[REQUEST] Module to enhance DNSBL against known VPN providers

These are old archives. They are kept for historic purposes only.

Moderators: Gottem, Supporters

Post Reply
PeGaSuS
Official supporter
Posts: 96
Joined: Tue Jun 27, 2017 4:42 pm
Contact:

[REQUEST] Module to enhance DNSBL against known VPN providers

Post by PeGaSuS »

ProtonVPN has started not long ago providing free VPN to those that have Protonmail e-mail accounts.
This is good for those concerned with privacy, but also a pain to protect our networks against possible abuses, since they own about 400 IPs and I'm not sure if they're prone to be constantly changed.
The good part is that ProtonVPN provides a JSON formatted page with all their servers EntryIP and ExitIP here.
I was wodering if it would be possible to make a module to check if a user is using their services and therefore force them to identify via SASL using a soft-action as described here.

I was thinking in a config block along this lines:

Code: Select all

protonvpn {
action soft-action;
ban-reason "This service is only allowed to registered users";
ban-time 4h;
}
Obviously this module should not act agains people using SASL.

Also wondering if this can be handled by a module or if I should open a feature request in the bug tracker.

Best regards,
PeGaSuS
IRC Network: PTirc - GitHub: TehPeGaSuS - Help and support: #unreal-support
Syzop
UnrealIRCd head coder
Posts: 2112
Joined: Sat Mar 06, 2004 8:57 pm
Location: .nl
Contact:

Re: [REQUEST] Module to enhance DNSBL against known VPN providers

Post by Syzop »

I think it would be better if this information would be converted to a DNSBL by someone offering this service.

Perhaps ask DroneBL or some other service if they are interested in doing this? Then it could be used by a large part (if not all) of the IRC community, and even beyond IRC..
PeGaSuS
Official supporter
Posts: 96
Joined: Tue Jun 27, 2017 4:42 pm
Contact:

Re: [REQUEST] Module to enhance DNSBL against known VPN providers

Post by PeGaSuS »

I've talked to DroneBL folks and unless there's some kind of high abuse, they won't be adding ProtonVPN IP addresses to the blacklist.
I've created a file with require authentication blocks for all the ips here.
Hope this can be useful.

Cheers
IRC Network: PTirc - GitHub: TehPeGaSuS - Help and support: #unreal-support
HeXiLeD
Posts: 51
Joined: Mon Jan 16, 2017 8:07 pm
Location: online

Re: [REQUEST] Module to enhance DNSBL against known VPN providers

Post by HeXiLeD »

...anything to get hands on users real ip huh...

happens that I not only support proton as I pay for some services which I (and most like me and on proton), use lawfully.
but also a pain to protect our networks against possible abuses
I've talked to DroneBL folks and unless there's some kind of high abuse, they won't be adding ProtonVPN IP addresses to the blacklist.
So there is not even abuse and punishment is already due.

There are many ways to prevent abuse from users way before radical and punishment actions such as bans and blacklists.
And how about not creating "enemies" in the first place? Banning people left and right just because they use a certain service is creating enemies right there.

You need to get away from that group of people that we both.
Do what I did. Start from scratch and don't bring any of them with you and 98% of the problems are resolved by default.

Filter the people behind the screen. Not connections.
Constructive criticism leads to evolution and progress. Negative criticism leads to obsolescence. We are not in the 90's IRC world anymore.
CertFP: d985d21f89fe2977b593c4d381a1a86802e62990d9328d893db76d59f9935244
Capitaine
Posts: 27
Joined: Mon Apr 26, 2004 6:09 pm

Re: [REQUEST] Module to enhance DNSBL against known VPN providers

Post by Capitaine »

HeXiLeD wrote: Sun Jan 27, 2019 11:51 pm There are many ways to prevent abuse from users way before radical and punishment actions such as bans and blacklists.
Filter the people behind the screen. Not connections.
How to block someone but not his connection ?
You never use /gline and such ?
Post Reply