ]]>
+  </command>
   <command cmd="^;sql (main|log) (.*)">
   <![CDATA[
     my $dbh = $::db->{DBH};
@@ -40,7 +45,7 @@
   <![CDATA[
     my $nick = lc $1;
     my $flags = $2;
-    if ($flags eq '') {
+    if ((!defined($flags)) || ($flags eq '')) {
       if (defined($::users->{person}->{$nick}->{flags})) {
         $conn->privmsg($event->{to}->[0], "Flags for $nick: $::users->{person}->{$nick}->{flags}");
       } else {
@@ -124,7 +129,7 @@
     $conn->privmsg($event->{to}->[0], "$nick removed from targets for $chan");
   ]]>
   </command>
-  <command cmd="^;showhilights (\S+)$" flag="a">
+  <command cmd="^;showhilights (\S+)$" flag="h">
   <![CDATA[
     my $nick = lc $1;
     my @channels = ();
@@ -142,7 +147,7 @@
     }
   ]]>
   </command>
-  <command cmd="^;hilight (\S+) (\S+) ?(\S*)$" flag="a">
+  <command cmd="^;hilight (\S+) (\S+) ?(\S*)$" flag="h">
   <![CDATA[
     my $chan = $1;
     my $nick = $2;
@@ -166,7 +171,7 @@
     $conn->privmsg($event->{to}->[0], "$nick added to $level risk hilights for $chan");
   ]]>
   </command>
-  <command cmd="^;dehilight (\S+) (\S+)" flag="a">
+  <command cmd="^;dehilight (\S+) (\S+)" flag="h">
   <![CDATA[
     my $chan = $1;
     my $nick = $2;
@@ -248,11 +253,12 @@
     $conn->privmsg($event->{to}->[0], $x . " exempted");
   ]]>
   </command>
-  <command cmd="^\!ops (#\S+)? ?(.*)">
+  <command cmd="^\!ops ?(#\S+)? ?(.*)">
   <![CDATA[
     my $tgt = $event->{to}->[0];
     $tgt = $1 if (defined($1));
-    my $msg = $2;
+    my $msg = $1;
+    $msg = $2 if defined($2);
     my $hilite=ASM::Util->commaAndify(ASM::Util->getAlert($tgt, 'opalert', 'hilights'));
     $conn->privmsg($_, "[$tgt] - $event->{nick} wants op attention ($msg) $hilite") foreach ASM::Util->getAlert($tgt, 'opalert', 'msgs');
   ]]>
diff --git a/config-default/dnsbl.xml b/config-default/dnsbl.xml
new file mode 100644
index 0000000..f4f51a3
--- /dev/null
+++ b/config-default/dnsbl.xml
@@ -0,0 +1,23 @@
+<dnsbl>
+  <query id="rbl.efnetrbl.org">
+    <response id="127.0.0.1">Open proxy</response>
+    <response id="127.0.0.2">Trojan spreader</response>
+    <response id="127.0.0.3">Trojan infected client</response>
+    <response id="127.0.0.4">TOR exit server</response>
+    <response id="127.0.0.5">Drones / Flooding</response>
+  </query>
+  <query id="dnsbl.dronebl.org">
+    <response id="127.0.0.1">Testing data</response>
+    <response id="127.0.0.2">Sample</response>
+    <response id="127.0.0.3">IRC Drone</response>
+    <response id="127.0.0.4">Tor</response>
+    <response id="127.0.0.5">Bottler</response>
+    <response id="127.0.0.6">Unknown spambot or drone</response>
+    <response id="127.0.0.7">DDOS drone</response> 
+    <response id="127.0.0.8">SOCKS proxy</response> 
+    <response id="127.0.0.9">HTTP proxy</response> 
+    <response id="127.0.0.10">ProxyChain</response> 
+    <response id="127.0.0.11">MediaDefender crap</response> 
+    <response id="127.0.0.255">Unknown</response>
+  </query>
+</dnsbl>
diff --git a/config-default/users.xml b/config-default/users.xml
index f0fc3a6..580d1a6 100644
--- a/config-default/users.xml
+++ b/config-default/users.xml
@@ -1,22 +1,33 @@
 <people>
-  <person id="afterdeath" flags="odat" host="IDENTIFY" />
-  <person id="alindeman" flags="odat" host="freenode/staff/alindeman" />
-  <person id="andrewb" flags="a" host="freenode/helper/ubuntu.member.AndrewB" />
+  <person id="afterdeath" flags="hodat" host="IDENTIFY" />
+  <person id="alindeman" flags="hodat" host="freenode/staff/alindeman" />
+  <person id="andrewb" flags="ha" host="freenode/helper/ubuntu.member.AndrewB" />
   <person id="animum" />
-  <person id="cchan" flags="odat" host="IDENTIFY" />
-  <person id="dave2" flags="odat" host="freenode/staff/dave2" />
-  <person id="denny" flags="+a" host="freenode/staff/denny" />
-  <person id="dmcdevit" flags="oat" host="IDENTIFY" />
-  <person id="filiated" flags="odat" host="IDENTIFY" />
-  <person id="karlprof" flags="a" host="freenode/helper/pdpc.student.karlprof" />
-  <person id="mark_ryan" flags="ot" host="wikimedia/mark" />
-  <person id="ompaul" flags="a" host="freenode/staff/gnewsense.ompaul" />
-  <person id="philkc" flags="odat" host="freenode/staff/philkc" />
-  <person id="sean_william" flags="a" host="IDENTIFY" />
-  <person id="seanw" flags="odat" host="freenode/staff/wikimedia.sean-whitton" />
-  <person id="slowking_man" flags="ot" host="IDENTIFY" />
-  <person id="st47" flags="odat" host="IDENTIFY" />
-  <person id="tomaw" flags="odat" host="freenode/staff/tomaw" />
-  <person id="troubled" flags="oat" host="pdpc/supporter/sustaining/troubled" />
-  <person id="wildpikachu" flags="odat" host="about/linux/staff/wildpikachu" />
+  <person id="cchan" flags="hodat" host="IDENTIFY" />
+  <person id="dave2" flags="hodat" host="freenode/staff/dave2" />
+  <person id="denny" flags="ha" host="freenode/staff/denny" />
+  <person id="dlange" host="freenode/staff/dlange" />
+  <person id="dmcdevit" flags="hoat" host="IDENTIFY" />
+  <person id="errantego" flags="t" host="unaffiliated/errantego" />
+  <person id="filiated" flags="hodat" host="IDENTIFY" />
+  <person id="gary" flags="hoa" host="freenode/staff/colchester-lug.gary" />
+  <person id="jonathand" host="freenode/helper/JonathanD" />
+  <person id="karlprof" flags="ha" host="freenode/helper/pdpc.student.karlprof" />
+  <person id="kloeri" flags="oah" host="freenode/staff/kloeri" />
+  <person id="mark_ryan" flags="hot" host="wikimedia/mark" />
+  <person id="monobi" flags="h" host="IDENTIFY" />
+  <person id="ompaul" flags="ha" host="freenode/staff/gnewsense.ompaul" />
+  <person id="philkc" flags="hodat" host="freenode/staff/philkc" />
+  <person id="pricechild" host="freenode/staff/ubuntu.member.pricechild" />
+  <person id="richih" flags="hodat" host="freenode/staff/richih" />
+  <person id="sean_william" flags="ha" host="IDENTIFY" />
+  <person id="seanw" flags="hodat" host="freenode/staff/wikimedia.sean-whitton" />
+  <person id="slowking_man" flags="hot" host="IDENTIFY" />
+  <person id="st47" flags="hodat" host="IDENTIFY" />
+  <person id="tomaw" flags="hodat" host="freenode/staff/tomaw" />
+  <person id="troubled" flags="hoat" host="pdpc/supporter/sustaining/troubled" />
+  <person id="vorian" host="freenode/staff/ubuntu.member.vorian" />
+  <person id="wildpikachu" flags="hodat" host="about/linux/staff/wildpikachu" />
+  <person id="wimt" flags="hoat" host="IDENTIFY" />
+  <person id="zofrex" host="freenode/helper/zofrex" />
 </people>
-- 
cgit v1.2.3