From fdb1d6257cb9871c687e13b1ac1ec038ed2529e4 Mon Sep 17 00:00:00 2001 From: William Heimbigner Date: Thu, 7 Mar 2013 10:35:43 +0000 Subject: Added logging of kicks/bans/quiets/removes/klines/kills to a special SQL table and corresponding text files Enabled SQL debugging Bugfix: Only attempt to determine a host's IP if it doesn't contain a '/' Updates to channels.xml and users.xml Adjusted ;userx add and ;userx flags such that A cannot give B a flag that A doesn't already have Tweaked the ;help command Fixed ;mship such that it will respond even if it can't see the nick provided. Tweaked ;status to give output in format like 7d22h18m3s instead of 9814798712 seconds Added a ;teredo helper command to give info on IPv6 teredo-tunneled connections Added a nick blacklist file (to counter bot nicklists). Added a english wordlist file, for "garbage" detection. Added ;investigate and ;investigate2 commands Added a way to not throttle info-risk threats Added special detection for a cycling botnet Added special detection for bots that join, say something, and immediately quit Added detection for ascii art Added detection for "garbage" text Added fuzzy-matching against a set of nicks Added "real IP" to state tracking and logging, which "decrypts" gateway/web and teredo IPs Moved sigalarm code into meta.pl Improved statsp tracking, and logs it to a file Ping-pong every 30 seconds, auto-reconnect on persistent lag. Ensure inspector routine is always called AFTER log-handling routines Fixed a state-tracking bug in topic change handling Fixed a state-tracking bug with nick changes Fixed some state-tracking bugs with mode changes Determine who is impacted when a quiet/ban mask is placed Fixed handling of CTCP SOURCE requests Added feature where it keeps a 30 line "backlog" of each channel in memory. Added the reason for parts and quits to text logging --- config-default/channels.xml | 187 +++++++++++++++++++++++--------------------- config-default/commands.xml | 157 +++++++++++++++++++++++++++++++++++-- config-default/mysql.xml | 1 + config-default/settings.xml | 1 + config-default/users.xml | 26 +++--- 5 files changed, 266 insertions(+), 106 deletions(-) (limited to 'config-default') diff --git a/config-default/channels.xml b/config-default/channels.xml index 178a0bb..830a0eb 100644 --- a/config-default/channels.xml +++ b/config-default/channels.xml @@ -41,10 +41,17 @@ ##hamradio-ops + + + + + + + Dominian @@ -106,6 +113,7 @@ vegadark + Furry @@ -117,6 +125,7 @@ Thehelpfulone werdan7 njan + PZt numist HentaiXP TechSalvager @@ -138,8 +147,15 @@ - - + + + + + + + + + @@ -196,7 +212,9 @@ - + + Nietzsche + @@ -233,12 +251,10 @@ - flyingparchment - roberthl Snowolf - seanw + techman224 charitwo - vvv + Jasper_Deng #wikimedia-ops @@ -255,14 +271,13 @@ + - KyleXY - kylexy TheMoonMaster Paradox Mortvert @@ -333,20 +348,20 @@ - Martinp23 PeterSymonds - vvv AfterDeath - DeltaQuad Snowolf Thehelpfulone Tanvir jeremyb Logan_ + Rjd0060 charitwo Rjd0060 Fluffernutter TBloemink + Steven_Zhang + DeltaQuad #wikimedia-ops @@ -360,12 +375,29 @@ Thehelpfulone Snowolf Logan_ - Kanonkas + Rjd0060 + James_F #wikimedia-ops + + + seanw + martinp23 + Rjd0060 + Cbrown1023 + dungodung + PeterSymonds + Barras + Thehelpfulone + + + #wikimedia-ops + #wikimedia-ops + + mbimmler @@ -378,21 +410,17 @@ Theo10011 Ironholds - - #wikimedia-ops - + Cbrown1023 Thehelpfulone - Not_the_NSA - Kanonkas PeterSymonds - AfterDeath Logan_ jeremyb AfterDeath + Snowolf charitwo TBloemink Mh7kJ @@ -427,9 +455,7 @@ fschulenburg Bastique - - #wikimedia-ops - + @@ -445,6 +471,7 @@ PeterSymonds Snowolf Thehelpfulone + Rjd0060 Snowolf Rjd0060 TBloemink @@ -464,11 +491,19 @@ Thehelpfulone Snowolf Rjd0060 + techman224 + Jasper_Deng #wikimedia-ops + + + + + + Austin @@ -481,53 +516,36 @@ Simetrical Werdna - - #wikimedia-ops - + - Golbez Prodego Snowolf AfterDeath Thehelpfulone werdan7 - wimt - Jake_Wartenberg shimgray - kibble PeterSymonds Jamesofur killiondude SpitfireWP jeremyb - Maximillion stwalkerster - DeltaQuad Gfoley4 Logan_ - Theo10011 Snowolf Tanvir TBloemink Rjd0060 Shirik - bumm13_ - Cyrius + Steven_Zhang DanielB FastLizard4 James_F JohnReaves - Lucifer_Cat - Luna-San - Mike42 - Mike_H - skenmy - ST47 - tawker slakr - Courcelles + DeltaQuad closedmouth Fluffernutter @@ -555,8 +573,6 @@ Jamesofur SpitfireWP jeremyb - DeltaQuad - Theo10011 Gfoley4 Logan_ Snowolf @@ -564,12 +580,10 @@ Shirik TBloemink Rjd0060 - Cobi - Golbez + DeltaQuad agkwiki KFP slakr - Courcelles closedmouth Fluffernutter @@ -581,41 +595,21 @@ Thehelpfulone jamesofur - Nixeagle DeltaQuad - Netalarm - JoeGazz84 - MacMed Snowolf - - #wikimedia-ops - #wikimedia-ops - + - anowlin - ragesoss stwalkerster - chzz Prodego - Deskana - Pathoschild - fetchcomms - BarkingFish - Cbrown1023 - Earwig - ldavis - annielin PeterSymonds Shirik Fluffernutter Thehelpfulone - - #wikimedia-ops - + @@ -623,25 +617,13 @@ werdan7 - GDonato Thehelpfulone - Mike42 - bjelleklang - JohnReaves - After-Midnight - Srikeit - Deon555 - Luna-San - Golbez stwalkerster PeterSymonds - Hersfold killiondude - DeltaQuad Logan_ Shirik slakr - JoeGazz84 Steven_Zhang SteveMobile TBloemink @@ -649,11 +631,13 @@ Tanvir TBloemink Ocaasi + Rjd0060 mabdul + gwickwire KFP Gfoley4 - sonia Pine + DeltaQuad #wikimedia-ops @@ -672,12 +656,35 @@ PeterSymonds Shirik + + + + + + + + + + + + #wikimedia-ops + + + + + + + + Snowolf + Rschen7754 + Thehelpfulone + Logan_ + #wikimedia-ops - #wikimedia-ops - + #wikimedia-ops @@ -698,11 +705,14 @@ Wytukaze Tawker - - #wikimedia-ops - + + + + + + + - @@ -714,7 +724,6 @@ dave2 - ##asb-nexus #antispammeta diff --git a/config-default/commands.xml b/config-default/commands.xml index a3a1695..8154271 100644 --- a/config-default/commands.xml +++ b/config-default/commands.xml @@ -1,19 +1,69 @@ - + + me($event->replyto, "makes " . $event->{nick} . " a sandwich"); + ]]> + + + privmsg($event->replyto, "This is not a teredo-tunnelled IP."); + return; + } + print Dumper(\@splitip); + my $server = join('.', unpack('C4', pack('N', hex($splitip[2] . $splitip[3])))); + my $host = join('.', unpack('C4', pack('N', (hex($splitip[6] . $splitip[7])^hex('ffffffff'))))); + my $port = hex($splitip[5]) ^ hex('ffff'); + $conn->privmsg($event->replyto, "Source is $host:$port; teredo server in use is $server."); +#hex('41379e76') ^ hex('ffffffff'); print join ('.', unpack('C4', pack('N', $ip))) . "\n" +#join '.', unpack "C*", pack "H*", $ip; + #2001:0:4137:9e76:3094:127d:51a2:6952 + #2001:0 - teredo marker + #4137:9e76 - teredo server + #3094 - teredo flags + #127d - xor 0xff - UDP port in use + #51a2:6952 - xor 0xff - source IP + ]]> + + privmsg($event->replyto, "This bot has been running for " . (time - $::starttime) . " seconds" . + my $upstr = ''; + my $up = (time - $::starttime); + if (int($up/86400) != 0) { #days + $upstr = $upstr . int($up/86400) . 'd'; + $up = $up % 86400; + } + if (int($up/3600) != 0) { #hours + $upstr = $upstr . int($up/3600) . 'h'; + $up = $up % 3600; + } + if (int($up/60) != 0) { #minutes + $upstr = $upstr . int($up/60) . 'm'; + $up = $up % 60; + } + if (int($up/1) != 0) { #seconds + $upstr = $upstr . int($up/1) . 's'; + $up = $up % 1; + } + $conn->privmsg($event->replyto, "This bot has been running for " . $upstr . ", is tracking " . (scalar (keys %::sn)) . " nicks" . " across " . (scalar (keys %::sc)) . " tracked channels." . " It is using " . $size . "KB of RAM" . " and has used " . $cputime . " of CPU time."); ]]> - + privmsg($event->replyto, $1 . " is on: " . ASM::Util->commaAndify(sort @{$::sn{lc $1}->{mship}})); + if (defined($::sn{lc $1}->{mship})) { + $conn->privmsg($event->replyto, $1 . " is on: " . ASM::Util->commaAndify(sort @{$::sn{lc $1}->{mship}})); + } else { + $conn->privmsg($event->replyto, "I don't see $1."); + } ]]> @@ -46,8 +96,8 @@ privmsg($event->replyto, "help is at http://meta.wikimedia.org/wiki/User:WHeimbigner/AntiSpamMeta"); - $conn->privmsg($event->replyto, "You can also get faster help by emailing william dot heimbigner at ttu dot edu - or bug ErrantEgo or tomaw"); + $conn->privmsg($event->replyto, "command list is at http://antispammeta.net/syntax.txt ; see also http://meta.wikimedia.org/wiki/User:WHeimbigner/AntiSpamMeta (not as up to date but contains some additonal info)"); + $conn->privmsg($event->replyto, "You can also get faster help by bugging ow, DLa\x02\x02nge, tom\x02\x02aw, or mari\x02\x02enz"); ]]> @@ -63,10 +113,95 @@ $conn->privmsg($event->replyto, "$result results found."); ]]> + + privmsg($event->replyto, "I don't see $nick in my state tracking database, so I can't run any queries on their info, sorry :(" . + " You can try https://antispammeta.net/cgi-bin/secret/investigate.pl?nick=$nick instead!"); + return; + } + my $person = $::sn{$nick}; + my $dbh = $::db->{DBH}; + + my $mnicks = $dbh->do("SELECT * from $::db->{ACTIONTABLE} WHERE nick like " . $dbh->quote($nick) . ';'); + my $musers = $dbh->do("SELECT * from $::db->{ACTIONTABLE} WHERE user like " . $dbh->quote($person->{user}) . ';'); + my $mhosts = $dbh->do("SELECT * from $::db->{ACTIONTABLE} WHERE host like " . $dbh->quote($person->{host}) . ';'); + my $maccts = $dbh->do("SELECT * from $::db->{ACTIONTABLE} WHERE account like " . $dbh->quote($person->{account}) . ';'); + my $mgecos = $dbh->do("SELECT * from $::db->{ACTIONTABLE} WHERE gecos like " . $dbh->quote($person->{gecos}) . ';'); + + my $ip = ASM::Util->getNickIP($nick); + my $matchedip = 0; + $matchedip = $dbh->do("SELECT * from $::db->{ACTIONTABLE} WHERE ip = " . $dbh->quote($ip) . ';') if defined($ip); + $conn->privmsg($event->replyto, "I found $mnicks matches by nick, $musers user matches, $mhosts by hostname, " . + "$maccts by NickServ account, $mgecos by gecos field, and $matchedip by real IP."); + ]]> + + + privmsg($event->replyto, "I don't see $nick in my state tracking database, so I can't run any queries on their info, sorry :(" . + " You can try https://antispammeta.net/cgi-bin/secret/investigate.pl?nick=$nick instead!"); + return; + } + my $person = $::sn{$nick}; + my $dbh = $::db->{DBH}; + + my $query = "SELECT * from $::db->{ACTIONTABLE} WHERE nick like " . $dbh->quote($nick) . + ' or user like ' . $dbh->quote($person->{user}) . + ' or host like ' . $dbh->quote($person->{host}) . + ' or account like ' . $dbh->quote($person->{account}) . + ' or gecos like ' . $dbh->quote($person->{gecos}); + my $ip = ASM::Util->getNickIP($nick); + if (defined($ip)) { + $query = $query . ' or ip = ' . $dbh->quote($ip); + } + $query = $query . " order by time desc limit $skip,5;"; + print Dumper($query); + my $query_handle = $dbh->prepare($query); + $query_handle->execute(); + my @data = @{$query_handle->fetchall_arrayref()}; +# reverse @data; +#$data will be an array of arrays, + my ($xindex, $xtime, $xaction, $xreason, $xchannel, $xnick, $xuser, $xhost, $xip, $xgecos, $xaccount, $xbynick, $xbyuser, $xbyhost, $xbygecos, $xbyaccount ) = + ( 0, 1, 2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12, 13, 14, 15); + $conn->privmsg($event->replyto, "PM'ing you the list of results"); + foreach my $line (@data) { + my $reason = ''; + $reason = $line->[$xreason] if defined($line->[$xreason]); + $conn->privmsg($event->nick, '#' . $line->[$xindex] . ': ' . $line->[$xtime] . ' ' . + $line->[$xnick] . '!' . $line->[$xuser] . '@' . $line->[$xhost] . ' (' . $line->[$xgecos] . ') ' . + $line->[$xaction] . ' (' . $reason . ')' . + ' on ' . $line->[$xchannel] . ' by ' . $line->[$xbynick]); # . "\n"; + } + my $dq = ''; + if (defined($ip)) { + $dq = '&realip=' . join '.', unpack 'C4', pack 'N', $ip; + } + $conn->privmsg($event->nick, "Only 5 results are shown at a time. For more, do ;investigate2 $nick " . ($skip+5) . + ' or better yet, check out https://antispammeta.net/cgi-bin/secret/investigate.pl?nick=' . uri_escape($nick) . + '&user=' . uri_escape($person->{user}) . '&host=' . uri_escape($person->{host}) . '&account=' . uri_escape($person->{account}) . + '&gecos=' . uri_escape($person->{gecos}) . $dq ); +# print Dumper($data); + ]]> + {person}->{lc $::sn{lc $event->{nick}}->{account}}->{flags})) { + $hasflagshash{$item} = 1; + } + foreach my $flag (split(//, $flags)) { + if (!defined($hasflagshash{$flag})) { + $conn->privmsg($event->replyto, "You can't give a flag you don't already have."); + return; + } + } if ($flags =~ /d/i) { $conn->privmsg($event->replyto, "The d flag may not be assigned over IRC. Edit the configuration manually."); return; @@ -95,6 +230,16 @@ {person}->{lc $::sn{lc $event->{nick}}->{account}}->{flags})) { + $hasflagshash{$item} = 1; + } + foreach my $flag (split(//, $flags)) { + if (!defined($hasflagshash{$flag})) { + $conn->privmsg($event->replyto, "You can't give a flag you don't already have."); + return; + } + } if ($flags =~ /d/i) { $conn->privmsg($event->replyto, "The d flag may not be assigned over IRC. Edit the configuration manually."); return; diff --git a/config-default/mysql.xml b/config-default/mysql.xml index 3f66147..10aca77 100644 --- a/config-default/mysql.xml +++ b/config-default/mysql.xml @@ -3,6 +3,7 @@ PASS asm_main alertlog
+ actionlog localhost 3307 diff --git a/config-default/settings.xml b/config-default/settings.xml index 66eab42..b128cac 100644 --- a/config-default/settings.xml +++ b/config-default/settings.xml @@ -21,6 +21,7 @@ logs/ + actionlogs/ -%m-%d-%Y.log %B %d %T GMT diff --git a/config-default/users.xml b/config-default/users.xml index 7902bcc..ecf8de3 100644 --- a/config-default/users.xml +++ b/config-default/users.xml @@ -1,14 +1,18 @@ - + + - + + + + @@ -18,28 +22,28 @@ - + - + + - + - + + - - - - - + + + -- cgit v1.2.3