73 lines
1.6 KiB
Ruby
Executable File
73 lines
1.6 KiB
Ruby
Executable File
#!/usr/bin/env ruby
|
|
|
|
require "ircinch"
|
|
require "yaml"
|
|
|
|
CONFIG = YAML.load_file("config.yml")
|
|
|
|
class Honeypot
|
|
attr_reader :banlist, :bot
|
|
def initialize(bot)
|
|
@banlist = {}
|
|
@bot = bot
|
|
end
|
|
|
|
ALLOWED = CONFIG["honeypot"]["safe_users"].map { Regexp.new(_1) }
|
|
BAN_DURATION = CONFIG['honeypot']['duration']
|
|
|
|
# @param target : a user (with .nick)
|
|
def add_banlist!(target)
|
|
@banlist[target.nick] = target
|
|
end
|
|
|
|
def ban(ip: nil, nick: nil)
|
|
@bot.irc.send "UBAN ADD #{ip} DURATION #{BAN_DURATION} : bot detection" if ip
|
|
@bot.irc.send "UBAN ADD #{nick}*!* DURATION #{BAN_DURATION} : bot detection" if nick
|
|
end
|
|
|
|
def self.bind(bot)
|
|
Honeypot.new(bot).bind
|
|
end
|
|
|
|
def bind
|
|
honeypot = self
|
|
# on join, mark users and request whois
|
|
@bot.on :join do |m|
|
|
next if ALLOWED.any? { _1 =~ m.prefix }
|
|
|
|
target = @bot.user_list.find m.prefix.split("!").first
|
|
honeypot.add_banlist!(target)
|
|
target.whois
|
|
end
|
|
|
|
# on whois results, catch ip and kill it
|
|
@bot.on 338 do |m|
|
|
nick = m.params[1]
|
|
ip = m.params[3]
|
|
|
|
if honeypot.banlist[nick]
|
|
honeypot.ban(ip:, nick:)
|
|
honeypot.banlist.delete nick
|
|
end
|
|
end
|
|
end
|
|
end
|
|
|
|
bot = Cinch::Bot.new do
|
|
configure do |c|
|
|
c.server = CONFIG["server"]["host"]
|
|
c.port = CONFIG["server"]["port"].to_i
|
|
c.ssl.use = CONFIG["server"]["ssl"]
|
|
c.channels = CONFIG["honeypot"]["channels"]
|
|
c.nicks = CONFIG["server"]["nicks"]
|
|
end
|
|
end
|
|
|
|
bot.on(:connect) do
|
|
bot.oper CONFIG["server"]["oper"]["password"], CONFIG["server"]["oper"]["user"]
|
|
end
|
|
|
|
Honeypot.bind(bot)
|
|
|
|
bot.start
|