Abuse reports.

Here is where you can post your comments about the network, give ideas for changes and what live-events you would like to see.
Z-26
Posts: 8

Abuse reports.

Post by Z-26 »

Hi. I know this is a touchy subject but I think we must discuss it in a civilized way, without offending users, IRCops or admins.

Like any big network, Undernet has problems with script kiddies/drones/spammers/lamers. It is not possible to stop everything, we all know that, but some measures might help a bit.

The main complain from regular @Ops is the apparent lack of interest by the network authorities about abuse. If we go to #zt, #arlington or #CService and report some kind of abuse (CService impersonation, drones, etc), we often get a kick saying that it isn't the IRCops' main job to assist on that. I know that keeping the servers running is.. but whose job is it to work on abuse then? Regular @Ops can go as far as the @ let them, no further.

What if there was a "special" IRCop, whose job was to handle abuse? Just this morning we found a CService impersonator and a lamer with a similar $decode script, that made the infected msg a channel after the victim typed the command. If we could report that channel or that impersonator's IP to someone, they could stop them before they did more damage. abuse@undernet.org sends us no feedback, so we don't know if it's being looked on or not.

I'm just making a suggestion for this problem.. we are all in the same side here, I don't wanna criticize or point fingers :)

Thank you.

User avatar
Mitko
Posts: 594
Location: Europe

Post by Mitko »

Hi Z-26,

G-lining him won't help a lot because he can just come back with another IP, either using bouncer, either using some proxy, either he has a dynamic IP address, either hacked machine, the list is unlimited. So, instead of doing that think about a way of protecting the users from the $decode infection, tell them to download mIRC 6.17 (the latest mIRC version where $decode is disabled by default), so they won't be able to get infected with that $decode anymore.

Regarding abuse@undernet.org, the main purpose of that email address for users is to request a gline removal and report ircop abuse. I am not sure how much you are aware of Undernet projects, and I am not sure how old Undernet user are you but there is a project called Report-Abuse, the channel name is #report-abuse. It is known that the project was closed for 11 months till now. I am a member there so trust me, it was closed because of improving the system, website interface and the robot in order to help the network users in a better way.

Best Regards,
Mit.
Dimitar Tnokovski aka Mitko
Image

Z-26
Posts: 8

Post by Z-26 »

Thank you for the reply, Mitko :)

I am aware of #report-abuse, but until the last time I checked (one minute before posting this), #report-abuse was still closed. On the other hand, I'm not familiar with the functionality of #report-abuse (how it works, what do you do, etc), and I would appreciate it if you explain it to me :)

[15:38:05] *** [#report-abuse] Cannot join channel (+i)
[15:38:10] *** [#report-abuse] topic- '#report-abuse is currently closed, please wait until we reopen.'


I know that there are tons of ways an abuser can connect to Undernet, and G-lining them is a waste of time in the long run, but I was thinking more of a on-the-act response - making sure those lamers wouldn't cause any harm for a couple of hours at least. On the long run we need to educate users, thing which we are doing everyday on Undernet :)

Thanks again for the reply :)

User avatar
Crosswing
Posts: 69

Post by Crosswing »

Mitko wrote:It is known that the project was closed for 11 months till now. I am a member there so trust me, it was closed because of improving the system, website interface and the robot in order to help the network users in a better way.


As Mitko said, #report-abuse is closed, so you cannot be assisted there. I can explain you how we usually assist users. When the user joins, he is told to wait for his turn and he is invited to #reports when a member is ready to assist. The user must /part #report-abuse for his own security, everything is reported privately in #reports, one user at a time. Members try to collect as much information as they can and then add a report. User is told to leave and the report will be processed. :)

While #report-abuse is closed, you can direct your reports as shown bellow:
IRC operator abuse, G-lines - abuse@undernet.org
Unregistered abusive channels (botnets, spam, floods, etc) - abuse-exploits@undernet.org
Registered abusive channels, abuse done by CService staff - cservice-abuse@undernet.org

Regards,
Crosswing
Dead account, don't bother contacting.
Image

Z-26
Posts: 8

Post by Z-26 »

Thank you for the info =)