Ban Turkey from EFnet?

General talk about EFnet

Moderators: Website/Forum Admins, EFnet/General Moderators

Should we ban Turkey from EFnet?

Yes
10
48%
No
9
43%
Maybe
2
10%
 
Total votes: 21
User avatar
HM2K
Posts: 209
Joined: Thu Jul 24, 2003 5:34 pm
Location: UK
Contact:

Ban Turkey from EFnet?

Postby HM2K » Tue Jan 23, 2007 8:43 pm

I get spam like this everyday...

[08:35:40 pm] <falc> w w v . sexsbul.com
^^falc is ~^^gecewy@88.246.97.150 * FBIx^^3L
^^falc using irc.igs.ca cia.com: VOIP phone service + High speed $39.95/mo
^^falc End of /WHOIS list.

If you view the HTML of that site (which I do not recommend doing unless you know what you're doing), it brings up the following details...

http://extremetracking.com/open;unique?login=sexsbull (This URL is safe).

If you check the details you will notice that most of the visitors are Turkish.

Also if you go back and check the HTML, you will notice a lot of Turkish websites which are owned by the spammers.

I even wrote up an article about this spam: http://www.hm2k.com/articles/trance-spam/

We've all put up with this for far too long now, lets do something about it!

Thanks.
4712
Posts: 1
Joined: Tue Mar 27, 2007 2:50 pm

Postby 4712 » Tue Jan 23, 2007 9:41 pm

2nd
jt
Posts: 3
Joined: Mon Jun 19, 2006 12:02 am
Location: Canada

Postby jt » Thu Jan 25, 2007 7:40 am

Sounds like a reasonable solution
User avatar
HM2K
Posts: 209
Joined: Thu Jul 24, 2003 5:34 pm
Location: UK
Contact:

Postby HM2K » Thu Jan 25, 2007 10:02 am

jt wrote:Sounds like a reasonable solution
Sarcasm doesn't work on the internet.

I invite you to come up with a better solution.
4710
Posts: 1
Joined: Tue Mar 27, 2007 2:50 pm

Postby 4710 » Fri Jan 26, 2007 2:09 am

Go ahead and do it. A lot of channels have turned into wastelands because of those stupid bots and nobody wants to deal with their crap. At least doing this would(hopefully) take care of most of the problem gobble gobble GONE
jt
Posts: 3
Joined: Mon Jun 19, 2006 12:02 am
Location: Canada

Postby jt » Sat Jan 27, 2007 2:10 pm

The current solution, spamtrap, picks these up with no problem
Lots, probably most, of this type of spam isn't even from Turkey
Trying to ban some random country from the network isn't going to accomplish anything
Edit: Oh, and when you do see any spammers you are welcome to tell us in #spamfix
User avatar
HM2K
Posts: 209
Joined: Thu Jul 24, 2003 5:34 pm
Location: UK
Contact:

Postby HM2K » Sat Jan 27, 2007 5:15 pm

jt wrote:The current solution, spamtrap, picks these up with no problem
Lots, probably most, of this type of spam isn't even from Turkey
Trying to ban some random country from the network isn't going to accomplish anything
Edit: Oh, and when you do see any spammers you are welcome to tell us in #spamfix
We already have spamtrap, which doesn't work due to the nature of these spam bots... they join, get the nick list, part, then spam. spam trap only k-lines them upon receiving spam. The only thing that is good about this is it stops repeat offenders.

Clearly you do not know what you're talking about, as these spam bots ARE from Turkey, they are made by people in Turkey, the spam is aimed at people in Turkey, and consequently a large percentage of the bots are in Turkey.

I have been monitoring these bots for quite some time, I have reverse engineered their bot, I have even spoken to the people controlling them.

As you can see, this is NOT just a random country, this is Turkey, and the reason for banning Turkey from EFnet is because of the reasons I clearly state above.

Banning Turkey would accomplish reduced spam.

I see a spammer about once every 5 minutes, would you like me to report each one as they happen? Or should I perhaps create a daily report?

Perhaps a better idea, is if you join one of the channels being targeted and see for yourself...

I know my idea is outrageous, but its crazy enough to work. What do you think?
jt
Posts: 3
Joined: Mon Jun 19, 2006 12:02 am
Location: Canada

Postby jt » Sun Jan 28, 2007 1:05 am

I've seen plenty of these sexsbul bots myself and many of them are not from Turkish hosts
It may be true that there needs to be a more effective way for spamtrap to catch them due to their tactics, but certainly no cause for an attempted ban of a country
User avatar
HM2K
Posts: 209
Joined: Thu Jul 24, 2003 5:34 pm
Location: UK
Contact:

Postby HM2K » Sun Jan 28, 2007 12:57 pm

jt wrote:I've seen plenty of these sexsbul bots myself and many of them are not from Turkish hosts
It may be true that there needs to be a more effective way for spamtrap to catch them due to their tactics, but certainly no cause for an attempted ban of a country
sexsbul? that's just ONE recent spam URL, they've had thousands before that.

You're right many of them aren't on Turkish hosts, but a large percentage of them are, as I have already explained.

Perhaps you can think of a better idea to control this type of spam, but the best approach I could think of was to ban Turkey.

Perhaps I could get jafo to ban Turkey from the irc.efnet.net DNS robin round some how.
jilles
Posts: 17
Joined: Fri Mar 11, 2005 5:18 pm
Location: The Netherlands
Contact:

Postby jilles » Sun Jan 28, 2007 5:20 pm

Why not ban all Turkish IP ranges from the channel (leaving the bans on 24x7)?

Reverse engineering bot code can help finding patterns in the data they provide to the server. These can be useful to ban spambots as soon as they connect. Problems are that these patterns can be very subtle (requiring complicated code to detect them) and that this way is only really useful if spambots are automatically and immediately banned. Care must also be taken to avoid false positives.
User avatar
HM2K
Posts: 209
Joined: Thu Jul 24, 2003 5:34 pm
Location: UK
Contact:

Postby HM2K » Mon Jan 29, 2007 10:56 am

netmunky has seen the code too, there's nothing really significant.

The problem with banning all the Turkish IP ranges is that there are simply too many for the banlist to hold. Usually around 100 hosts can be banned before the list is full.

Here's a few IP ranges to be getting on with...
http://www.cidr-report.org/cgi-bin/as-report?as=AS9121
User avatar
Handle With Care
Posts: 195
Joined: Wed Oct 26, 2005 6:53 pm
Location: Southern California

Postby Handle With Care » Mon Apr 09, 2007 12:32 am

In many years, I have only seen two things from Turkey: spammers/spambots and trolls looking for sex with children/kiddy kidney stones. Not a single legitimately chatting human, which doesn't mean they don't exist -- I just have never encountered one. However, it would take CIDR bans to ban them from channels, and eggdrops require CIDR bans to be stickies. Most Turkey IP's are not sequential and there are several bazillion of them, being mostly government ISP.

We all have our little list: Turkey, Kuwait, China (.cn not to be confused with Switzerland .ch) flavor-to-taste. Then there's Malaysia, Singapore, and Indonesia (looking for rich Americans to bring them out of their poverty). Brazil (major hackers and DDoSers). The list could go on and on.
EFnet IRC Network Forum Moderator
IRC Operator (IRCOp) irc.Prison.NET
Sic transit gloria mundi.
User avatar
munky
Site Admin
Posts: 826
Joined: Wed Jul 02, 2003 4:54 pm
Location: Phoenix AZ
Contact:

Postby munky » Mon Apr 09, 2007 2:51 pm

don't ban the brazilians! they have lots of hot chicks.
In God we trust,
Everyone else must have an X.509 certificate.
deltaanime
Posts: 1
Joined: Mon Apr 09, 2007 10:31 pm

Postby deltaanime » Mon Apr 09, 2007 10:33 pm

Hi,

My network has been having these bots slam on us for a while. We did some digging and found out that they all share the same CTCP TIME reply.

I don't have it on hand, but the TIME reply was from March of 2006, so if you could do a TIME check on connect, you could deal with them.

~Francisco
User avatar
HM2K
Posts: 209
Joined: Thu Jul 24, 2003 5:34 pm
Location: UK
Contact:

Postby HM2K » Tue Apr 10, 2007 2:47 pm

That's impossible, i've seen the source code, it has nothing of the sort as far as I am aware.

I will test this further at a later date.

Who is online

Users browsing this forum: No registered users and 3 guests