westor

RBL Checker for psycho v1.1

Jan 29th, 2021 (edited)
2,228
0
Never
Not a member of Pastebin yet? Sign Up, it unlocks many cool features!
mIRC 5.90 KB | None | 0 0
  1. ; --- Settings ---
  2.  
  3. alias -l chans { return #one }
  4. alias -l rbls { return dnsbl.dronebl.org rbl.efnet.org dnsbl.proxybl.org tor.dnsbl.sectoor tor.dan.me.uk dnsbl.njabl.org virbl.dnsbl.bit.nl rbl.faynticrbl.org dnsbl.ipocalypse.net dnsbl.rizon.net dnsbl.swiftbl.org dnsbl.libirc.so dnsbl.bnc4free.in dnsbl.sorbs.net }
  5. alias -l rbl_scan_on_join { return 1 } ; = This will scan a user on channel join.
  6. alias -l rbl_ban_action { return GLINE } ; = You can use: GLINE SHUN GZLINE KILL KLINE ZLINE , this works only if $rbl_scan_on_join is enabled
  7. alias -l rbl_ban_time { return 3600 } ; 3600 = seconds , this works only if $rbl_scan_on_join is enabled
  8.  
  9. ; --- Settings ---
  10.  
  11. ON !*:JOIN:$($chans): {
  12.   if (!$rbl_scan_on_join) { return }
  13.  
  14.   .timer[RBL_ $+ $nick $+ _SCAN] 1 2 rbl_scan_nick $nick $chan
  15. }
  16.  
  17. alias rbl_scan_nick {
  18.   ; /rbl_scan_nick <nick> <#channel>
  19.  
  20.   if (!$1) || ($me !ison $2) || ($1 !ison $2) || ($1 !isreg $2) { return }
  21.  
  22.   var %h = $ial($1).host
  23.  
  24.   if (!%h) { return }
  25.  
  26.   if ($iptype(%h) !== ipv4) && ($iptype(%h) !== ipv6) { hadd -mu30 RBL_USERIP $1 $2 | userip $1 | return }
  27.  
  28.   rbl_scan_ip $1 %h
  29. }
  30.  
  31. alias rbl_scan_ip {
  32.   ; /rbl_scan_ip <nick> <IP>
  33.  
  34.   if (!$1) || (!$2) { return }
  35.   if ($iptype($2) !== ipv4) && ($iptype($2) !== ipv6) { return }
  36.  
  37.   hadd -mu60 RBL_SCAN_JOIN $2 $1
  38.  
  39.   var %t = $numtok($rbls,32)
  40.   var %i = 1
  41.  
  42.   while (%i <= %t) {
  43.     var %r = $gettok($rbls,%i,32)
  44.     var %n = $revip($2) $+ . $+ %r
  45.  
  46.     .dns %n
  47.  
  48.     inc %i
  49.   }
  50. }
  51.  
  52. raw 340:*: {
  53.   var %n = $remove($gettok($2,1,61),*)
  54.   var %h = $gettok($2,2,64)
  55.   var %r = $hget(RBL_USERIP,%n)
  56.  
  57.   if (%n) && (%h) && (%r) {
  58.     haltdef
  59.  
  60.     hdel RBL_USERIP %n
  61.  
  62.     rbl_scan_ip %n %h
  63.   }
  64. }
  65.  
  66. ON *:TEXT:*:$($chans): {
  67.   tokenize 32 $strip($1-)
  68.  
  69.   if ($1 == !rbl) {
  70.     if (!$2) { msg $chan ( $+ $nick $+ ): Error, Please specify an IP Address! | return }
  71.     if ($iptype($2) !== ipv4) && ($iptype($2) !== ipv6) { msg $chan ( $+ $nick $+ ): Error, Please specify a valid IP Address! | return }
  72.  
  73.     msg $chan ( $+ $nick $+ ): Checking $bold($2) IP Address in $bold($numtok($rbls,32)) RBL zone(s), Please wait..
  74.  
  75.     .timer[RBL_ $+ $2 $+ _ERROR] 1 5 msg $chan ( $+ $nick $+ ): The IP $bold($2) did NOT founded in any RBL zone!
  76.  
  77.     hadd -mu60 RBL_SCAN $2 $nick $chan
  78.  
  79.     rbl_ip_dns $2
  80.   }
  81. }
  82.  
  83. alias -l bold { return $+($chr(2),$1-,$chr(2)) }
  84. alias -l revip { return $+($gettok($1,4,46),.,$gettok($1,3,46),.,$gettok($1,2,46),.,$gettok($1,1,46)) }
  85.  
  86. alias rbl_ip_dns {
  87.   ; /rbl_ip_dns <IP>
  88.  
  89.   if (!$1) { return }
  90.  
  91.   var %t = $numtok($rbls,32)
  92.   var %i = 1
  93.  
  94.   while (%i <= %t) {
  95.     var %r = $gettok($rbls,%i,32)
  96.     var %n = $revip($1) $+ . $+ %r
  97.  
  98.     .dns %n
  99.  
  100.     inc %i
  101.   }
  102. }
  103.  
  104. ON *:DNS: {
  105.   if ($hget(RBL_SCAN_JOIN,0).item) && ($dns(1)) {
  106.     var %s = $dns(1).ip
  107.  
  108.     var %p = $gettok($dns(1),1-4,46)
  109.     var %r = $hget(RBL_SCAN_JOIN,$revip(%p))
  110.     var %m = $rbl_reply_desc(%s,$gettok(%s,4,46))
  111.  
  112.     if (!$rbl_ban_action) { return }
  113.     elseif ($rbl_ban_action == KILL) { $rbl_ban_action %r %m }
  114.     else { $rbl_ban_action *@ $+ $revip(%p) $iif($rbl_ban_time,$v1,300) %m }
  115.  
  116.     hdel RBL_SCAN_JOIN $revip(%p)
  117.   }
  118.  
  119.   if ($hget(RBL_SCAN,0).item) {
  120.     var %t = $dns(0)
  121.  
  122.     while (%t) {
  123.       var %d = $dns(%t)
  124.       var %i = $dns(%t).ip
  125.  
  126.       var %s = $gettok(%i,4,46)
  127.       var %r = $gettok(%d,5-,46)
  128.       var %p = $gettok(%d,1-4,46)
  129.       var %n = $gettok($hget(RBL_SCAN,$revip(%p)),1,32)
  130.       var %c = $gettok($hget(RBL_SCAN,$revip(%p)),2,32)
  131.  
  132.       if (%d) && (%i) && ($istok($rbls,%r,32)) {
  133.         .timer[RBL_ $+ $revip(%p) $+ _ERROR] off
  134.  
  135.         set -eu30 $+(%,%p,_,%r) $addtok($evalnext($+(%,%p,_,%r)),%s,32)
  136.  
  137.         .timer[MSG_ $+ %d $+ _NOW] 1 1 msg %c ( $+ %n $+ ): The IP $bold($revip(%p)) has been found in $bold(%r) BL zone with $bold($evalnext($+(%,%p,_,%r))) reply number(s).
  138.       }
  139.  
  140.       dec %t
  141.     }
  142.   }
  143. }
  144.  
  145. alias rbl_reply_desc {
  146.   ; /rbl_reply_desc <rbl> <reply code id>
  147.  
  148.   if (undernet isin $1) {
  149.     if ($2 == 3) { return IRC Drone }
  150.     if ($2 == 4) { return Spambot/Drone }
  151.     if ($2 == 5) { return Open Socks Proxy }
  152.     if ($2 == 6) { return Botnet IPs }
  153.     if ($2 == 7) { return Compromised host/IP }
  154.     if ($2 == 10) { return ProxyChain }
  155.     if ($2 == 11) { return Abused VPN Service }
  156.   }
  157.  
  158.   if (dronebl isin $1) {
  159.     if ($2 == 2) { return Sample }
  160.     if ($2 == 3) { return IRC Drone }
  161.     if ($2 == 5) { return Bottler }
  162.     if ($2 == 6) { return Unknown Spambot/Drone }
  163.     if ($2 == 7) { return DDOS Drone }
  164.     if ($2 == 8) { return SOCKS Proxy }
  165.     if ($2 == 9) { return HTTP Proxy }
  166.     if ($2 == 10) { return Proxy Chain }
  167.     if ($2 == 11) { return Web Page Proxy }
  168.     if ($2 == 12) { return Open DNS Resolver }
  169.     if ($2 == 13) { return Brute Force Attackers }
  170.     if ($2 == 14) { return Open Wingate Proxy }
  171.     if ($2 == 15) { return Compromised Router/Gateway }
  172.     if ($2 == 16) { return Autorooting worms }
  173.     if ($2 == 17) { return Automatically determined botnet IPs (experimental) }
  174.     if ($2 == 18) { return DNS/MX type hostname detected on IRC }
  175.   }
  176.  
  177.   if (evilnet isin $1) {
  178.     if ($2 == 3) { return Join/Part }
  179.     if ($2 == 5) { return Drone/Compromised }
  180.     if ($2 == 6) { return IRC Spam Drone }
  181.     if ($2 == 7) { return DDoS Drone }
  182.     if ($2 == 8) { return Open Proxy/HTTP Proxy }
  183.     if ($2 == 17) { return Auto determined botnet IPs (Default) }
  184.     if ($2 == 18) { return Compromised DNS/MX type hostname }
  185.   }
  186.  
  187.   if (rbl.efnet isin $1) {
  188.     if ($2 == 1) { return Open Proxy }
  189.     if ($2 == 2) { return Spamtrap666 }
  190.     if ($2 == 3) { return Spamtrap50 }
  191.     if ($2 == 4) { return TOR }
  192.     if ($2 == 5) { return Drones/Flooding }
  193.   }
  194.  
  195.   if (swiftbl isin $1) {
  196.     if ($2 == 2) { return Socks }
  197.     if ($2 == 3) { return IRC Proxy }
  198.     if ($2 == 4) { return HTTP Proxy }
  199.     if ($2 == 5) { return IRC Drone }
  200.     if ($2 == 6) { return TOR }
  201.   }
  202.  
  203.   return Unknown ( $+ $2 $+ ) Reply
  204. }
  205.  
Add Comment
Please, Sign In to add comment