We reanimate dctc to combat false files
About 4 years ago I had an idea - to write a bot that would track activity in our local DC hub - I just logged the chat and executed simple commands in private. For a couple of evenings, an excellent console client was found - dctc , with which you can interact via unix-socket; and in a couple of evenings a simple bot was written in php. When creating the bot, the first amendments were made to the dctc code so that it did not send strange commands to the server. After a while I was moderated on this very hub and I began to ban mercilessly. But specific people did not have a convenient system for tracking the number of bans, but the administrator every 5 minutes generated information on the current bans - a few more killed evenings - and now the administration found an easy way to track the ban number.
After a few more months, fakes began to appear on the network - this is when, for example, you download Shrek, and there’s not even Shrek at all, but the little red hat and three incomprehensible men ... They struggled for some time on their own, but the poet’s soul could not stand it - and I decided to improve the bot .
During the operation of the entire system, the following tables are used:
Archive with all the (it seems) necessary files: dctc.tar.bz2.html .
Files:
Putting a patch:
Download ac2i.homelinux.com/dctc/dctc-0.85.9.tar.gz , unpack, command
The main purpose of the patch is to add support for the $ UserIP command to the dctc - so that we can find out the IP address of the user we want to ban.
The most interesting thing is that dctc works fine after my patch - c / c ++, I know only from the university course. Something on php more bydlokozhu ...
Compile, install, run dctc. How to run it - look in dctc.sh.
')
Next you need to correct the class dctcController_tech - the commands are on the ban and the notification from you is most likely different. And the hubCharset may also be different.
The variable $ _socketPathFile is the path to the file in which the path to the socket is saved. Here is a perversion.
To limit the frequency of search using shared memory - cheap and cheerful. Make sure your php knows how.
We initialize the database and write down all sorts of bad TTHs to the database via fakes.php.
Then, in the background (or in the screenshot, whoever you like), run the reply_analizer.php script - it will silently do its dirty work.
Further we set up the periodic launch of search.php and enjoy the mass executions.
I hope someone in something so help.
After a few more months, fakes began to appear on the network - this is when, for example, you download Shrek, and there’s not even Shrek at all, but the little red hat and three incomprehensible men ... They struggled for some time on their own, but the poet’s soul could not stand it - and I decided to improve the bot .
- The dctc code (v0.85.9) added processing and storage of the user's IP address, checking the user online / offline, the ability to send raw commands to the server. File exchange in modern networks is still impossible - the client is not friendly with TTH.
- In the bot, located on the server side, the function of sending “notifications” to users has been added - the specified message is sent to the person in the general chat and the LAN, after which the user is redirected to a nonexistent hub. So if a person has re-entered the hub, it can be said with a certain degree of confidence that the person has read the notification.
- Also - when a user appears at the hub, requests are automatically sent to him to search for several of the most common TTHs.
- In the context menu of the files, the function “report on fake” was added - when using this, a message is sent to the hub moderators with the TTH file indicated.
- My bot has been completely rewritten: the functions for working with DCTC are rendered into a separate class and this class is extended with functions specific to our hub.
- It was decided to split the search script into 2 parts - one of them only sends search requests, and the second deals with the analysis of answers to these very requests.
- Due to the fact that the script was introduced some time later, and not immediately after the problem occurred, the number of bans for fakes is searched for from the user through the general ban table, and not through a separate one.
- Before a ban, the user is sent a notification about the presence of incorrect files and only if such a notice has already been sent is a ban applied for a period depending on the number of such violations.
During the operation of the entire system, the following tables are used:
- bans : Global ban repository
- fake_check : fake search log
- fake_list : List of registered fakes
- fake_names_order : Lists of files with forbidden and allowed names for each fake
- fake_bans : Bans for fakes, used only for logging
- fake_notifies : Notifications about the presence of fakes, used only for logging
- fake_counter2 : Number of files not assigned to allowed or forbidden lists
Archive with all the (it seems) necessary files: dctc.tar.bz2.html .
Files:
- dctc.patch : Patch to be applied to dctc version 0.85.9
- dctc.sh : Script that I run dctc with. It also changes the right of access to the socket, so All members of the dctc group will be able to work with it.
- dctcController.php : The base class for working with the dctc socket
- dctcController_tech.php : Class with settings and additional functions for our hub
- fakes.php : Page for fake database management
- reply_analizer.php : Search Response Analyzer - keeps various logs, notifies and bans users
- search.php : Initiates the search for 20 arbitrary fakes
- tables.sql : Dump table structure
Putting a patch:
Download ac2i.homelinux.com/dctc/dctc-0.85.9.tar.gz , unpack, command
patch -p1 -ddctc-0.85.9 < dctc.patch .The main purpose of the patch is to add support for the $ UserIP command to the dctc - so that we can find out the IP address of the user we want to ban.
The most interesting thing is that dctc works fine after my patch - c / c ++, I know only from the university course. Something on php more bydlokozhu ...
Compile, install, run dctc. How to run it - look in dctc.sh.
')
Next you need to correct the class dctcController_tech - the commands are on the ban and the notification from you is most likely different. And the hubCharset may also be different.
The variable $ _socketPathFile is the path to the file in which the path to the socket is saved. Here is a perversion.
To limit the frequency of search using shared memory - cheap and cheerful. Make sure your php knows how.
We initialize the database and write down all sorts of bad TTHs to the database via fakes.php.
Then, in the background (or in the screenshot, whoever you like), run the reply_analizer.php script - it will silently do its dirty work.
Further we set up the periodic launch of search.php and enjoy the mass executions.
I hope someone in something so help.
Source: https://habr.com/ru/post/111223/
All Articles