WinMX / WPN Chat Room Pest Prevention Techniques

When faced with an aggressively active chat room attacker you are faced with the need to employ certain techniques and road-blocks to them but of course balance that against having an adverse impact on those regulars and other guest visitors who visit your room, this help guide is written especially for chat room hosts and I hope will introduce some of the more effective remedies that are currently in use by other hosts that will allow you to enjoy your chat experiences without too much if any disruption.

Lets begin:

1 - Prevention of spamming:
There are two main methods of preventing chat-room abusers from destroying your hard work and friendly social atmosphere, the most popular method is to block the attackers by placing their IP addresses into a firewall or other blocking solution, the less effective method is to ensure that when they do hit the chat-room whatever they type is either blocked or removed before it can be shown in the room. We will look into both of these operations below.


2 - Prevention of entry:
This is the primary method of ensuring a chat room abuser cannot access your room to abuse either yourself or your guests and we will once again start with the most popular solution, currently this is a list created by the WinMX user "PRI" who has spent a considerable amount of time and effort in compiling a list of proxies that can be added to either "PeerBlock" or the older named version "PeerGuardian". The list is kept up to date by the monitoring of recent room attacks and daily additions of new Proxy Nodes/Addresses (these Proxy nodes include the much abused "Tor exit nodes" and this list is highly successful in dealing with this type of anonymous (or even unwanted "known" ) attackers, "known" but undesirable IP's can also be added to the list by yourselves to build an effective  protective wall. You can obtain "Pri's List" as the list has become known at the following location.

http://www.mxpulse.com/proxy

Alternatively Pri has built on the great list he has created by following it up with a "Metis" (an MxControl bot application) implementation of blocklist management that you can read about and obtain from his site here

http://www.mxpulse.com/board/viewtopic.php?f=9&t=194&p=772#p772

The Proxy list can be imported into PG by adding the location of the list to the locations it checks for updates and thus the list will self-update at regular intervals that you can set, we do not advise the usage of the default PG blocklists provided by "Blutak" as they are blocking too many nodes and many of them are innocent file sharers and thus using it becomes pointless, Pri's list is specially targeted to block only those nodes that are used as proxies.


3 - Prevention of "drive-by" text spamming:
Drive-by text spamming is in essence the art of dumping large chunks of text, web links or just abuse into a chat room, sometimes continuously but most commonly for just the one message string and exiting.
There are two method of preventing this and the most draconian is to ensure that all guests enter with no voice/low access level and thus any spam will remain invisible, this of course requires either a bot on a timer to voice folks after a short time or a live human to voice folks who don't immediately start trying to spam the room.
The preferred method is not to implement the above unless things are very bad, but to use word and text string replacement for common abuse terms, partial web addresses and anything that is regularly said by the attackers but not your ordinary guests, you can in most cases use a chat sever word replacement function or a bot to turn those swords into ploughshares, and insults into greetings, thus getting the last laugh.    


4 - Prevention of flooding:
Most current servers have a limit as to the amount of consecutive lines that can be thrown into the chat room and this should be set to be "on" (or 1) unless you are displaying ASCII images in your bot or for a special occasion.


5 - Prevention of room-jacking:
To prevent your room from falling prey to hijackers it's always best to ensure any accidental breach or display of an admin password is changed rapidly, try to limit the amount of folks using such passwords to the minimum necessary and of course most importantly ensure that when setting up a new server from scratch you make sure all of the default passwords are changed before going "live". A thoughtful host will ensure they can be contacted by at least one of their admin staff in the event of an emergency when the hijacker has gained control and is running amok.