It is currently Fri Jun 23, 2017 11:21 am




 Page 1 of 2 [ 19 posts ]  Go to page 1, 2  Next
Author Message
 Post subject: Take some action.
PostPosted: Thu Jul 20, 2006 1:13 am 

Joined: Tue Jan 03, 2006 7:02 am
Posts: 42
I've spent now well over 10 years on the Undernet IRC Network. It's been my digital home.

The majority of my time spent online now is directed at writing my own version of UUS, as well as writing anti-spam, anti-flood, and anti-drone scripts and IRC scanning tools. Many of you use or see my work everyday but never know it.

I write to you today about the huge amount of "bad things" that I see take place on this network every day, yet see little or nothing done to stop/prevent it.


1) Spambots spreading virus links. (not all, just the COMMON ones) & Drones.

These are plagues on this network. The "girly" ones and the "bear" drones are some of the most common. A 12 year old first time scripter could write code to detect and gline those "girly" bots... it's so extremely easy to do... yet it has not been done, and these bots are allowed to connect to this network and send out thousands, or tens of thousands of spams every single day. Your ignorance and lack of action allows these problems to escalate and get progressively worse. Every user on this network would be extremely grateful for your action in this matter.


2) Proxy Bots used to flood channels.

This is becoming more and more common all the time. The DNSBL system is in use on SOME servers. This is WORTHLESS. Lamers will just connect these to the servers that don't have the system in use. The DNSBL system works! And it works well. I've tried loading proxies on this network on servers with and without that system. I had no problem connecting hundreds onto non-DNSBL servers. What is it going to take for the rest of the servers to get this system active? Do I need to connect these proxies every day and flood the server admins with messages like "Enable the DNSBL on your server... you're responsible for this flood happening" to get something done? Get it done, admins!


3) Active flooding of channels

When your channel is being flooded, constantly... the last thing you want to hear is to send an e-mail to some abuse@undernet.org email address. You want action. That's like telling someone whose house is burning down to write an e-mail to the fire department. I know from experience that it is just NOT that hard to deal with a live flood via G-Lines. I've just never seen anyone on this network do it. Banlist holds 45 masks, X holds a few hundred... when it goes past that, someone needs to be helping in some way other than waiting days/weeks for an email response.


4) Credit Card Fraud, Hacking/Root Channels

I don't care if you are an international medium, that stuff needs to be dealt with, strictly. Lockdown channels, mass G-Line/Kill users, do whatever it takes. Where do you think most of the droners/lamers you deal with learn how to do this crap? On YOUR NETWORK - in the channels you refuse to deal with, teaching them all the evil skills they need to cause problems.



Your ignorance and lack of action over so many years has caused these problems to grow out of control. Dealing with them now would result in huge amounts of attack, and would probably take hundreds of thousands of glines. Your network would probably undergo a digital war to take these sorts of action this late in the game.

Can the network hold half a million glines? a million?
How are you going to set that many glines?

Are you willing to give up your network size in order to have a clean network users will enjoy? You could lose up to 1/2 of your users or more by taking action now.

Are the server admins willing to sustain the DDOS attacks that'll result from your action? You've got dedicated servers for a reason... at least TRY.

I'm willing to bet that your users would be happy to put up with an extra few seconds delay in order to connect (to let scans take place). They'd put up with constant DDOS splits for months, and they'd stick with you. You know why? They'll be HAPPY your taking action, and more than happy to put up with the inherent problems that your actions cause.

And in the end, once your network is clean, it'll attract new users from all over the world. You'd make all the IRC news headlines for taking action and doing this.

Every user on this network is sick of your lack of action, and many of your IRCops are ready to give up and quit the network because they're so sick of your ignorance.


SanitariuM


Offline
 Profile  
 
 Post subject:
PostPosted: Thu Jul 20, 2006 5:57 am 
Senior Cservice Admin
User avatar

Joined: Sun Jul 06, 2003 2:47 am
Posts: 564
Location: Hamilton, New Zealand
in no perticular order...

Regarding, creditcard and warez channels, here's the problem, LAW officials have asked us to leave them alone (FBI etc) reason it's far easier for them to track and catch those people, without us getting in the way and shutting down those channel, the only effect that results in is the law breakers have an easier (not harder, but easier) time evading the law.

Also Undernet is an unmoderated medium, that means we don't go looking for this stuff.

In regards to flooders, g-lines solve nothing they do not really stop the attack, they barely even stall it, g-lines expire, just like X bans, training and management is better, as well as reporting hacked hosts commonly used by floodes to abuse-exploits@undernet.org since they attempt to report the hosts to their ISP's.

These problem wont go away with your suggestions, actually they have all been tried, and in most cases got worse NOT better when tried, except the DNSBL system, but thats a server admin issue, some admins can't support them due to things like, the server is at a DNSBL blocked ISP (obviously not a good thing).

Everything else you have said I am not in any position to comment on.


Last edited by xplora on Sat Jul 22, 2006 1:11 am, edited 1 time in total.


_________________
xplora @ undernet.org
Past Co-ordinator
Undernet Channel Services Committee
Offline
 Profile  
 
 Post subject: Take some action
PostPosted: Fri Jul 21, 2006 11:00 pm 

Joined: Tue Jan 03, 2006 7:02 am
Posts: 42
Quote:
In regards to flooders, g-lines solve nothing they do not really stop the attack, they barely even stall it, g-lines expire, just like X bans, training and management is better, as well as reporting hacked hosts commonly used by floodes to abuse-exploits@undernet.org since they attempt to report the hosts to their ISP's.


Yes... training and management IS better... if, and only if, the problem is containable with channel modes and/or X bans. When that X banlist is full, you've really got to be joking me to say that g-lining those flood hosts is a worthless effort. Those flooders laugh once that X banlist is full... the channel is left completely defenseless. You can g-line those hosts, AND still send that e-mail to the ISP. It is in no way a worthless effort to TRY.

Quote:
These problem wont go away with your suggestions, actually they have all been tried, and in most cases got worse NOT better when tried, except the DNSBL system, but thats a server admin issue, some admins can't support them due to things like, the server is at a DNSBL blocked ISP (obviously not a good thing).


A very good point regarding the DNSBL system. It's far from perfect, as several users have told me after reading my post that their ISP is listed there as well. So why not try to come up with an alternative? Perhaps something targeted at just the public proxy lists made available daily on various websites?

Quote:
Regarding, creditcard and warez channels, here's the problem, LAW officials have asked us to leave them alone (FBL etc) reason it's far easier for them to track and catch those people, without us getting in the way and shutting down those channel, the only effect that results in is the law breakers have an easier (not harder, but easier) time evading the law.


Just like the spambots... doing nothing increases the problem. Undernet is well-known as the "best place" for credit card channels. They're teaching more people how to break the law each day than any LAW agencies are doing in getting rid of them. "Where should I go to learn about credit card fraud? UNDERNET... that's the place!"

And I noticed you had no reply to my suggestion on pattern scans on connection and auto-glining of known drones/spambots. Again, doing nothing increases the problem every single day. G-Lines could contain links to information about the user's infection and instructions on getting cleaned. This would 1) stop spread and 2) help those infected clean themself.


Offline
 Profile  
 
 Post subject:
PostPosted: Sat Jul 22, 2006 1:13 am 
Senior Cservice Admin
User avatar

Joined: Sun Jul 06, 2003 2:47 am
Posts: 564
Location: Hamilton, New Zealand
You didn't read what I said very well... without saying these words I said, doing something makes the problem worse.

As for the rest I'm not in any position to answer them



_________________
xplora @ undernet.org
Past Co-ordinator
Undernet Channel Services Committee
Offline
 Profile  
 
 Post subject: Makes the problem worse
PostPosted: Sat Jul 22, 2006 1:32 am 

Joined: Tue Jan 03, 2006 7:02 am
Posts: 42
Ok... if you say doing these things makes the problem worse, which is a very "broad" thing to base yourself on... didn't I also say doing these things would make the problem worse? Like MUCH worse, causing hellish splits and attacks?

When exactly were these things tried? I don't remember these things happening... I think I would have noticed, but I'll admit it's possible I could have missed it. Of course it's going to get worse doing these things... but how long did you try? Were you just unable to keep up and gave up? It would/will get worse for a while before it gets better, and would take alot of work.

Thanks for your reply on the subjects you commented on, xplora

Would someone else who is able to, reply about the spambots, please?


Offline
 Profile  
 
 Post subject:
PostPosted: Sun Jul 23, 2006 4:29 am 
Senior Cservice Admin
User avatar

Joined: Sun Jul 06, 2003 2:47 am
Posts: 564
Location: Hamilton, New Zealand
Since I don't know you from a can of fish, I can point out that unless you help in some of the worst affected help channels (to which I do), you wouldn't notice.



_________________
xplora @ undernet.org
Past Co-ordinator
Undernet Channel Services Committee
Offline
 Profile  
 
 Post subject:
PostPosted: Sat Jul 29, 2006 4:02 am 

Joined: Sat Jun 17, 2006 1:16 pm
Posts: 10
Quote:
In regards to flooders, g-lines solve nothing they do not really stop the attack, they barely even stall it, g-lines expire, just like X bans, training and management is better, as well as reporting hacked hosts commonly used by floodes to abuse-exploits@undernet.org since they attempt to report the hosts to their ISP's.

I belive that the isp's want to keep their customers. whould they take action and lose their customers (money) because Undernet said that hes doing illegal activity on the Undernet irc network? or that hes computer is infected with a spybot or something? i belive not...
G-line those mofos.. i can stand weeks of flooding/netsplits/ddos if i know that the admins are glining them and doing whatever they can do to get rid
of unnecessary abusive bots and their owners.
I belive that the ircops are there for keeping the flood low so the server don't use unnecessary memory/bandwitch/cpu, or is they only there to watch the server going down one by one?
Quote:
Regarding, creditcard and warez channels, here's the problem, LAW officials have asked us to leave them alone (FBI etc)

That's like "just let that guy hit you in the face, we can't do anything before you fall"
FBI does not run this network.. i belive that FBI asked nice and Undernet said yes.. but can still change the answear, so FBI can find another network to hang on.
DO SOMETHING. PLEASE!


Clark



_________________
Happiness comes in packages marked 'Batteries Not Included'
Offline
 Profile  
 
 Post subject:
PostPosted: Thu Aug 24, 2006 12:37 am 

Joined: Sun Jul 18, 2004 8:04 am
Posts: 42
The thing is network admins are aware of the situation. It's not like they're blind and try to ignore the situation... I want to see Undernet become a better network, and yeah proxies/spam bots are one of the biggest reasons Undernet is losing users. Implementing something like EFnet, how they have random bots join channels and scan for spam.. .etc.. would be a great way to take care of such matters. Is it really too mch to ask? :-?


Offline
 Profile  
 
 Post subject:
PostPosted: Thu Aug 24, 2006 4:42 pm 
User avatar

Joined: Fri Apr 08, 2005 2:12 pm
Posts: 8
Location: Belgium
I hear from here a basic answer to vigilante's post saying "ircops and cservice admins are very busy guys and that's not thier job."

That is the main problem on this network, when something happens that's nobody's job.

As SanitariuM said, spambots are not very difficult to detect and it would not take so long to include some new procedures in ircu's code. But nobody moves. I think the time has come to create some taskgroups to answer undernet's issues. I've always seen undernet as a big network without thinking head. This is a real paradox: X's level accesses learned me hierarchy in it's best basic way but on another (higher) level, that's the jungle of some 'admins' too affraid to take a decision or stuck on theyr individualism.

What can we do to have one single action from undernet's managers? Is there any other way than 2001's attacks to make you move?? (Yeah after all that's the only time we had changes and officials announces!)

I am for a closer administration of the network, closer of the user's demand, closer of himself to take approuved actions. I dont want a new 'spam-com' or such kiddy commitee where people just sit there on theyr brand new high responsability job. I want to see a real project launched by undernet's management, ... if there remains any active admin...

P.S.: wallops is a good way to communicate with users. And what did we have? The last official announce exept class or opschool was 'congrats for italy soccer team'... A bit light to manage a whole network!

H3zEN


Offline
 Profile  
 
 Post subject:
PostPosted: Fri Aug 25, 2006 1:41 am 
User avatar

Joined: Sat Feb 21, 2004 9:58 pm
Posts: 11
As far as usage, I'm pretty much on the same page with you, SeeknDestroy and recently I've found that the Undernet Commitee and CService tend to be dogs with no teeth.

Having said that, this is a free service, manpower is limited so I do give them the benefit of the doubt and cut the due slack, however certain issues are, as you mentioned, very very frustrating.


Offline
 Profile  
 
 Post subject: Lack of Reply
PostPosted: Fri Sep 08, 2006 8:54 pm 

Joined: Tue Jan 03, 2006 7:02 am
Posts: 42
Many weeks have now passed since my initial post without any real replies yet. Not a one of you representing Undernet has addressed the spambot/drone issue.


Offline
 Profile  
 
 Post subject:
PostPosted: Fri Sep 08, 2006 9:13 pm 
User avatar

Joined: Tue Jan 25, 2005 3:57 am
Posts: 4
/mode #channel +r

stops 99% of flood drones from entering the channel



_________________
I google in my sleep
Offline
 Profile  
 
 Post subject:
PostPosted: Fri Sep 08, 2006 9:42 pm 

Joined: Sun Dec 01, 2002 10:47 pm
Posts: 212
I appreciate your efforts and the fact that you care. Many of those who were supposed to be in charge of this thing don't. It's so much easier to type "no" than getting out of the chatrooms to do some constructive work for the network. I'm tired of the excuses, too. "Freedom of speech." "Unmoderated environment." "We do not interfere." "Contact the ISP of the offender or your local Police." "We have a committee that has been working on this issue." Gimme a break.

Besides, there can be other explanations for the constant refusal (yes, this is not the first time drones and warez and carding channels are brought into discussion).

Explanation #1. Undernet takes action against these problems. This hello off thousands of people involved in such dodgy activities. Many of them have the means to retaliate. Undernet servers get under heavy attack. Internet Service Providers donating the machines and sponsoring the traffic find their networks and regular business heavily affected by the attacks. They do a quick math, IRC = zero gain - big loss, and promptly unplug the server as a first step towards damage control. Consequently, Undernet is crippled or gone. (Remember, this has happened before.) Why would anyone risk deciding to inforce such policies if this outcome is entirely possible?

Explanation #2. Undernet takes action against these problems. This locks out a HUGE chunk of current activity on the network. Suddenly, Undernet drops from the top 3 largest IRC networks among the more mediocre, small networks. Nobody likes the thought of "Welcome to Undernet, the former #2 largest IRC network on the planet." Why would anyone enforce strict policies and cause the sudden drop in the numbers they brag everywhere with?

Explanation #3. "Dude, I kissed countless butts to get to this position, so I can finally relax and enjoy my uber powers killing friends on their birthdays. You want me to actually, like, get to work?! You've got to start kissing some butt if you want anything done around here. Start with mine."

As far as I'm concerned, Undernet is this close to being buried by its own indifference, suffocated by illegal stuff. Someone will eventually pull the plug. Its glory days are long gone, and I have given up any hope of seeing it clean up. The way it is going now, its legitimate users and fans will leave one after another, until all that remains is the underground crap.

Do yourself a favor and don't bother injecting your valuable medicine into a dying, ill patient.



_________________
The first step in improving something is acknowledging its problems. This is my contribution to a better CService: http://www.cservice-sucks.net/
Offline
 Profile  
 
 Post subject:
PostPosted: Sat Sep 09, 2006 10:41 pm 

Joined: Tue Jan 03, 2006 7:02 am
Posts: 42
Gravity : That's not the first time I've seen you suggest +r or +i in response to floods. I've not been talking about little small-time, easily managable floods... I'm talking about the huge ones that go well beyond 300 hosts and X's ban list.

Setting +r is the same thing as banning 3/4 of the network or more. Setting +i is the same as banning the entire network. Your channel goes into a LOCKDOWN status... and guess what... that's exactly what the attacker WANTS you to do!

I know you like to stick up for the network... but you know who I am... I've written flood protection scripts for the past several years and am rather well known as being one of the best at what I do. Don't act like I'm some noob who can't manage to set +r.

I'll ask in this post one last time for Undernet representatives to address these issues :

Large Floods of 300 or more hosts...
Spambots & Virus Spreading Drones
Hacking, Credit Card Theft, & Child Pornography Channels

Child porn exists still because you allow it.
Credit Card Theft exists because you allow it.
People learn to maliciously hack because you allow it.
Thousands of people are infected daily because you allow it.
Good channels are shut down by floods because you allow it.

Don't even argue that these things go on other places too... we all know that's true... but Undernet is, by far, the biggest, safest source of it.

Your silence speaks louder than words...

I give up.

SanitariuM - 12+ year user of Undernet.


Offline
 Profile  
 
 Post subject:
PostPosted: Sun Sep 10, 2006 8:27 am 
User avatar

Joined: Wed Jan 26, 2005 6:55 pm
Posts: 127
Location: Beirut
Gravity wrote:
/mode #channel +r

stops 99% of flood drones from entering the channel


oh yeah we didnt know that. do you have any other great ideas?

regarding the drones/spams. i totaly agree with seekndestroy. i eveen say half of undernet is drones spam.. yes half of it..

i do understand some difficulties that xplora noted but still i have been on undernet for years and other years on dalnet befor.

back into my irc history im one of those who left dalnet to undernet because of the drones spams and stuff. and i hope i wont have to immigrate again one day for that.

is there any effort made and we are not aware off? i do not know. but i doubte.

i do understand and agree with seekndestroy because as many of you know, great scripter he is. and if he is suggesting something is because the solution exists.

i have myself a modest network, nothing like undernet, once over runed by spambots when it got listed on servers.ini

seek has stoped them.

but of course glining is quality that goes against quantity.

undernet has to chose. and im afraid i has chosen. quantity over quality.



_________________
Stefano @ Douaihy.org
Offline
 Profile  
 
Display posts from previous:  Sort by  
 Page 1 of 2 [ 19 posts ]  Go to page 1, 2  Next


Who is online

Users browsing this forum: No registered users and 2 guests


You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot post attachments in this forum

Search for:
Jump to:  

cron