1
0
mirror of https://github.com/unrealircd/unrealircd.git synced 2026-07-04 10:43:13 +02:00
Files
unrealircd/spamfilter.conf
T
Bram Matthys 445a85871a - spamfilter.conf: fixed fyle sig (was bad!), some minor updates to the rest,
added mirc 6.12 exploit sig. Reported by PHANTOm.
2004-03-08 00:22:31 +00:00

113 lines
2.7 KiB
Plaintext

/*
* This an example spamfilter file, it contains several
* real and useful spamfilters. This should give you an
* idea of how powerful spamfilter can be in real-life
* situations.
*
* $Id$
*/
/* Guidelines on the 'action' field:
* As a general rule we use 'action block' for any newly added
* spamfilters at first, later on (after knowing about false
* positives) we might change some to viruschan/kill/gline/etc..
*/
spamfilter {
regex "(.+ ){20}";
target dcc;
reason "mIRC 6.0-6.11 exploit attempt";
action kill;
};
spamfilter {
regex ".{225}";
target dcc;
reason "mIRC 6.12 exploit attempt";
action block;
};
spamfilter {
regex "Come watch me on my webcam and chat /w me :-\) http://.+:\d+/me\.mpg";
target private;
reason "Infected by fyle trojan: see http://www.sophos.com/virusinfo/analyses/trojfylexa.html";
action block;
};
spamfilter {
regex "Speed up your mIRC DCC Transfer by up to 75%.*www\.freewebs\.com/mircupdate/mircspeedup\.exe";
target private;
reason "Infected by mirseed trojan: see http://www.sophos.com/virusinfo/analyses/trojmirseeda.html";
action block;
};
spamfilter {
regex "^http://www\.angelfire\.com/[a-z0-9]+/[a-z0-9]+/[a-z_]+\.jpg <- .*!";
target private;
reason "Infected by fagot worm: see http://www.f-secure.com/v-descs/fagot.shtml";
action block;
};
spamfilter {
regex "^FREE PORN: http://free:porn@([0-9]{1,3}\.){3}[0-9]{1,3}:8180$";
target private;
reason "Infected by aplore worm: see http://www.f-secure.com/v-descs/aplore.shtml";
action block;
};
spamfilter {
regex "^!login Wasszup!$";
target channel;
reason "Attempting to login to a GTBot";
action block;
};
spamfilter {
regex "^!login grrrr yeah baby!$";
target channel;
reason "Attempting to login to a GTBot";
action block;
};
spamfilter {
regex "^!packet ([0-9]{1,3}\.){3}[0-9]{1,3} [0-9]{1,15}";
target channel;
reason "Attempting to use a GTBot";
action block;
};
spamfilter {
regex "^!icqpagebomb ([0-9]{1,15} ){2}.+";
target channel;
reason "Attempting to use a GTBot";
action block;
};
spamfilter {
regex "^!pfast [0-9]{1,15} ([0-9]{1,3}\.){3}[0-9]{1,3} [0-9]{1,5}$";
target channel;
reason "Attempting to use a GTBot";
action block;
};
spamfilter {
regex "^!portscan ([0-9]{1,3}\.){3}[0-9]{1,3} [0-9]{1,5} [0-9]{1,5}$";
target channel;
reason "Attempting to use a GTBot";
action block;
};
spamfilter {
regex "^.u(dp)? ([0-9]{1,3}\.){3}[0-9]{1,3} [0-9]{1,15} [0-9]{1,15} [0-9]{1,15}( [0-9])*$";
target channel;
reason "Attempting to use an SDBot";
action block;
};
spamfilter {
regex "^.syn ((([0-9]{1,3}\.){3}[0-9]{1,3})|([a-zA-Z0-9_-]+\.[a-zA-Z0-9_-]+\.[a-zA-Z0-9_.-]+)) [0-9]{1,5} [0-9]{1,15} [0-9]{1,15}";
target { channel; private; };
reason "Attempting to use a SpyBot";
action block;
};