From fdb1d6257cb9871c687e13b1ac1ec038ed2529e4 Mon Sep 17 00:00:00 2001 From: William Heimbigner Date: Thu, 7 Mar 2013 10:35:43 +0000 Subject: Added logging of kicks/bans/quiets/removes/klines/kills to a special SQL table and corresponding text files Enabled SQL debugging Bugfix: Only attempt to determine a host's IP if it doesn't contain a '/' Updates to channels.xml and users.xml Adjusted ;userx add and ;userx flags such that A cannot give B a flag that A doesn't already have Tweaked the ;help command Fixed ;mship such that it will respond even if it can't see the nick provided. Tweaked ;status to give output in format like 7d22h18m3s instead of 9814798712 seconds Added a ;teredo helper command to give info on IPv6 teredo-tunneled connections Added a nick blacklist file (to counter bot nicklists). Added a english wordlist file, for "garbage" detection. Added ;investigate and ;investigate2 commands Added a way to not throttle info-risk threats Added special detection for a cycling botnet Added special detection for bots that join, say something, and immediately quit Added detection for ascii art Added detection for "garbage" text Added fuzzy-matching against a set of nicks Added "real IP" to state tracking and logging, which "decrypts" gateway/web and teredo IPs Moved sigalarm code into meta.pl Improved statsp tracking, and logs it to a file Ping-pong every 30 seconds, auto-reconnect on persistent lag. Ensure inspector routine is always called AFTER log-handling routines Fixed a state-tracking bug in topic change handling Fixed a state-tracking bug with nick changes Fixed some state-tracking bugs with mode changes Determine who is impacted when a quiet/ban mask is placed Fixed handling of CTCP SOURCE requests Added feature where it keeps a 30 line "backlog" of each channel in memory. Added the reason for parts and quits to text logging --- modules/classes.pl | 75 ++++++++++++++++++++++++++++++++++++++++++++++++++++-- 1 file changed, 73 insertions(+), 2 deletions(-) (limited to 'modules/classes.pl') diff --git a/modules/classes.pl b/modules/classes.pl index f943976..fc8e9e7 100644 --- a/modules/classes.pl +++ b/modules/classes.pl @@ -26,13 +26,53 @@ sub new "nuhg" => \&nuhg, "levenflood" => \&levenflood, "proxy" => \&proxy, - "nickbl" => \&nickbl + "nickbl" => \&nickbl, + "nickfuzzy" => \&nickfuzzy, + "asciiflood" => \&asciiflood, + "joinmsgquit" => \&joinmsgquit, + "garbagemeter" => \&garbagemeter, + "cyclebotnet" => \&cyclebotnet }; $self->{ftbl} = $tbl; bless($self); return $self; } +sub garbagemeter { + my ($chk, $id, $event, $chan, $rev) = @_; + my @cut = split(/:/, $chk->{content}); + my $limit = int($cut[0]); + my $timeout = int($cut[1]); + my $threshold = int($cut[2]); + my $threshold2 = int($cut[3]); + my $wordcount = 0; + my $line = $event->{args}->[0]; + return 0 unless ($line =~ /^[A-Za-z: ]+$/); + my @words = split(/ /, $line); + return 0 unless ((scalar @words) >= $threshold2); + foreach my $word (@words) { + if (defined($::wordlist{lc $word})) { + $wordcount += 1; + } + return 0 if ($wordcount >= $threshold); + } + return 1 if ( flood_add( $chan, $id, 0, $timeout ) == $limit ); + return 0; +} + +sub joinmsgquit +{ + my ($chk, $id, $event, $chan, $rev) = @_; + my $time = $chk->{content}; +##STATE + $chan = lc $chan; #don't know if this is necessary but I'm trying to track down some mysterious state tracking corruption + return 0 unless defined($::sc{$chan}{users}{lc $event->{nick}}{jointime}); + return 0 unless defined($::sc{$chan}{users}{lc $event->{nick}}{msgtime}); + return 0 if ((time - $::sc{$chan}{users}{lc $event->{nick}}{jointime}) > $time); + return 0 if ((time - $::sc{$chan}{users}{lc $event->{nick}}{msgtime}) > $time); + return 1; +} + sub check { my $self = shift; @@ -40,6 +80,17 @@ sub check return $self->{ftbl}->{$item}->(@_); } +sub nickbl +{ + my ($chk, $id, $event, $chan, $rev) = @_; + my $match = lc $event->{nick}; + foreach my $line (@::nick_blacklist) { + if ($line eq $match) { + return 1; + } + } + return 0; +} sub proxy { my ($chk, $id, $event, $chan, $rev) = @_; @@ -85,7 +136,7 @@ sub levenflood return $ret; } -sub nickbl +sub nickfuzzy { my ($chk, $id, $event, $chan) = @_; my $nick = $event->{nick}; @@ -136,6 +187,26 @@ sub floodqueue { return 0; } +sub asciiflood { + my ($chk, $id, $event, $chan, $rev) = @_; + my @cut = split(/:/, $chk->{content}); + return 0 if (length($event->{args}->[0]) < $cut[0]); + return 0 if ($event->{args}->[0] =~ /[A-Za-z0-9]/); + return 1 if ( flood_add( $chan, $id, $event->{host}, int($cut[2]) ) == int($cut[1]) ); + return 0; +} + +sub cyclebotnet +{ + my ($chk, $id, $event, $chan, $rev) = @_; + my ($cycletime, $queueamt, $queuetime) = split(/:/, $chk->{content}); + $chan = lc $chan; #don't know if this is necessary but I'm trying to track down some mysterious state tracking corruption + return 0 unless defined($::sc{$chan}{users}{lc $event->{nick}}{jointime}); + return 0 if ((time - $::sc{$chan}{users}{lc $event->{nick}}{jointime}) > int($cycletime)); + return 1 if ( flood_add( $chan, $id, "cycle", int($queuetime)) == int($queueamt) ); + return 0; +} + sub nickspam { my ($chk, $id, $event, $chan) = @_; my @cut = split(/:/, $chk->{content}); -- cgit v1.2.3