There have been reports of bots following a similar pattern joining channels. Although their true purpose is currently unknown, they can be a nuisance, and people have been suggesting they might be collecting channel and user statistics.
Nicknames of the bots usually consist of lowercase letters only, and their username and
real name is fully or nearly identical to their nick. Their hostname is an IPv4 address.
They don't respond to CTCP requests and private messages. Some of them idle in channels
for a while, and others part straight away. A few are capable of rejoining on kick and
/remove. They usually quit with the message Remote host closed the connection
or Ping timeout.
More recently, we have been seeing the following pattern:
PORT STATE SERVICE VERSION 1080/tcp open socks5 Socks4A (Username/password authentication required) 8080/tcp open http-proxy 3Proxy http proxy
The following is a frequently updated list of active bot IP ranges:
If you wish to ban these bots, execute this command in your channel(s):
/mode +b $j:##botmonitoring-bots$##not-a-honeypot
This will keep your channel's ban list up to date automatically when new bans are added to
For an explanation into how $j works, please see this gist.
Alternatively, you can execute the following commands instead:
Any users matching the bans will be forwarded to
##not-a-honeypot. It might be
wise for you to join that channel in case an innocent user gets caught by the bans.
We believe these bots find channels because they appear on
/list, which lists
every non-secret channel on freenode. You can remove your channel from the list by applying
the channel mode +s.
Alternatively, you could use +r to block unregistered users, or +S to block users not using a secure connection (SSL), however these could also cause problems for normal users.
Help on channel modes: https://freenode.net/using_the_network.shtml#modes
- Use common sense.
- Do not bring unauthorized bots to the channel. This includes client scripts with automated triggers replying in-channel.
- Do not message or CTCP users identified as possible bots in order to try and see if they're indeed a bot, unless you're fairly certain you're dealing with one.