In February 2006 IRC-Junkie featured an article titled “Help! My Network is in Servers.ini!”. In short, the article names one of the problems small networks engage when they become listed in mIRC’s servers.ini.
One of the major drawbacks is that not only humans use this file, downloading an up-to-date servers.ini is also one of the first things a newly installed drone is doing. And thus, attracting drones is one of the side effects that could cause a lot of problems that eat up valuable resources, which are often not really in abundance on small networks anyway.
The Beirut IRC Network for example started to gline about a 1000 IPs a day when they got first listed in servers.ini.
Tjerk Vonck, webmaster of mirc.com, denied knowledge of any drone issues concerning servers.ini: “No. And really, I doubt there is such a problem”, he replied to IRC-Junkie.
Today IRC-Junkie received an email from SanitariuM who scripted a mIRC script that can gline drones on connection. “Those numbers for those bear drones, as I can verify with sources, have grown to over 2 MILLION unique IP’s per year. Divide this out and it’s almost 5,500 drones with unique IP’s per day on each network. Each bot sends out at *least* 10 spams, so that’s 55,500 spams per day”, he writes.
Despite that drone nets increasingly make use of other protocols like HTTP and P2P type of networks they continue to plague IRC networks.
SanitariuM also brings a bit of good news however. “There are several ways you can detect and gline these things with 100% accuracy on connection. I’ve written a universal mIRC addon that’ll work on *any* network to pattern detect and gline these. Instructions for setup are very simple… change a syntax or two, oper it up, and away it goes.”
To not give away the pattern and make the maliscious users running the drones aware of how they are being caught, SanitariuM only gives out the mIRC script after validation of the user requesting a copy, and only after initial contact has been made in one of two channels. These can be found on Undernet (#SSnD) and DALnet (#Snoop).
IRC-Junkie advices common sense with loading scripts into any IRC client. If you are going to load a script not written by yourself, and you don’t posses the knowledge of checking it out yourself, let someone else do it. Especially if it is going to run on an opered client on a production network.
edit (13:00): 55,000 spamposts instead of 15,000, changed on request of SanitariuM (which I just quoted without checking the math )