Anope.org > General Chat

the heavy spam attack (called "#freenodegate")

(1/1)

CrazyCat:
Hi there,

I guess you suffer of this attack which seems to be a personnal vendetta. I don't know how you manage it, but I want to share the protection I used.

My network is based on UnrealIRCD 4.0.17 and Anope 2.0.5.

First, I've a dnsbl (see attached file blacklist.conf). I use the unreal module, but it also works with the anope' one.

On Unreal, I've add m_listrestrict to forbid unregistered users to do a /list immediately. The last version has an interesting feature: sending a fake list and gline people joining the fake(s) channel(s).

I also sets nickserv to restrict registration :

--- Code: ---forceemail = yes
nickregdelay = 60s
maxemails = 1
--- End code ---

And I set various spamfilters (UnrealIRCD feature):

--- Code: ---spamfilter {
   match-type simple;
   match "*ATTN*";
   target { private; channel; private-notice; channel-notice; };
   reason: "No spamming here";
   action: gzline;
   ban-time 7d;
}
spamfilter {
   match-type simple;
   match "*freenodegate*";
   target { private; channel; channel-notice; quit; };
   reason: "No spamming here";
   action: gzline;
   ban-time 7d;
}

--- End code ---
The first is to gline messages like : "／!\ ATTΝ: Thiѕ channeⅼ hаѕ mоved to irϲ．freеᥒоdᥱ.nеt #∕joіn /ǃ＼" (the first sentence sent by bots), the second is to gline messages and quit messages containing "freenodegate".

It seems to work. Notice that the ban-time for all the sanctions concerning this attack is 7d, and I always have new bot coming, but they (actually) can't do anything.
I'm impressed with the size of the botnet they used. I say "they" but it may be only meepsheep.

Hope this post will help you.

Navigation

[0] Message Index