FlexHub Forum

FlexHub General => Help / Support => Topic started by: Phoenix on October 28, 2013, 22:20:24

Title: Spammers on the hub
Post by: Phoenix on October 28, 2013, 22:20:24
problems are growing again with it ..
[22:15] <Poortwachter> [HI] [FI] [HI] [HI]
Title: Re: Spammers on the hub
Post by: FlipFlop™ on October 28, 2013, 22:51:49
I'll try to answer the things that I think wrong:

1. +clean isn't a default FlexHub command, but you can add it as textcommand:
Quote
!addcmd clean -u4 -h"Clean mainchat" "paste your big cleantext here"

The -u specifies which profile (and higher) can use the command.
The -h option specifies the name for the rightclick that will be added for it (users need to reconnect to the hub to receive that)
Make sure you don't forget the first and last " character around the text.

2. MrRobin doesn't have permission for settings commands, those are the ones in !sethelp. To give him those rights, if he has for example profile NetAdmin:
Quote
!allow NetAdmin setcmd

3. The pattern that MrRobin tried to add:
 
Quote
!addpattern NI "%d+%.%d+%.%d+%.%d+" -p-1 -a16 -r2 "Illegal Syntax detected in your nickname, Use a proper Nickname."

This will only stop IP addresses in nickname, because %d matches only numbers. Use "%S+%.%S+%.%S+" as pattern to stop addresses like: abc.def.ghi   %S will match any non-space character.

Pattern matching is very powerful but also not very easy, to learn more about pattern matching check here: http://flexhub.org/wiki/index.php?title=Pattern_Matching

I hope this helps!
Title: Re: Spammers on the hub
Post by: Phoenix on October 28, 2013, 23:59:14
ok FlipFlop thx for the info now i have mainchat turn off only for reg users it`s working.
because there are many botnets who advertise from other hub`s.
command >>>   !allow user mc false
There was a discussion for advertise in nickname but that is be solved already now
!addpattern NI "%d+%.%d+%.%d+%.%d+" -p-1 -a16 -r2 "Illegal Syntax detected in your nickname, Use a proper Nickname."
!modpattern NI "%d+%.%d+%.%d+%.%d+" -p-1 -a16 -r2 "Illegal Syntax detected in your nickname, Use a proper Nickname."
!addpattern MC "%S+%.%S+%.%S+" -p-1 -a16 -r2 "Don't use webaddresses in mainchat."

Now i know a little more
thx for info  ;D
Title: Re: Spammers on the hub
Post by: Phoenix on October 30, 2013, 02:09:29
have a idea to reduce the big banlogfiles because a few ip`s are responceble for a big kicklog and to protect the function from kicking users for a log time instead of a blacklist for banning users with the same ip responseble for big log files.

First the botnet`s there are several botnet who advertise to grow up fakehub`s from te, and i think that the botnet`s going all hub`s from dc to advertise from itself .. this is a examble

[10:40] <Poortwachter> [FI]

Then the advertise user with wrong nickname
[16:49] <Poortwachter> [FI] [FI] [FI] [FI] [FI]

And i search for the ip who has ddos attack ..

[17:51] <Poortwachter> [FI] [-2] [DDOS] Attack detected on port: 411.
[17:51] <Poortwachter> [FI] [-1] [DDOS] Attack report for port: 411 / New IP's blocked: 0, rate: 0 per sec. / New conn. blocked: 12, rate: 1 per sec. / Total blocked: 15805
[17:52] <Poortwachter> [FI] [-2] [DDOS] Attack stopped on port: 411.

[18:39] <Poortwachter> [FI] [-2] [DDOS] Attack detected on port: 411.
[18:39] <Poortwachter> [FI] [-1] [DDOS] Attack report for port: 411 / New IP's blocked: 0, rate: 0 per sec. / New conn. blocked: 11, rate: 1 per sec. / Total blocked: 16155
[18:40] <Poortwachter> [FI] [-2] [DDOS] Attack stopped on port: 411.
[18:41] <Poortwachter> [FI] [-2] [DDOS] Attack detected on port: 411.
[18:41] <Poortwachter> [FI] [-1] [DDOS] Attack report for port: 411 / New IP's blocked: 0, rate: 0 per sec. / New conn. blocked: 12, rate: 1 per sec. / Total blocked: 16172

If you get all those ip`s from several hubs together at the day then you have a good blacklist and it also a idea to add the big list ip`s from peergardian to get a hugh banlist but a clean hub with very low advertising.

And there was a disscussion about the mainchat advertise. It looks like this
 <= = = = =   n.­­e.­­w   d.­­c..­­h..­­u.­­b     v.­­.­­i.­­p   .. o..­­..p  -- p.­­r..­­v  M­or'du­

and there is not much possible to do all sort of those advertising, maybe there is a solution to make a parten rul that only accept normal letters and filter more then 2 spaces and point and spaces between the letters and not kick the users but MUTE so only the message from the user who advertise are blocked. I think it`s possible and very intresting to block all MAINCHAT (MC) advertise muting with one or more pattern.  :D
Title: Re: Spammers on the hub
Post by: sergius_s on October 30, 2013, 12:16:40
"New conn. blocked: 12" <-- it is not DDoS, it's someone who has lousy internet or client ;D DDoS - this is when to you go 20 thousand requests and more. You can use !showautobans - there will be those IP's. But so you add to blacklist of many innocent people...
 About patterns - it depends on your imagination, you can do patterns which you want for your hub(eg http://www.flexhub.org/forum/index.php/topic,50.0.html)
Title: Re: Spammers on the hub
Post by: tiwgr on November 03, 2013, 13:24:46
please how to stop spam / ads messages

someone using this Ardeal.no.ip.org , Magic-love.no-ip.org nickname or send message with him.

send spam / ads messages to main chat window





Title: Re: Spammers on the hub
Post by: FlipFlop™ on November 03, 2013, 14:30:06
The best way to stop nicknames like that from coming into the hub is adding a pattern like this:

!addpattern NI "%S+%.%S+%.%S+" -p-1 -a32 -r2"You can stop trying to advertize, FlexHub will always win!"

This will kick unregistered users with a nickname like a.b.c or www.blabla.com etc.

%S matches a non-space character, %S+ matches one or more of these
%. matches an actual dot: .  the % has to be in front of it because otherwise a dot in patterns matches any character
-p-1 = profilelevel -1 = checks unregistered users, -p0 = checks unregistered and registered users
-a32 = action 32 = kick, use -a16 for disconnect, or -a64 for ban
-r2 = replace default kick/banmessage with this text

You can use the same pattern for mainchat:

!addpattern MC "%S+%.%S+%.%S+" -p-1 -a32 -r2"You can stop trying to advertize, FlexHub will always win!"
Title: Re: Spammers on the hub
Post by: tiwgr on November 03, 2013, 15:56:54
thank you

give pattern

i hope stop this spammers

P.S how to stop this guys if you know on hexhub , ptokax?
Title: Re: Spammers on the hub
Post by: tiwgr on November 08, 2013, 22:05:35
i recieve this email from us

Dear FlexHub owners,

A spambot has been trying to wreak havoc (a bit of a poor attempt) using some characters that can't be displayed and thereby avoiding common used patterns to detect spam. It's useless really since even copying and pasting the address won't make a connection to the hub, but it's a bit annoying.

The following commands will stop that spam:

!addpattern MC "%S%S+%.%S%S+%.%S%S+" -a32 -p-1 -r2"Don't try to advertize, FlexHub will always win!"
!addpattern PM "%S%S+%.%S%S+%.%S%S+" -a32 -p-1 -r2"Don't try to advertize, FlexHub will always win!"
!addpattern NI "%S%S+%.%S%S+%.%S%S+" -a32 -p-1 -r2"Don't try to advertize, FlexHub will always win!"
(edited by FlipFlop to show proper !addpattern commands, the email mentioned !addcmd)

I hope this helps avoiding some annoyance, if not, please let us know on the flexhub.org forum.

Regards,
The FlexHub Forum Team.

http://www.flexhub.org/forum/index.php

Thank you

i have add this pattern
 
My personal opinion you are the BEST DC++ Hub Software (i am using HexHub and PtokaX but i think to stop it and reason no support - no scripts - no help to stop spammers) and keep only your dc hub software.

you are save me for DC++ Hub Spammers.
Title: Re: Spammers on the hub
Post by: FlipFlop™ on November 08, 2013, 23:48:46
Thanks for the awesome compliment!
Title: Re: Spammers on the hub
Post by: sergius_s on November 10, 2013, 12:19:47
Always nice to hear that you are doing a good, reliable and necessary thing and the fact that smart people understand it  ;)

And we try to make the best possible support always.  :)
Title: Re: Spammers on the hub
Post by: FlipFlop™ on November 10, 2013, 13:22:52
There's an error in the email I've sent, the command should be !addpattern and not !addcmd:

!addpattern MC "%S%S+%.%S%S+%.%S%S+" -a32 -p-1 -r2"Don't try to advertize, FlexHub will always win!"
!addpattern PM "%S%S+%.%S%S+%.%S%S+" -a32 -p-1 -r2"Don't try to advertize, FlexHub will always win!"
!addpattern NI "%S%S+%.%S%S+%.%S%S+" -a32 -p-1 -r2"Don't try to advertize, FlexHub will always win!"

-a32 will kick, if you want to ban, use -a64
-p-1 will only check unregistered users, if you want to check registered users too (level 0) use -p0
-r2 uses this line as kick/ban reason


If you have already used the !addcmd lines, use this to remove them:

!delcmd PM
!delcmd NI
(!delcmd MC isn't needed, because !mc is a default hubcommand, which can't be deleted or changed)

Sorry for the inconvenience.
Title: Re: Spammers on the hub
Post by: Phoenix on November 24, 2013, 14:28:12
Even spammers on the hub ..
MC pattern not working ..
<slojchuk>     dchub://allavtovo.ru

<Poortwachter> *** !showpattern MC
<Poortwachter>

   Showing patterns for: MC mainchat message (priority ordered)

   Profile   Actions   Pattern            Actions
   ________________________________________________________________________________

   -1   4   "%S+%.%S+%.%S+"                    Warn       Replace line with:      Don't use webaddresses in mainchat.
   -1   4   "%S+://"                           Warn       Replace line with:      Don't use webaddresses in mainchat.
   -1   4   "[Ww][Ww][Ww]%."                   Warn       Replace line with:      Don't use webaddresses in mainchat.
   -1   4   "%d+%.%d+%.%d+%.%d+"               Warn       Replace line with:      Don't use webaddresses in mainchat.


Title: Re: Spammers on the hub
Post by: sergius_s on November 24, 2013, 14:38:31
Your patterns are set up to profile -1(user), maybe spammer has a profile Reg or above?

You can use eg: !modpattern MC "%S+://" -p1

And change the pattern "%S+%.%S+%.%S+" on pattern "%S%S+%.%S%S+%.%S%S+" - so there will be less false positives
Title: Re: Spammers on the hub
Post by: FlipFlop™ on November 24, 2013, 14:43:30
They could use characters that aren't displayed to work around the "%S+://" pattern, you could try this:

!addpattern MC "%S+:%S-/%S-/" -a32 -p-1 -r2"Don't try to advertize, FlexHub will always win!"

Or as sergius_s mentioned, they may have registered, then change to -p-1 to -p0 to check registered users too.
Title: Re: Spammers on the hub
Post by: Phoenix on November 24, 2013, 17:46:32
ok thx for advice ..  ;D
Title: Re: Spammers on the hub
Post by: Phoenix on November 24, 2013, 18:04:49
ow yes Flipflop he was regged.. l)
[18:03] <Poortwachter> *** !reginfo slojchuk
[18:03] <Poortwachter>


   ________________________________________
      Showing info on: slojchuk
   ________________________________________
   Registration information:
   ________________________________________
      • User: slojchuk
      • Profile: Reg
      • Profilelevel: 0
      • Registered by: slojchuk
      • Registered date: 2013/11/24 13:29:59
      • Total time online: 0 day(s) 01:30:43

      • Last known IP: <not available>
      • Bound by IP:

      • Last online: From: 2013/11/24 13:29:59 To: 2013/11/24 13:41:57
      • Last spoke: 2013/11/24 13:39:34
      • Last mainchat line:     dchub://allavtovo.ru

      • Comment:
Title: Re: Spammers on the hub
Post by: tiwgr on November 30, 2013, 21:37:29
me too add this pattern for registered users (thank you again guys)

i have long time see "spammer" in my (FlexHub) this patterns for nicknames , private messages , mainchat works fine and kick spammers (now the spammers avoid my (FlexHub).