Spammers on the hub

[Phoenix]

problems are growing again with it ..
[22:15] <Poortwachter> [HI]

• IP: 88.81.144.231 <G€€Z€R™> [Mainchat] Command failed: +clean
[22:15] <Poortwachter>

[FI]

• [AddBan] MrRobin added nickban 'magiclove.no-ip.org' until: 2014/10/28 22:15:34.
[22:15] <Poortwachter>

[HI]

• IP: 86.81.104.177 <MrRobin> [Mainchat] Command successful: !bannick magiclove.no-ip.org
[22:17] <Poortwachter>

[HI]

• IP: 86.81.104.177 <MrRobin> [FlexChat] Command failed, no permission: !addpattern NI "%d+%.%d+%.%d+%.%d+" -p-1 -a16 -r2 "Illegal Syntax detected in your nickname, Use a proper Nickname."
[22:02] <magiclove.no-ip.org>   <= = = = =   n.­­e.­­w   d.­­c..­­h..­­u.­­b     v.­­.­­i.­­p   .. o..­­..p  -- p.­­r..­­v  M­or'du­

hoe do i fix it ?

[FlipFlop™]

I'll try to answer the things that I think wrong:

1. +clean isn't a default FlexHub command, but you can add it as textcommand:

!addcmd clean -u4 -h"Clean mainchat" "paste your big cleantext here"

The -u specifies which profile (and higher) can use the command.
The -h option specifies the name for the rightclick that will be added for it (users need to reconnect to the hub to receive that)
Make sure you don't forget the first and last " character around the text.

2. MrRobin doesn't have permission for settings commands, those are the ones in !sethelp. To give him those rights, if he has for example profile NetAdmin:

!allow NetAdmin setcmd

3. The pattern that MrRobin tried to add:
 

!addpattern NI "%d+%.%d+%.%d+%.%d+" -p-1 -a16 -r2 "Illegal Syntax detected in your nickname, Use a proper Nickname."

This will only stop IP addresses in nickname, because %d matches only numbers. Use "%S+%.%S+%.%S+" as pattern to stop addresses like: abc.def.ghi   %S will match any non-space character.

Pattern matching is very powerful but also not very easy, to learn more about pattern matching check here: http://flexhub.org/wiki/index.php?title=Pattern_Matching

I hope this helps!

[Phoenix]

ok FlipFlop thx for the info now i have mainchat turn off only for reg users it`s working.
because there are many botnets who advertise from other hub`s.
command >>>   !allow user mc false
There was a discussion for advertise in nickname but that is be solved already now
!addpattern NI "%d+%.%d+%.%d+%.%d+" -p-1 -a16 -r2 "Illegal Syntax detected in your nickname, Use a proper Nickname."
!modpattern NI "%d+%.%d+%.%d+%.%d+" -p-1 -a16 -r2 "Illegal Syntax detected in your nickname, Use a proper Nickname."
!addpattern MC "%S+%.%S+%.%S+" -p-1 -a16 -r2 "Don't use webaddresses in mainchat."

Now i know a little more
thx for info 

[Phoenix]

have a idea to reduce the big banlogfiles because a few ip`s are responceble for a big kicklog and to protect the function from kicking users for a log time instead of a blacklist for banning users with the same ip responseble for big log files.

First the botnet`s there are several botnet who advertise to grow up fakehub`s from te, and i think that the botnet`s going all hub`s from dc to advertise from itself .. this is a examble

[10:40] <Poortwachter> [FI]

• [Pattern] [PM] <aahgdlclec> IP: 95.243.3.85  sent a private message matching pattern: %S+:// / Message: Piter  hub      dchub://piter.dc-hub.net:411    LHYIL / Output: Your private message matches a forbidden pattern: Piter  hub      dchub://piter.dc-hub.net:411    LHYIL / Action: Kick OK: Kicked. Maximum kicks for: aahgdlclec is reached:  IP banned.

Then the advertise user with wrong nickname
[16:49] <Poortwachter> [FI]

• [Pattern] [NI] <Ardeal.no.ip.org(port412)> IP: 93.167.22.47  sent a nickname matching pattern: %S+%.%S+%.%S+ / Message: Ardeal.no.ip.org(port412) / Output: Illegal Syntax detected in your nickname, Use a proper Nickname. / Action: Disconnect OK: User disconnected.
[14:55] <Poortwachter>

[FI]

• [Pattern] [NI] <85...cizy> IP: 109.102.184.76  sent a nickname matching pattern: %S+%.%S+%.%S+ / Message: 85...cizy / Output: Illegal Syntax detected in your nickname, Use a proper Nickname. / Action: Disconnect OK: User disconnected.
[14:48] <Poortwachter>

[FI]

• [Pattern] [NI] <85...cizy> IP: 109.102.132.121  sent a nickname matching pattern: %S+%.%S+%.%S+ / Message: 85...cizy / Output: Illegal Syntax detected in your nickname, Use a proper Nickname. / Action: Disconnect OK: User disconnected.
[13:38] <Poortwachter>

[FI]

• [Pattern] [NI] <85...cizy> IP: 109.102.189.13  sent a nickname matching pattern: %S+%.%S+%.%S+ / Message: 85...cizy / Output: Illegal Syntax detected in your nickname, Use a proper Nickname. / Action: Disconnect OK: User disconnected.
[12:17] <Poortwachter>

[FI]

• [Pattern] [NI] <78.105.11.183:30123> IP: 120.62.165.243  sent a nickname matching pattern: %S+%.%S+%.%S+ / Message: 78.105.11.183:30123 / Output: Illegal Syntax detected in your nickname, Use a proper Nickname. / Action: Disconnect OK: User disconnected.

And i search for the ip who has ddos attack ..

[17:51] <Poortwachter> [FI] [-2] [DDOS] Attack detected on port: 411.
[17:51] <Poortwachter> [FI] [-1] [DDOS] Attack report for port: 411 / New IP's blocked: 0, rate: 0 per sec. / New conn. blocked: 12, rate: 1 per sec. / Total blocked: 15805
[17:52] <Poortwachter> [FI] [-2] [DDOS] Attack stopped on port: 411.

[18:39] <Poortwachter> [FI] [-2] [DDOS] Attack detected on port: 411.
[18:39] <Poortwachter> [FI] [-1] [DDOS] Attack report for port: 411 / New IP's blocked: 0, rate: 0 per sec. / New conn. blocked: 11, rate: 1 per sec. / Total blocked: 16155
[18:40] <Poortwachter> [FI] [-2] [DDOS] Attack stopped on port: 411.
[18:41] <Poortwachter> [FI] [-2] [DDOS] Attack detected on port: 411.
[18:41] <Poortwachter> [FI] [-1] [DDOS] Attack report for port: 411 / New IP's blocked: 0, rate: 0 per sec. / New conn. blocked: 12, rate: 1 per sec. / Total blocked: 16172

If you get all those ip`s from several hubs together at the day then you have a good blacklist and it also a idea to add the big list ip`s from peergardian to get a hugh banlist but a clean hub with very low advertising.

And there was a disscussion about the mainchat advertise. It looks like this
 <= = = = =   n.­­e.­­w   d.­­c..­­h..­­u.­­b     v.­­.­­i.­­p   .. o..­­..p  -- p.­­r..­­v  M­or'du­

and there is not much possible to do all sort of those advertising, maybe there is a solution to make a parten rul that only accept normal letters and filter more then 2 spaces and point and spaces between the letters and not kick the users but MUTE so only the message from the user who advertise are blocked. I think it`s possible and very intresting to block all MAINCHAT (MC) advertise muting with one or more pattern. 

[sergius_s]

"New conn. blocked: 12" <-- it is not DDoS, it's someone who has lousy internet or client DDoS - this is when to you go 20 thousand requests and more. You can use !showautobans - there will be those IP's. But so you add to blacklist of many innocent people...
 About patterns - it depends on your imagination, you can do patterns which you want for your hub(eg http://www.flexhub.org/forum/index.php/topic,50.0.html)

[tiwgr]

please how to stop spam / ads messages

someone using this Ardeal.no.ip.org , Magic-love.no-ip.org nickname or send message with him.

send spam / ads messages to main chat window

[FlipFlop™]

The best way to stop nicknames like that from coming into the hub is adding a pattern like this:

!addpattern NI "%S+%.%S+%.%S+" -p-1 -a32 -r2"You can stop trying to advertize, FlexHub will always win!"

This will kick unregistered users with a nickname like a.b.c or www.blabla.com etc.

%S matches a non-space character, %S+ matches one or more of these
%. matches an actual dot: .  the % has to be in front of it because otherwise a dot in patterns matches any character
-p-1 = profilelevel -1 = checks unregistered users, -p0 = checks unregistered and registered users
-a32 = action 32 = kick, use -a16 for disconnect, or -a64 for ban
-r2 = replace default kick/banmessage with this text

You can use the same pattern for mainchat:

!addpattern MC "%S+%.%S+%.%S+" -p-1 -a32 -r2"You can stop trying to advertize, FlexHub will always win!"

[tiwgr]

thank you

give pattern

i hope stop this spammers

P.S how to stop this guys if you know on hexhub , ptokax?

[tiwgr]

i recieve this email from us

Dear FlexHub owners,

A spambot has been trying to wreak havoc (a bit of a poor attempt) using some characters that can't be displayed and thereby avoiding common used patterns to detect spam. It's useless really since even copying and pasting the address won't make a connection to the hub, but it's a bit annoying.

The following commands will stop that spam:

!addpattern MC "%S%S+%.%S%S+%.%S%S+" -a32 -p-1 -r2"Don't try to advertize, FlexHub will always win!"
!addpattern PM "%S%S+%.%S%S+%.%S%S+" -a32 -p-1 -r2"Don't try to advertize, FlexHub will always win!"
!addpattern NI "%S%S+%.%S%S+%.%S%S+" -a32 -p-1 -r2"Don't try to advertize, FlexHub will always win!"
(edited by FlipFlop to show proper !addpattern commands, the email mentioned !addcmd)

I hope this helps avoiding some annoyance, if not, please let us know on the flexhub.org forum.

Regards,
The FlexHub Forum Team.

http://www.flexhub.org/forum/index.php

Thank you

i have add this pattern
 
My personal opinion you are the BEST DC++ Hub Software (i am using HexHub and PtokaX but i think to stop it and reason no support - no scripts - no help to stop spammers) and keep only your dc hub software.

you are save me for DC++ Hub Spammers.

[FlipFlop™]

Thanks for the awesome compliment!

[sergius_s]

Always nice to hear that you are doing a good, reliable and necessary thing and the fact that smart people understand it  

And we try to make the best possible support always. 

[FlipFlop™]

There's an error in the email I've sent, the command should be !addpattern and not !addcmd:

!addpattern MC "%S%S+%.%S%S+%.%S%S+" -a32 -p-1 -r2"Don't try to advertize, FlexHub will always win!"
!addpattern PM "%S%S+%.%S%S+%.%S%S+" -a32 -p-1 -r2"Don't try to advertize, FlexHub will always win!"
!addpattern NI "%S%S+%.%S%S+%.%S%S+" -a32 -p-1 -r2"Don't try to advertize, FlexHub will always win!"

-a32 will kick, if you want to ban, use -a64
-p-1 will only check unregistered users, if you want to check registered users too (level 0) use -p0
-r2 uses this line as kick/ban reason


If you have already used the !addcmd lines, use this to remove them:

!delcmd PM
!delcmd NI
(!delcmd MC isn't needed, because !mc is a default hubcommand, which can't be deleted or changed)

Sorry for the inconvenience.

[Phoenix]

Even spammers on the hub ..
MC pattern not working ..
<slojchuk>     dchub://allavtovo.ru

<Poortwachter> *** !showpattern MC
<Poortwachter>

   Showing patterns for: MC mainchat message (priority ordered)

   Profile   Actions   Pattern            Actions
   ________________________________________________________________________________

   -1   4   "%S+%.%S+%.%S+"                    Warn       Replace line with:      Don't use webaddresses in mainchat.
   -1   4   "%S+://"                           Warn       Replace line with:      Don't use webaddresses in mainchat.
   -1   4   "[Ww][Ww][Ww]%."                   Warn       Replace line with:      Don't use webaddresses in mainchat.
   -1   4   "%d+%.%d+%.%d+%.%d+"               Warn       Replace line with:      Don't use webaddresses in mainchat.

[sergius_s]

Your patterns are set up to profile -1(user), maybe spammer has a profile Reg or above?

You can use eg: !modpattern MC "%S+://" -p1

And change the pattern "%S+%.%S+%.%S+" on pattern "%S%S+%.%S%S+%.%S%S+" - so there will be less false positives

[FlipFlop™]

They could use characters that aren't displayed to work around the "%S+://" pattern, you could try this:

!addpattern MC "%S+:%S-/%S-/" -a32 -p-1 -r2"Don't try to advertize, FlexHub will always win!"

Or as sergius_s mentioned, they may have registered, then change to -p-1 to -p0 to check registered users too.