# ProxyScan.tcl v1.0 # # Скрипт автоматически банит пользователей использующих # proxy/TOR, когда те заходят на Ваш канал. # # !!! Для работы скрипта необходимы команды host и grep # !!! на шелле, где запущен бот, а так же права на использование # !!! этих команд. # # !!! Также необходимо наличие библиотеки tcllib: # !!! http://tcllib.sourceforge.net/ # # -------------------------------------- #1.0 #2010-26-03 Adium # * первая публичная версия скрипта #1.1 #2010-26-03 Adium # * исправлена ошибка работы скрипта, при возвращении # BL ответа с несколькими типами reply # -------------------------------------- package req dns namespace eval proxyscan { # время бана в минутах variable bantime "1440" # ставить глобальный бан (на всех каналах, где есть бот) - 1 # или локальный (на текущий канал, куда зашел пользователь) - 0 variable glob_ban "0" ################################################### # СТОП! СТОП! СТОП! СТОП! СТОП! СТОП! СТОП! СТОП! # # СТОП! СТОП! СТОП! СТОП! СТОП! СТОП! СТОП! СТОП! # # СТОП! СТОП! СТОП! СТОП! СТОП! СТОП! СТОП! СТОП! # ################################################### variable DNSBLS [list "dnsbl.dronebl.org" "rbl.efnetrbl.org" "dnsbl.swiftbl.net"] variable author "Adium@RusNet " variable version "1.1" variable date "26-Mar-2010" if {[array exists replys]} { array unset replys } array set replys { "dnsbl.dronebl.org" { "2=Sample" "3=IRC Drone" "4=Tor" "5=Bottler" "6=Unknown spambot or drone" "7=DDOS Drone" "8=SOCKS Proxy" "9=HTTP Proxy" "10=ProxyChain" "255=Unknown" } "rbl.efnetrbl.org" { "1=Open proxy" "2=Trojan spreader" "3=Trojan infected client" "4=TOR exit server" "5=Drones / Flooding" } "dnsbl.swiftbl.net" { "2=SOCKS Proxy" "3=IRC Proxy" "4=HTTP Proxy" "5=IRC Drone" "6=TOR" } } bind JOIN - * [namespace current]::main proc main {nick uhost hand chan} { variable replys set host [lindex [split $uhost "@"] 1] #putlog "host: $host" if {[string match "*.loc" $host] || [string match "*.homenet" $host] \ || [string match "*.sigma" $host] || [string match "*.in-addr" $host] \ || [string match "*.RusNet" $host] || [string match "*.local" $host]} { return 0 } if {[regexp -nocase -- {[a-z]} $host]} { set a [::dns::resolve $host]; set b [::dns::address $a] ::dns::cleanup $a set ip [lindex [split $b] 0] } else { set ip $host } #putlog "ip: $ip" if {$ip eq ""} { return 0 } set r [check $ip] #putlog "r: $r" if {$r eq ""} { return 0 } set BL_replys $replys([lindex $r 0]) foreach rpl $BL_replys { set Ok 0 if {[lindex [split $rpl "="] 0] eq [lindex $r 1]} { set Ok 1 set reply [lindex [split $rpl "="] 1] #putlog "reply: $reply" break } if {$Ok} {break} } #putlog "ALL OK!" putquick "MODE $chan +b *!*@$host" putquick "KICK $chan $nick :You have a host listed in [lindex $r 0] ($reply)" variable bantime; variable glob_ban if {$glob_ban} { newban "*!*@$host" "ProxyScan" "listed in [lindex $r 0] ($reply)" $bantime } else { newchanban $chan "*!*@$host" "ProxyScan" "listed in [lindex $r 0] ($reply)" $bantime } } proc check {ip} { variable DNSBLS regsub -all -- {(\d{1,3})\.(\d{1,3})\.(\d{1,3})\.(\d{1,3})} $ip "\\4.\\3.\\2.\\1" ip_backward set appears_in "" set reply "" foreach bl $DNSBLS { set Ok 0 set query "[join $ip_backward "."].$bl" #putlog "query: $query" catch {exec host $query | grep -E -o -e {[0-9]{1,3}\.[0-9]{1,3}\.[0-9]{1,3}\.[0-9]{1,3}}} result options if {[dict get $options -code] eq "1"} { set result [lrange [split $result "\n"] 0 end-1] } #putlog "result: $result" if {[llength $result] >= "2"} { set Ok 1 set appears_in $bl set reply [lindex [split [lindex $result end] "."] end] break } #if {[llength $result] eq "3"} { # set Ok 1 # set appears_in $bl # set reply [lindex [split [lindex $result end-1] "."] end] # break #} if {$Ok} {break} } #putlog "reply_check: $reply" if {$Ok} { return [list $appears_in $reply] } else { return "" } } putlog "[namespace tail [namespace current]].tcl by $author \[version $version\] \[$date\] successfully loaded" }