[IRCServices] Another Feature Suggestion
Russell Garrett
rg at tcslon.com
Fri May 31 12:17:00 PDT 2002
> I disagree with this. A lot of the unwanted bots that
> I've seen have
> patterns in their nicks. I tend to Q-line the pattern as
> soon as I work out
> what it is. At the moment I have things like [HarD]*,
> *GuNBot, [ADLF]*,
> al^jekr*, [AceBots]*, etc Q-lined in my ircd.conf.
>
> The idea of being able to clean up with a regex or
> wildcard based kill is
> somewhat appealing to me for this reason.
Ok I see your point :). Most of the clonebot attacks I've seen
however can be stopped more efficiently by catching them as they join
the network using OperServ session limiting and proxy scanning. The
concievable third way would be using trojans to infect users
computers and use them as bots in a clonebot attack. I haven't seen
one of these myself, but this method couldn't be caught by session
limiting or proxy scanning, so I suppose you've just got to hope for
a pattern in them.
Russ Garrett
russ at garrett.co.uk
www.faereal.net