[unisog] Help with notifications from a large irc bot list

Reed Loden reed at reedloden.com
Wed Feb 9 02:05:25 GMT 2005


On Tue, 08 Feb 2005 17:37:55 -0500
Justin Azoff <JAzoff at uamail.albany.edu> wrote:

> I found an irc channel with 3000+ irc bots in it including a few hundred
> edu's. I have it posted at
> 
> http://www.albany.edu/~ja6447/hacked_bots8.txt
> 
> Hopefully everyone on this list can check if they have any bots there..
> Unfortunately I don't have time to go through sending notices to each
> network and deal with the inevitable bounces.
> 
> Is there a good way to go about handling this?

Yes, I helped make a simple bash script that takes a host/ip, queries
cyberabuse.org for the abuse e-mail, and sends it. You can use a custom
"body" for the mail. Example: "./abusemail xdcc 1.2.3.4" would query
CyberAbuse for the abuse contact for that netblock, attach the file
"xdcc" to the body of the message, and send it to the proper contact.
I'll be glad to assist you in notifying the proper contacts, if needed.

The script is built towards my means, so it'll need editing if anybody
wishes to use it. Just e-mail me off-list and I'll send it to anybody that
would like it. I really would like to turn it into a php script or
something that can take a list of hosts, get the abuse contact info,
aggregate the ones that have the same abuse contact, and send mails out,
but only send one mail to an abuse contact that has multiple drones
(include all the drones, etc). If anybody wishes to design such a script,
it would be most appreciated. :) [Actually, I would like to somehow tie in
RequestTracker into this and create a new ticket for each drone, and send
out mails that way. i.e., any replies would be attached to that particular
drone so I can see which have been dealt with and which have not.]

As I was reading through the log, I noticed this particular client:
15:48 -!- #_0Gdcst`s a0202022  H*  0  a0202022 at 205.209.168.90 [a0202022]

This client is different from all the rest. I'm curious if this is the
drone owner himself/herself. It's either that or another person spying on
the drones. I would check this person out and see if he/she is good or
bad. Most IRC server daemons use '*' in WHO replies to mean that the
client is an IRC Operator, so I bet it's the drone owner.

If you have any other questions, comments, etc., feel free to mail me
off-list (or on-list), and I'll do my best to answer them.

~reed
Reed Loden - <reed at reedloden.com>
Freelance Drone Cleaner/Killer
Multiple IRC networks developer/administrator/randomperson



More information about the unisog mailing list