[Dxspider-support] DXCluster bot
Davide D'Aliesio
davidercx at gmail.com
Sat Jul 30 16:10:55 BST 2022
Hi all,
as a newbie sysop, I don't know if this is the right way, but an input
filter seems to do most of "cleaning job" (output of my node was
compared to dxfun).
rej/spots node_default input 1 info
{crimin|terror|cattle|kill|k1ll|kremlin|rape|ruzzia}
This way seems to block also words starting with "terror" like:
terrorist, terrorize, terrorizing ecc.
The list can become very long of course, and will be updated regularly,
but 98% of spam seems to be gone.
Any suggestions or advise against this method?
Thank you, 73
Davide IW0HLG
Il 30/07/2022 11:12, Danilo Brelih via Dxspider-support ha scritto:
>
> It helps also if you set SET/BADWORD. Blocking the bot from connecting
> to your cluster is the most effective method. 94.156.203.117 IP has
> been in use for several days. From today he is using also Telecom
> Italia S.p.A. (Venice, Italy) IP 79.20.34.246. Check whether it
> connects to your cluster node instead.
>
> SET/BADWORD kills
> SET/BADWORD ruzzia
> SET/BADWORD criminal
> SET/BADWORD murders
> SET/BADWORD nazzists
>
> etc....
>
> GL Dan
>
>
>
>
>> Hi
>>
>> Exactly the same bot at work like last last year with CQWW contest.
>> Already set up iptables firewall rule rejected subnet 94.156.203.0/24
>> here.
>>
>> GL Dan
>>
>>
>>
>>> There is a bot out there that delights in trying to confuse the
>>> Contest Committee's log checking process and/or causing contestants'
>>> problems by posting spurious spots using their callsign. It does
>>> this by logging in to a node, "sniping" a spot and then immediately
>>> disconnecting.
>>>
>>> Here are some examples:
>>>
>>> 13:15:59 (progress) CMD: 'show/cluster ' by LZ1JZ ip: 217.61.58.23 1mS
>>> 13:16:00 (progress) CMD: 'DX YL2KO 14082.2' by LZ1JZ ip:
>>> 217.61.58.23 1mS
>>> 13:16:00 (progress) CMD: 'bye ' by LZ1JZ ip: 217.61.58.23 45mS
>>> 13:16:25 (progress) CMD: 'show/cluster ' by CT1GFQ ip: 217.61.58.23 0mS
>>> 13:16:25 (progress) CMD: 'DX ZF1A 28127.6' by CT1GFQ ip:
>>> 217.61.58.23 1mS
>>> 13:16:25 (progress) CMD: 'bye ' by CT1GFQ ip: 217.61.58.23 12mS
>>> 13:18:18 (progress) CMD: 'show/cluster ' by DK5QN ip: 217.61.58.23 0mS
>>> 13:18:18 (progress) CMD: 'DX NY3A 21067.2' by DK5QN ip: 217.61.58.23 1mS
>>> 13:18:18 (progress) CMD: 'bye ' by DK5QN ip: 217.61.58.23 13mS
>>> 13:55:21 (progress) CMD: 'show/cluster ' by VK6POP ip: 217.61.58.23 0mS
>>> 13:55:21 (progress) CMD: 'DX W3UA 21022.5' by VK6POP ip:
>>> 217.61.58.23 1mS
>>> 13:55:21 (progress) CMD: 'bye ' by VK6POP ip: 217.61.58.23 10mS
>>> 13:55:32 (progress) CMD: 'show/cluster ' by EA3HXV ip: 217.61.58.23 0mS
>>> 13:55:32 (progress) CMD: 'DX MI5I 14012.5' by EA3HXV ip:
>>> 217.61.58.23 2mS
>>> 13:55:32 (progress) CMD: 'bye ' by EA3HXV ip: 217.61.58.23 23mS
>>>
>>> To try and reduce this as much as possible, please would you block
>>> this ip address 217.61.58.23 (or its subnet
>>> 217.61.58.0/24) using your firewall (in your router). If you are
>>> running Linux/BSD you could consider installing UFW or similar
>>> software to help with this task.
>>>
>>> 73 Dirk G1TLH
>>>
>>> _______________________________________________
>>> Dxspider-support mailing list
>>> Dxspider-support at tobit.co.uk
>>> https://mailman.tobit.co.uk/mailman/listinfo/dxspider-support
>>
>>
>> _______________________________________________
>> Dxspider-support mailing list
>> Dxspider-support at tobit.co.uk
>> https://mailman.tobit.co.uk/mailman/listinfo/dxspider-support
>
>
> --
> Gorje, Cerkno h=604m <https://s50e.si/gorje.html>
>
> _______________________________________________
> Dxspider-support mailing list
> Dxspider-support at tobit.co.uk
> https://mailman.tobit.co.uk/mailman/listinfo/dxspider-support
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://mailman.tobit.co.uk/pipermail/dxspider-support/attachments/20220730/c7c48719/attachment.htm>
More information about the Dxspider-support
mailing list