Op/Voice Information .....
Let's review the typical steps involved in trying to track down an Advertiser or Ad/Bot:
The following will describe in more detail the steps listed above.
Let's say that while inside the channel, we get an ad from Katie16. We should automatically try to get her /whois katie16, and if she's gone offline already, then we can try to do the /whowas katie16. Her ip shows up as Katie16 was email@example.com * sexy-me. We'll then want to see if there is anybody matching that host/domain sitting in our channel. We can do that by typing /who #beginner *.domain, or in this case, /who #beginner *.hotnet.com. Nine times out of ten, we'll find a match. In this case, we find a firstname.lastname@example.org * xxxxx. Notice the host connection, the 'ppp04'. It's the same, and is in all probability a clone, or bot, running on the same computer.
At this point, we can ban the ip, and if they return with a changed userid (the part before the @), then we may have to set a domain ban. Recently the advertisers have been getting a bit smarter, and simply change their idents to get around a typical ban, and we're needing to set many more domain bans than we'd prefer. But sometimes it's the only way to keep them out, and to protect our users from the garbage.
There are those times though, when the previous steps don't work, and there won't be a host match, but only a domain match. Try doing a /whois on that nickname, and see if they are sitting in the typical channels we see these ad/bots sitting in. There is a list of about 10 channels that consistently seem to attract these types of ads. This list would include channels that are very big, or involve warez, or involve sex, and are a good clue that this could be the source of the trouble. If the ads continue, go ahead and set a channel ban on this person, and remove them from #Beginner. If the ads stop, then *bingo*, you found your match. If the ads persist, then undo the ban, apologize to the person, and keep looking. Let's also remember that one of the tag-team duo might be on a numeric ip. Try getting the /dns of the advertiser's ip, and run that through the /who #beginner search. It might pull up a match that way, and is certainly worth a try.
There is still one more scenario, and these advertisers are the hardest of all to spot. There are times when we get an ad from a domain, let's say from hotnet.com, but there are no users from that domain in #Beginner. Nor are there any users using the /dns of hotnet.com in #Beginner. *sigh* The hours we've spent trying to track them down is staggering. After some experience and time spent working on this, we can draw on that experience, and look through the nickname list, doing a /whois on any nickname that might appear suspicious. If I find what may look like a trouble-maker, then I'll join some of those other channels they are sitting in, and try to get the ad from there. Sometimes that works, sometimes it doesn't.
To be honest, I don't have a perfect solution. It's a matter of trying one thing, then trying another. Sometimes even picking a nick, setting a temporary ban, and waiting. We've been known to get lucky a few times. :)) If all else fails, try to find an IRCop, (type /who 0 o ) report the troubles, and they may 'KILL' the nick. Unfortunately, this is only a temporary fix. We can also log all the information, and send it into the isp provider of the advertiser. We would need to include the /whois, the time, our time zone, and a copy of the ad/log. Many providers will take the time to try to track this person down. (Bravo to them!!) Others, however, may be too busy, or are administering too many users, to be able to track them down. It's ALWAYS worth a shot, though. :)
Folks, these are not foolproof methods, just things that I've been doing during the past many months of trying to track them down. Should anyone like to offer some more advice and helpful encouragement, please feel free to send in your suggestions for the next newsletter. :)