logo
home - calc - FAQ - download - doc - irc - links - credits - contact

Automatic k-lines on dnsspam hostnames

Currently running on:

  • irc.efnet.nl (formerly efnet.vuurwerk.nl) - placing K-lines
  • efnet.xs4all.nl - placing K-lines
  • irc.csbnet.se (formerly irc.hemmet.chalmers.se) - placing K-lines
  • irc.felk.cvut.cz - just logging
  • ircnet: *.nl - just logging

2002-10-07 Ok I just have to mention this one.
05:32.57 <spamcalc> Dnsspam connection (240) from i.got.k-lined.nu. K-lined.

2002-10-06 Eeks! The first false positive has been found. Someone from *.vet.cornell.edu got more than 100 points because I had assigned "vet" (which is dutch for "cool") more than 100 points. I've looked through the word lists and found too many scores of 100+ for a single word, so I reduced those scores a lot.

2002-09-11 - Newer (and better tested) release of the dnsspam k-line script. I have split the K-line part and the kickban part to reduce the bloatedness of the script. Also, I have been testing it on efnet.vuurwerk.nl and it runs absolutely great. In just under 6 days the client running this script has set 350 automatic K-lines, of which zero errors.

The new snapshot can be downloaded at /dsk.tgz.php. Unpack it in ~/.irssi/scripts/. Then read the README file before trying anything else.

"No! I hate all automatic stuff! Bah! What if it k-lines a non-dnsspam hostname?!" Read on algorithm.php how the script works. Note that it does NOT use spamcalc 0.5 or 0.5.1, because they suck, compared to the soon-to-be-released 0.6.

This whole thing actually consists of 2 scripts: the spamcalc script, which does all the calculations, and the irssi dnsspam script, which is the nice interface in irssi.

DISCLAIMER: I am just human. Therefore, it is very much possible that there are still bugs/errors in this test version of my script. I take no responsibility for any k-lines that were unjustly set. USE THE AUTOMATIC K-LINE FEATURE AT YOUR OWN RISK.

That said, it's very easy to dry-test the script, by enabling the do-not-k-line-but-just-log-to-file setting. And of course this is the default setting.

One more thing: the script uses a top-down approach to dns spam. This means that it will only find the really spammy hostnames. This is done because of the most important property of the script: it must never say that a legal hostname is spam because this could lead to unjustified kicks/kickbans/k-lines. Therefore, it will NOT find all dnsspam, only the extreme spam.

To see some scores of hostnames, look at http://www.garion.org/spamcalc/test/sorted06.txt. Note that scores of over, let's say, 300, are all extremely ugly hostnames, totally non RFC compliant.

You can also join #spamcalc on EFNet and use !sc [hostname] to test some hostnames.

Please report all bugs, feature requests, errors, things I forgot, and most importantly hostnames that are LEGAL but got a 100+ score anyway to info@spamcalc.net or talk to Garion on IRCnet/EFnet.