User:a proofreader/Anti-phish script

From the RuneScape Wiki, the wiki for all things RuneScape
Jump to: navigation, search


This anti-phish script can be run by IRC operators to kick users who post phishing links.

It also contains a (commented-out) line to ban the user if needed. During the trial of this script, operators who have this script loaded do not automatically ban users.

Operators running this script[edit | edit source]

XChat[edit | edit source]

Contact User:Gaz Lloyd if you wish to autoload this script.

__module_name__ = "PhishDetectionWR"
__module_version__ = "1.0.25"
__module_description__ = "Detects phishing links posted to #rswiki and kick-bans users who post them"
 
# If you contribute to this script, add yourself below!
#   A_proofreader (wikia/A-proofreader) of Freenode #rswiki
#   Joeytje50 (wikia/Joeytje50) of Freenode #rswiki
#   Sigma (wikipedia/Lowercase-Sigma) of Freenode #wikipedia-en
 
import re
import xchat
 
# THE FOLLOWING IS CONFIGURABLE
phishing_regex = re.compile(r"(http://|www.){0,2}[^/ ]*(\.?runescape\.com\.(?!au(?!\.))[0-9a-z]" # unexpected dot after .com, exception for .com.au, [[wikipedia:.au#Second-level domains]]
  + "|(?!runescape)r[-\.]?u[-\.]?n[-\.]?e[-\.]?s[-\.]?c[-\.]?a[-\.]?p[-\.]?e[-\.]" # not runescape (matched above), but something containing a dash or dot (more aggressive)
  + "|runescape\.co\.(?!uk(?!\.))" # runescape.co.tld, excluding runescape.co.uk (legit)
  + "|(?!runescape-wiki|wikia-runescape)(-runescape|runescape-)[^/ ]*\.\w{2,})" # dashes instead of dots at expected places; runescape-gold.co.cc etc
  , re.IGNORECASE)
 
def phishtrigger(word, word_eol, userdata):
  # :Source PRIVMSG Target :Message which may contain spaces
  # ^0      ^1      ^2      ^3      ^4[etc.] or use word_eol[3]
  nick, target, userhost, text = word[0].split("!")[0][1:], word[2], word[0].partition("@")[2], word_eol[3]
  if target.lower() == "#rswiki" and phishing_regex.search(text) is not None and nick.lower() != "evilbot" and nick.lower() != "bullbot" and nick.lower() != "runescript":
    # xchat.command("QUOTE MODE %s +b *!*@%s" % (target, userhost))
    xchat.command("QUOTE KICK %s %s :%s" % (target, nick, "Phishing link detected"))
    print "%s was kicked for line: %s" % (nick, text)
  return xchat.EAT_NONE
 
xchat.hook_server("PRIVMSG", phishtrigger)

mIRC[edit | edit source]

Operators who use mIRC can put the following in the Remote tab of the Scripts Editor (in the Tools menu, or the toolbar button to the left of your address book):

; If you contribute to this script, add yourself below!
;   A_proofreader (wikia/A-proofreader) of Freenode #rswiki
;   Joeytje50 (wikia/Joeytje50) of Freenode #rswiki

on 1:Start: {
  set -g %ph.exclusionregex /(evil|bull)bot|runescript)/i
  set -g %ph.textregex /(http://|www.){0,2}[^/ ]*(\.?runescape\.com\.(?!au(?!\.))[0-9a-z]|(?!runescape)r[-\.]?u[-\.]?n[-\.]?e[-\.]?s[-\.]?c[-\.]?a[-\.]?p[-\.]?e[-\.]|runescape\.co\.(?!uk(?!\.))|(?!runescape-wiki|wikia-runescape)(-runescape|runescape-)[^/ ]*\.\w{2,})/i
}

on *:TEXT:*:#rswiki: {
  ;exception for bots
  if (!($regex($nick,%ph.exclusionregex))) {
    if ($regex($1-,%ph.textregex)) {
      /kick #rswiki $nick Phishing link detected
      ;/mode #rswiki +b $regsubex($regsubex($fulladdress,/.*@/,*!*@),/@gateway\/web\/freenode\/ip\./,@*)
      ;ban the user, and if the user is using webchat without cloak, the ip. Commented out for now.
    }
  }
}
;also match phishing links in actions (/me)
on *:ACTION:*:#rswiki: {
  if (!($regex($nick,%ph.exclusionregex))) {
    if ($regex($1-,%ph.textregex)) {
      /kick #rswiki $nick Phishing link detected
      ;/mode #rswiki +b $regsubex($regsubex($fulladdress,/.*@/,*!*@),/@gateway\/web\/freenode\/ip\./,@*)
    }
  }
}

ChatZilla[edit | edit source]

Operators who use ChatZilla can save the following into a file titled "PhishDetectionWR.js" and install the plugin via the ChatZilla tab.

// If you contribute to this script, add yourself below!
// Walrus068 (wikia/Walrus068) of Freenode #rswiki

var re = new RegExp("(http://|www.){1,2}[^/ ]*(\\.?runescape\\.com\\.(?!au(?!\\.))[0-9a-z]|(?!runescape)r[-\\.]?u[-\\.]?n[-\\.]?e[-\\.]?s[-\\.]?c[-\\.]?a[-\\.]?p[-\\.]?e[-\\.]|(?!runescape-wiki)(-runescape|runescape-)[^/ ]*)", "i");

plugin.id = "PhishDetectionWR";
plugin.description = "Detects phishing links posted to #rswiki and kick-bans users who post them";
plugin.major = 1;
plugin.minor = 0;
plugin.version = plugin.major + "." + plugin.minor;

plugin.init = function () {
  return true;
};

plugin.enable = function () {
  client.eventPump.addHook({
    "set": "channel",
    "type": "privmsg"
  }, function (e) {
    var nick = e.user.unicodeName,
      n = nick.toLowerCase(),
      notbot = n !== "evilbot" && n !== "bullbot" && n !== "runescript";
    if (e.params[1] === "#rswiki" && re.test(e.msg) && notbot) {
      //I'm unsure if this part actually works
      dispatch("quote", "KICK #rswiki " + nick + " :Phishing link detected");
    }
  }, "PhishDetectionWR");
  return true;
};

plugin.disable = function () {
  client.eventPump.removeHookByName("PhishDetectionWR");
  return true;
};