Undernet Drones

You can post in here ideas and comments on how you think we could improve things on undernet.
Posts: 122
Location: Coruscant

Re: Undernet Drones

Post by Dooku »

The BIG question is: ... are you sure they want to try ?
Look at the good side: we have ideas and suggestions that could fix the problem somehow, true, with some sacrifices maybe
Look at the bad side: there are always some hidden interests that will leave the drones alone as they will leave some shell companies alone and some will get g-lined ...
so, lets focus on what you ppl started here, with ideas, not with flames, give then infinite reasons so maybe in 100 years they will really want to take some action and leave the pride alone and make this place a network with more then 90% of its "population" filled with users.
You must join me, and together we will destroy the Sith.

User avatar
Posts: 164
Location: Bucharest, Romania

Post by YounGun »

Hi :)

Although I have been away from Undernet, I see the problems haven't changed, and in my oppinion will not change. There are many IRC networks that have successfully implemented anti-drone policies. The bottom line is : where there's a will, there's a way. However there is no will on Undernet. While some IRCops do anti-drone procedures, the majority doesn't do anything.

This IRC network seems to be going in a never-ending circle of discussions, where the topic of drones seems to reappear periodically.

User avatar
Posts: 70
Location: Romania

Post by `Dan »

mmmm.... abuse-exploits it's a good ideea but why they need flood logs to gline some drones? Dudes change the method.. i have an idea .. Make a site with some fields where drone channels can be reported.. Then when a-e team gets that channel report , it verifyes it and if that's realy a drone channel gline and lock it! it's very simple.. (Maybe some drones are not for flooding but they are still DRONES and UAUP doesn't allow them).

Have fun.
#Nastrand and #Class member.

User avatar
Posts: 15
Location: Stockholm, Sweden

Post by magic »


I do not have the time to read the entire thread but i was pointed here by a follow ircop.

Most admins are as concerned as you are about the amount of drones, and most servers has installed something called iauth to try limit the amount.
Just to give you an idea how many drones that are actually filtered away that you never see I will reveal the following stats from newyork.*.
Newyork is denying 44.2 connections a second that are considered drones, on top of that iauth blocks 91% of all connection attempts by clients that get through the drone filter.
The amount of users connecting to my server has been reduced by 60% after iauth got enabled.
And this is only the local stats on one single server, if you guys spank everyone you know without antivirus protection the Internet would be a much better place :wink:

We can not place too strict filters because it will effect innocent users, but we are working on the problem, just maybe not as fast as most of you would like.


Posts: 42

Post by SeeknDestroy »

Magic :

Glad to see your post, and very glad to hear that your server is using the iauth system.

Now the problem, as we've all been saying on this thread, is that not all servers are running that.
If they can't connect on your server, they'll just go next-door where nothing is being done.

I'm compiling a list of illegal channels on this network.
It's intended as an eye-opener for those who are ignorant to the problems.
Undernet is probably the world's biggest centralized place for illegal online activity.
That needs to stop.

This list will be constantly updated over the next few days... I'm gonna try to fill in every last box.
Keep in mind that in the time it took me to create the list, they all could have been wiped out.

List --> http://sanitarium.mircscripting.info/unetdrones/

User avatar
Posts: 12
Location: Canada

Post by whizzard »

Ok I have been doing my research as I said I would do.
I have joined some drone channels, and acutally been blocking some botnets off of my own network.
Here is what I see. Most everyone, admins, opers, users, and little people like me all want the drones stopped.

Here is what you do not see. You do not see the 100's of scrolling pages I am currently watching / logging in my client
of match clients to a number of patterns and being g lined.

iauth is being installed on many servers, and I would suspect it to be installed on many more as time progresses.

Thins being said, it is not an end to the discussion. In fact there are many who are bringing a lot to the table to counter
act the drone flux.

Please do not bash the opers or admins. Without these great individuals UnderNet would not be as strong as it is.
Though things may not be reacting as fast as yu prefer, there are things in the works. Since this is not a secure medium that is as much as I am willing to say.

Remember are users make up the community, and the admins/opers tie it together. We are all part of UnderNet.

-- Donnie

User avatar
Posts: 15
Location: Stockholm, Sweden

Post by magic »

SeeknDestroy wrote:Magic :
I'm compiling a list of illegal channels on this network.
It's intended as an eye-opener for those who are ignorant to the problems.
Illegal channels are to be left to the police.

Posts: 42

Post by SeeknDestroy »

magic wrote:Illegal channels are to be left to the police.
Now we're getting to the heart of things aren't we...

When this network started, you even had IRCops involved in the warez/file trading business...
That sort of thing was overlooked long ago, it isn't anymore. Times have changed.
I have no logs from back then, but anyone who was around back then, knows it.

The reason you have so many problems with drones and abuse is the fact that you have allowed these groups to harbor themselves on your network forever. They come here a newb, become a lamer, then a script kiddy, then they're creating the new breed of virus... all due to the illegal channels your network is so plentiful of.

A perfect example is SirVic... Undernet born and bred. Founder of the #whitehat team. Hacked NASA and some other gov't stuff, caused millions in damages. He came here an idiot, and ended up hacking NASA. People who know him, you know what they tell me? He wasn't even that good. He was a script-kiddie, using premade tools that someone else wrote.
A link to the news story --> http://www.scmagazineus.com/Feds-charge-Romanian-hacker-for-cracking-NASA-Navy-networks/article/34191/

That guy is now a hero to those groups, and hundreds of followers are trying to follow in his footsteps. The channel/group he created thrives on this network years later. I haven't heard of any more of them getting busted, have you? WHY didn't you close his damn channel?! Why are hundreds/thousands of new people able to get personal training from his followers?

Your possible argument to that : They'll just go to their other network underground, you can't track them there. Sure... that's right, but you can sure as hell keep them the hell off of YOUR network, thus making it much harder for them to recruit new people day after day.

I'm aware you have "some" police-type activity here... that what... busts one person a year? How about some stats on that?

It is not only up to the police. YOU have a choice in the matter. YOU have the choice to shutdown each and every channel with the word "credit" "visa" "CC" etc. in it. Make it really difficult for new people to get introduced to this illegal type of activity.

Sure, the genious/experts are gonna go underground, but you're going to cut out a huge percentage of ppl who need spoon feeding and someone to hold their hand along the way to that dark path. Script kiddies greatly outnumber the true skilled hackers/virus authors!

Aside from the illegal channels, I also listed almost 100 drone control channels... are those the police's responsibility too?
With all those illegal channels, you are no better than rizon network with all their illegal activity.

There are things you CAN do, but you choose not to do them. Just as some servers "choose" not to run IAUTH and wreck it for the rest, some of you just simply don't want a clean network. Removing illegal channels decreases your network size, removing drones decreases the size, it's all about the size, isn't it? It always has been. You're just not ready to become #10 or #30 if you clean it up.

"We're working on it" has been the response to pretty much every drone/flood/spam related thread on this forum. That's all we ever hear, is you're working on it. I'm fairly sure every last user is sick of hearing that excuse. How hard is it to shut your server down and install the IAUTH? A simple step that takes some servers FOREVER to get done, one step of many.

80+ posts and still running in circles.

User avatar
Posts: 564
Location: Hamilton, New Zealand

Post by xplora »

ok, your last set of comments have just backfired badly, here's why, your comments are suggesting that we should not try to help the legal authorities (Police, FBI, whatever) but instead try to help these droners, child porners, CC traders, etc to hide from the police, and therefore to hide from everyone, making it easier for them to get away with what they do, and not actually get what they deserve? (hopefully prison time)

I'm not sure about you, but I prefer working with the police, not against them.
xplora @ undernet.org
Past Co-ordinator
Undernet Channel Services Committee

Posts: 42

Post by SeeknDestroy »

LOL I figured you would've learned your lesson after making an idiot of yourself so many times already, xplora!

There's 100 times more new people getting introduced to the illegal activity every day than there is police arresting them or taking them down. Go ahead and try to prove that statement wrong. How many ppl are arrested globally due to investigations from authorities based on Undernet activity?

I never said not to cooperate with police... for god's sake, turn over every piece of info you have every time you clear out an illegal channel. Go in there, announce what's happening, tell them why it's happening (why they're about to get g-lined), and make it loud and clear all information will be passed to the authorities. A strong deterrent for those who think this is all OK.

You completely miss the entire point of my last post.
You make it EASY for NEW people to get INTRODUCED to ILLEGAL ACTIVITY.
Keywords there : EASY, NEW

Aside from that, it takes TIME and WORK for people to amass botnets.
It takes a SECOND to wipe it all out.

I'm hearing all sorts of stories about other networks that were shut down because they allowed certain hacker groups to stay on their network without actively removing them. Junkynet is a good example. The police actually came to the door and arrested the guy who registered the domain. The charges STUCK!

Now you can keep beating around the bush, keep posting your BS, and every time you do, I'm getting closer and closer to doing what I really don't want to do. That is to go as public as I can with everything I know about this network. This includes 1000's of emails to every news source on the planet. Public outrage will be the result, directed straight at the companies/people hosting the servers. If you're gonna keep refusing to clean it, you're leaving me little choice as time progresses. I've got more dirt on you guys than anyone around. I've got all the facts, I've got your blatant ignorance on the forum, and I've got a site up with a listing of hundreds of very illegal channels that you turn your back to.

This forum may be hopeless, but you can get a good idea of my english/writing skills, and I'm pretty sure I don't appear to be a noob who can't get things done, do I? Well now you all know Plan B. I'm holding off on that for a few weeks, giving you some time to post some SERIOUS replies on here not full of empty promises. Who's this Randall guy ppl keep telling me about btw?

Like I said in earlier posts... I'd rather see this network shut down, than to allow it to freely harbor this activity any longer.
You're wrecking the entire image of IRC as the #2 network in the world.. google "Illegal IRC" once buddy.

Please, stop posting BS xplora. Everything I post is backed up with facts. You tell me you'd rather cooperate with police... so how the hell effective are they, compared to how effective you could be? You can remove 99% of it if you really try, how much are they removing?

I do NOT want to use Plan B... I want ya'll to get off yer damn asses and force change no matter how hard it is to make happen.


User avatar
Posts: 12
Location: Canada

Post by whizzard »

You had my support until this last post.

I will continue with my research and investigation and help of the group finding solutions to the issues. But I will not be viewing this thread anymore.
I do not do well with threats from either the "good" or the "bad" side of things.

-- Donnie

Posts: 42

Post by SeeknDestroy »

I'm very sorry to hear that you don't want to follow this thread anymore, Whizzard. You're one of the founders of the Undernet, and your opinion counts a lot more than most others. I do not however feel what I said was a threat in any way.

Think of it like this...

A collection agency wants you to do the right thing and pay the money you owe them. (cleaning)
You ignore them month after month thru repeated letters. (repeated forum threads like this one)
Eventually they send you a letter with a statement of intentions.
That intention is to take you to court and sue you. (for me, create public awareness)

Did the collection agency threaten you by saying they're gonna take you to court? NO. They simply stated, honestly, that if you keep ignoring them, this is the next step they are going to take.

I started this thread out by focusing on one or two major types of spambots. First your network representatives (xplora) gave BS excuse after excuse, and then eventually ppl started shifting to agree that something can and should be done.

That was step 1 in Plan A. Step 2 was to broaden the issue to pattern matchable drones and floodbots. Again, more BS excuses and misinformed replies, and eventual admittal that something can and should be done. What can be done about those? Force your remaining servers to load IAUTH and activate it.

We got you to admit that much... now I proceeded to Step 3... broadening the issue to the real cause, all the illegal activity you harbor, and creating awareness amongst your users and opers of the extent of the problem.

I highly respected and appreciated the posts from both you and Magic, Whizzard. It was a start to at least see you two reading and posting at least something on this thread. What Magic posted showed exactly as he said, that he hadn't read the whole thing, thus he posted stats on IAUTH to show us all it works. I/we already knew that. The problem was not all servers running it, and what can be done to get a swifter response from those lazy admins. So his post was a mute point.

Then you, Whizzard, told us you'd look into it and that things are "in the works". They've always been "in the works". Go back on the multiple topics in the sections all dealing with drones/spambots/floods/abuse/etc. And that's how all those threads end, with empty promises that never get fulfilled.

And when you said you were looking into it, I assumed you meant looking into just the IAUTH situation and regex pattern glines. The problem is way beyond that. The problem is Undernet being the biggest centralized place for illegal online activity in the world. That is NOT acceptible. Your MOTD states you don't allow it, yet you don't do anything about it.

Some may say I'm evil and just want the network shut down. That's not true at all. I've put as much effort into this network and IRC as a whole as any of you. Thousands upon thousands of hours. Here's a few of the things I've done to help over the years :


Help Channels : I've helped in so many general/IRC/windows help channels on this network it isn't even funny. Any help channel I walk into nowadays, I'm generally offered a @ right when I get there in hopes that I'll stay, as they know how valuable having me as a helper is.

AntiVirus Channels : I've helped in 2 of your 3 major a/v cleaning channels. I clean friends and other users outside of those channels all the time. I'm well-known as an expert when it comes to using mIRC and other tools to clean viruses off of computers.

Flood Help : Users come to me nowadays when they get flooded, cuz they know emailing your abuse emails is worthless. I take the time to write custom detection patterns and defense/protection scripts for anyone who asks my help. And the help WORKS.

Scripts : Thousands upon thousands of your users use my anti-girly script. I was the first guy to d/l that virus, extract the nicklist, and write the detection pattern and release it as a public script. Several more thousand use my flood protection scripts, which are well known as being the fastest and most effective around.

Undernet User Script : Constant work in progress. Not done yet... but very powerful, fun, versatile. Thousands of you have already seen it in action (SanitariuM/weezil) and you know how good it is. People constantly message me asking if it's done yet.

Outside of Undernet

Drone Analysis : I'm at the top of my game when it comes to reverse engineering drones/viruses, finding ways to steal control to force-clean the net, extracting patterns to be used for detection, and tracking down the author.

Bear Drones : Once you get listed on servers.ini, the bear drones are bound to find you. They're the hardest drone anyone has ever tried to pattern match, and they have 2+ million unique IP's to spam you with per year. On a small network starting out, those drones = annihilation of your network. I reverse engineered the worst plague out there, released full disclosure on detection techniques, and released a public script opers can use to gline them on connect.

General IRC Protection : I've pioneered quite a few new methods of drone detection that work amazingly well, better than anyone could ever expect. Those methods are/were discussed on the IRC-Security mailing list, and several networks are working on putting my ideas into server code for their own network.

I do a WHOLE lot for the good of the Undernet and the IRC community as a whole. I'm recognized by 75% of the users in any help chan anywhere I go, and I have the respect of them all. It was your own users who suggested plans of action for my Plan B, knowing I have the knowledge and skills to make it happen. Don't be surprised if someone else who is sickened/disgusted by what they see on this thread decides to take it upon themself to do it before I ever get around to it.

Again it isn't a threat, but just a promise of my course of action. I'll give it 4 weeks / 1 month to see a serious post before I take that route. This is all a matter of the more you know, the more you care, and the more it sickens you.

SanitariuM, 12+ year DEVOTED user of your network.

Posts: 3

Post by TheGrim »

I completly support SeekNDestroy, but

Someusers think its good to have drones on their channels, like whit that they know they channel is "big".
OK, for those users.
Again but:
Why Undernet don't create a mode for ONJOIN msg's. If that mode is set noone except @ps can not send onjoin messages or notice's?

Posts: 33

Post by sancy »

TheGrim please read a little about the IRC protocol then make these kind of posts.

User avatar
Posts: 70
Location: Romania

Post by `Dan »

OFFTOPIC: sancy that thing can be made i don't know about p10 but UnrealIRCd's protocol supports that mode.
#Nastrand and #Class member.