<div dir="auto">Hello all, <div>in my point of view, the best way to prevent these bot, is to enable the user registration [with password for registered users]. </div><div><br></div><div>In order to filter, both set/badword and rej/spot with info filtering do the job. </div><div><br></div><div>73 Luigi IK5ZUK <br><br><br><br><br><div id="hw_signature"><div id="hw_signature">Inviata dal mio telefono Huawei</div></div></div></div><div style="line-height:1.5"><br><br>-------- Messaggio originale --------<br>Da: Davide D'Aliesio via Dxspider-support <dxspider-support@tobit.co.uk><br>Data: sab 30 lug 2022, 17:10<br>A: The DXSpider Support list <dxspider-support@tobit.co.uk><br>Cc: Davide D'Aliesio <davidercx@gmail.com><br>Oggetto: Re: [Dxspider-support] DXCluster bot<br><blockquote><div>
<p>Hi all,<br />
as a newbie sysop, I don't know if this is the right way, but an
input filter seems to do most of "cleaning job" (output of my node
was compared to dxfun).</p>
<p><span style="font-size:10pt;line-height:107%;font-family:'new' 'times new roman mso-ansi-language' 'it'">rej/spots
node_default input 1 info
{crimin|terror|cattle|kill|k1ll|kremlin|rape|ruzzia}</span></p>
<p>This way seems to block also words starting with "terror" like:
terrorist, terrorize, terrorizing ecc.<br />
</p>
<p>The list can become very long of course, and will be updated
regularly, but 98% of spam seems to be gone.<br />
</p>
<p>Any suggestions or advise against this method?</p>
Thank you, 73<br />
Davide IW0HLG<br />
<div><br />
</div>
<div><br />
</div>
<div>Il 30/07/2022 11:12, Danilo Brelih via
Dxspider-support ha scritto:<br />
</div>
<blockquote>
<div><br />
</div>
<div>It helps also if you set SET/BADWORD.
Blocking the bot from connecting to your cluster is the most
effective method. 94.156.203.117 IP has been in use for several
days. From today he is using also Telecom Italia S.p.A. (Venice,
Italy) IP 79.20.34.246. Check whether it connects to your
cluster node instead.<br />
</div>
<div><br />
</div>
<div>SET/BADWORD kills</div>
<div>SET/BADWORD ruzzia<br />
SET/BADWORD criminal</div>
<div>SET/BADWORD murders<br />
SET/BADWORD nazzists</div>
<div><br />
</div>
<div>etc....</div>
<div><br />
</div>
<div>GL Dan</div>
<br />
<div><br />
</div>
<div><br />
</div>
<div><br />
</div>
<blockquote>
<div>Hi</div>
<div><br />
</div>
<div>Exactly the same bot at work like
last last year with CQWW contest. Already set up iptables
firewall rule rejected subnet 94.156.203.0/24 here.</div>
<div><br />
</div>
<div>GL Dan</div>
<div><br />
</div>
<div> <br />
</div>
<div><br />
</div>
<blockquote>
<font size="+1"><font face="monospace">There is a bot out
there that delights in trying to confuse the Contest
Committee's log checking process and/or causing
contestants' problems by posting spurious spots using
their callsign. It does this by logging in to a node,
"sniping" a spot and then immediately disconnecting.<br />
<br />
Here are some examples:<br />
<br />
13:15:59 (progress) CMD: 'show/cluster ' by LZ1JZ ip:
217.61.58.23 1mS<br />
13:16:00 (progress) CMD: 'DX YL2KO 14082.2' by LZ1JZ ip:
217.61.58.23 1mS<br />
13:16:00 (progress) CMD: 'bye ' by LZ1JZ ip: 217.61.58.23
45mS<br />
13:16:25 (progress) CMD: 'show/cluster ' by CT1GFQ ip:
217.61.58.23 0mS<br />
13:16:25 (progress) CMD: 'DX ZF1A 28127.6' by CT1GFQ ip:
217.61.58.23 1mS<br />
13:16:25 (progress) CMD: 'bye ' by CT1GFQ ip: 217.61.58.23
12mS<br />
13:18:18 (progress) CMD: 'show/cluster ' by DK5QN ip:
217.61.58.23 0mS<br />
13:18:18 (progress) CMD: 'DX NY3A 21067.2' by DK5QN ip:
217.61.58.23 1mS<br />
13:18:18 (progress) CMD: 'bye ' by DK5QN ip: 217.61.58.23
13mS<br />
13:55:21 (progress) CMD: 'show/cluster ' by VK6POP ip:
217.61.58.23 0mS<br />
13:55:21 (progress) CMD: 'DX W3UA 21022.5' by VK6POP ip:
217.61.58.23 1mS<br />
13:55:21 (progress) CMD: 'bye ' by VK6POP ip: 217.61.58.23
10mS<br />
13:55:32 (progress) CMD: 'show/cluster ' by EA3HXV ip:
217.61.58.23 0mS<br />
13:55:32 (progress) CMD: 'DX MI5I 14012.5' by EA3HXV ip:
217.61.58.23 2mS<br />
13:55:32 (progress) CMD: 'bye ' by EA3HXV ip: 217.61.58.23
23mS<br />
</font></font><br />
<font size="+1" face="monospace">To try and reduce this as
much as possible, please would you block this ip address </font><font size="+1" face="monospace"><font size="+1"><font face="monospace">217.61.58.23 </font></font>(or its
subnet </font><br />
<font size="+1" face="monospace"><font size="+1"><font face="monospace">217.61.58.0/24) using your firewall (in
your router). If you are running Linux/BSD you could
consider installing UFW or similar software to help with
this task. <br />
<br />
</font></font>73 Dirk G1TLH<br />
</font> <br />
<fieldset></fieldset>
<pre>_______________________________________________
Dxspider-support mailing list
<a href="mailto:Dxspider-support@tobit.co.uk">Dxspider-support@tobit.co.uk</a>
<a href="https://mailman.tobit.co.uk/mailman/listinfo/dxspider-support">https://mailman.tobit.co.uk/mailman/listinfo/dxspider-support</a>
</pre>
</blockquote>
<br />
<br />
<fieldset></fieldset>
<pre>_______________________________________________
Dxspider-support mailing list
<a href="mailto:Dxspider-support@tobit.co.uk">Dxspider-support@tobit.co.uk</a>
<a href="https://mailman.tobit.co.uk/mailman/listinfo/dxspider-support">https://mailman.tobit.co.uk/mailman/listinfo/dxspider-support</a>
</pre>
</blockquote>
<p><br />
</p>
<div>-- <br />
<a href="https://s50e.si/gorje.html">Gorje,
Cerkno h=604m</a></div>
<br />
<fieldset></fieldset>
<pre>_______________________________________________
Dxspider-support mailing list
<a href="mailto:Dxspider-support@tobit.co.uk">Dxspider-support@tobit.co.uk</a>
<a href="https://mailman.tobit.co.uk/mailman/listinfo/dxspider-support">https://mailman.tobit.co.uk/mailman/listinfo/dxspider-support</a>
</pre>
</blockquote>
</div>
</blockquote></div>