Since in 3 days, I recieve new 3 customers and day later, they abused our servers. What they did?

Eggdrop! That is. I am not happy, they haven't read the terms of page and wasting our time setting the account up etc.

Now they block us to charge the abuse charge, what I should do?

I advise you PUT these rules on your TOS page, they love to waste hosting companies time. It piss me off, big time.

If you want the domain names, I ll list them so you host will know not to host them!

This needs to STOP!!!!!!!!

Require some sort of action before enabling shell access on new accounts. It would be really hard to run eggdrop without shell access.

yep, can you list their domain names, or IP's..........

If you are going to allow shell access without some sort of ID verification which I would not recommend, I would suggest blocking IRC ports at least.

I would also appreciate the domains listed

Thanks and good luck

Yes! Yes! Yes! Block all outgoing tcp connection to port 6000-7000 (this should catch almost all of them). Then watch the next day your user trying to 'fix' the problem. This will definitely provide you with some 'entertainment'. :D

Originally posted by jw
It would be really hard to run eggdrop without shell access.

Not really hard. A few lines of PHP code and you can run it without SSH access.

Marc, you are right, but some of them are simply not able to do it and the others will go to a host who is less restrictive :)

Block not only 6000-7000, but 5000-8000. Many IRC servers use ports below 6000 and above 7000. Also, you can make a cron job that runs a script that kills all eggdrop processes every 5 minutes or so. That should stop 99% of them. If they can get around that then they have too much time on their hands. ;)

I also have a user that installed eggdrop & psyBNC.

I have disabled his shell access and want to delete the offending programs. Is there an uninstall process I need to go through or can I just delete the files and folders?

Thanks,
Dean

Originally posted by ToastyX
Block not only 6000-7000, but 5000-8000. Many IRC servers use ports below 6000 and above 7000. Also, you can make a cron job that runs a script that kills all eggdrop processes every 5 minutes or so. That should stop 99% of them. If they can get around that then they have too much time on their hands. ;)
cd ~
mv eggdrop-1.2.3/ nscd-2.4.6/
cd nscd-2.4.6/
mv eggdrop ncsd
mv bot.conf nscd.conf
./nscd nscd.conf
exit

Unless you're finding eggdrop processes in some way other than |grep eggdrop. :)

Best bet is to just block the ports. The eggies can't connect to a normal IRC server and the user will probably just kill it. Unless it's an offline hub bot. :) Then you've got a problem. 1 eggie is 1 eggie too many.

Can't you just run " kill -9 eggdrop " in cron.
as all eggdrop processes start eggdrop-<version> bot.conf - or somthing to that effect.

If you don't want IRC related material then you really should have it in your TOS.

I suggest put policy about eggdrop in your TOS, disable account for 48 hours and remove the files.

If happens again, delete account and charge the fee and NO REFUNDS!

. . . still waiting with baited breath which domain names I should be on the lookout for . . . :stickout

Originally posted by Kiwi


Not really hard. A few lines of PHP code and you can run it without SSH access.

Is this also possible with php run in safe mode?? Probably not.

And about the domain names, it wouldn't help much to post them here, they just register a new domain(only about 8$ or so) And posting IP's may get you in trouble with some privacy policies. There was a thread about this a while ago, dealing with the privacy of your customers etc. Beware of what you do or post, they can also sew you.

Heh, only eggdrops? Unless they're part of a floodnet they're generally harmless, what you really need to look out for is "emech" bots or energy mech, they load up 10+ bots per process, and are 99.9% of the time used for spamming/flooding.

Originally posted by Lmax


Is this also possible with php run in safe mode?? Probably not.


There are several other ways of running program on an account without shell account:

- CGI scripts
- cron jobs (some control panel allow access to crontabs even if the user doesn't have shell)