blob: 9b5d0c169fca993be46619f7d7910891c6f44080 (
plain) (
blame)
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
|
<events>
<event id="ahbl" class="dnsbl" reason="host $evhost is in dnsbl.ahbl.org ( $xresult )" risk="info" type="join">dnsbl.ahbl.org</event>
<event id="blacklist" class="strbl" reason="sending message containing blacklisted content" risk="low" type="public,part,quit,caction">blah</event>
<event id="ctcp-dcc" class="re" reason="ctcp-dcc" risk="high" type="cdcc">.*</event>
<event id="ctcp-ping" class="re" reason="channel-wide CTCP PING" risk="medium" type="cping">.*</event>
<event id="ctcp-version" class="re" reason="channel-wide CTCP VERSION" risk="medium" type="cversion">.*</event>
<event id="debugme" class="re" reason="sending a string designed to trigger a debug test alert, disregard this" risk="debug" type="public">debug antispammeta debug</event>
<event id="fakechristel" class="nuhg" reason="christel's nick but not host" risk="medium" type="join">(?i)chr[i1]ste[l1].*</event>
<event id="fakeglobal" class="re" override="notice" reason="fake global notice" risk="high" type="notice">(?i)\[global notice\]</event>
<event id="floodqueue10-20" class="floodqueue" reason="flooding (10 msgs in 20 seconds)" risk="low" type="public,caction">10:20</event>
<event id="massflood" class="splitflood" reason="distributed flooding" risk="high" type="public,caction">4:4</event>
<event id="nickspam" class="nickspam" reason="nickspamming" risk="high" type="public">60:10</event>
<event id="notice" class="re" reason="sending a notice to the channel" risk="medium" type="notice">.*</event>
<event id="phishing1" class="re" override="notice" reason="trying to steal passwords (v1)" risk="high" type="notice">identify.*/msg .* identify <password></event>
<event id="phishing2" class="re" override="notice" reason="trying to steal passwords (v2)" risk="high" type="notice">^This nickname is registered</event>
<event id="proxylist" class="proxy" reason="IP is blacklisted" risk="info" type="join">lolz</event>
<event id="banevade" class="banevade" reason="appears to be ban evading" risk="debug" type="join">contentisuseless</event>
<event id="joinfloodquiet" class="floodqueue2" reason="join flood (3 joins in 90 seconds) by quieted user" risk="debug" type="join">5:30</event>
</events>
|
