Users via proxy, how to stop the clons.

These are old archives. They are kept for historic purposes only.
JIVXor
Posts: 134
Joined: Fri Sep 09, 2005 10:53 pm
Location: Cuba

Users via proxy, how to stop the clons.

Post by JIVXor »

Here goes my problem :

The users who connect to my server they do it by a proxy, and arrive at the server with the same IP all, the one of proxy, then they have been dedicated to connect clons with scripts, is there some form to stop that? Some module? Style of ircxpro that asks before connect or some quarantine channel, iptables's rules of connect limitations of an IP through proxy?

I use unrealIRCD 3.2.3 *NIX and Anope 1.6.4 Stable


PD : I was thinking about the module of user_auth but I do not know if it will work.

Thanks beforehand.

JIv
Thanks
Dukat
Posts: 1083
Joined: Tue Mar 16, 2004 5:44 pm
Location: Switzerland

Post by Dukat »

  1. Use a proxy Scanner! (bopm)
  2. Set the maxperip value in the allow block(s)
If you don't make mistakes, you aren't really trying.
- Coleman Hawkins
JIVXor
Posts: 134
Joined: Fri Sep 09, 2005 10:53 pm
Location: Cuba

No no

Post by JIVXor »

Dukat, thanks for your fast help. I do have OPSB from Neostats package. But .. . The only way to get internet of that users is via proxy, this is the configuration of the network. Then, if I kline or drop one simple IP, I'm droping the ip of the proxy, so . . . . the IRC is empty. I know in other networks nobody have this problem, cause all IPs are one to one to the client, but here in my country the networks are very diferent. You connect to a PPP server, assign to you an IP for the intranet, but, if you want to access to internet, you MUST go via proxy.

Thanks
Stealth
Head of Support
Posts: 2086
Joined: Tue Jun 15, 2004 8:50 pm
Location: Chino Hills, CA, US
Contact:

Post by Stealth »

Then there is nothing you can do. Any proxy that can be abused will be abused. It is the fact of proxies.
Dukat
Posts: 1083
Joined: Tue Mar 16, 2004 5:44 pm
Location: Switzerland

Post by Dukat »

The only possibility is to use some sort of authentication like userauth or SQLAuth... BUT all your users would have to register on some webpage/whereever - you would probably lose a LOT of users :(

Can you use the remaining tools like spamfilter, flood protection or badwords to stop the clones?


Another way (but I don't know if that's possible - probably not) would be to move the server to the intranet - the users would have different IPs there, I guess...
If you don't make mistakes, you aren't really trying.
- Coleman Hawkins
JIVXor
Posts: 134
Joined: Fri Sep 09, 2005 10:53 pm
Location: Cuba

..

Post by JIVXor »

Thanks a lot Stealth. But .. .
it must exist something, some rule of iptables that goes through proxy and obtains the IP of the LAN. The Web browsers take with itself an information so, when they log in a WebServer, this WebServer can know of that information, the IP of the LAN, with IRC will not be equal? Pardon if I am speaking things without sense, but I am desperate already, perhaps some linux kernel has his iptables reshaped.

Dukat :

I'm from Cuba, I don't think that INFOMED'S ISP accept my advice about the move of the DNS for intranet :P And yes, I do have flood protections, spamfilters but . . . the bandwith is the most important thing in this case && is begin to decrease with another and another clon. Thanks anyway.

I'm working on m_courtroom of AngryWolf, lets see, by the way, does anybody here knows about unreal3.2 beta RC2 for *NIX ? I can't find it. I'ts the first requeriment of the m_courtroom module. If anybody knows about one on 3.2.3, please let me know.


PD : Sorry about my english :S
Thanks.
Stealth
Head of Support
Posts: 2086
Joined: Tue Jun 15, 2004 8:50 pm
Location: Chino Hills, CA, US
Contact:

Post by Stealth »

There is no such information that passes through proxies. If such information passed through proxies, they would be useless. The purpose of a proxy is to hide someones real IP, and in this case, enable them to connect to the internet.
JIVXor
Posts: 134
Joined: Fri Sep 09, 2005 10:53 pm
Location: Cuba

......

Post by JIVXor »

Could Syzop or Codemastr find unreal3.2BetaRC2? Any version of courtroom for 3.2.3?



Thanks.

Moderator: Email removed.
Dukat
Posts: 1083
Joined: Tue Mar 16, 2004 5:44 pm
Location: Switzerland

Post by Dukat »

Old versions are not released.

You have to fix the module to work with the current version.
If you don't make mistakes, you aren't really trying.
- Coleman Hawkins
Solutech
Posts: 296
Joined: Thu Mar 18, 2004 11:38 pm

Post by Solutech »

I use courtroom on my system and I stayed at 3.2.2b which it still works on . I may have the nix distri of that version here somewhere but as stated its not supported anymore.

*edit* yup I have it still if you want it pm me your email addy*edit*
Yawn. So there's yet another "if the user clicks the button, they're infected" exploit. Why is this news? We already know users are idiots.
Syzop
UnrealIRCd head coder
Posts: 2112
Joined: Sat Mar 06, 2004 8:57 pm
Location: .nl
Contact:

Post by Syzop »

Isn't courtroom basically just the spamfilter viruschan thing?
Would adding a /viruschan <nick> be sufficient?

Or is it absolutely necessary to have different channels per-user, because I don't think that would be implemented in core unreal (the difference in terms of memory usage per-user is 1 bit vs storing a pointer at minimum (4 or 8 bytes) and the channelname (<length of name>+1+[4|8]) at maximum.

(Oh yeah, sure, the module aproach is also possible :P)
JIVXor
Posts: 134
Joined: Fri Sep 09, 2005 10:53 pm
Location: Cuba

Post by JIVXor »

Syzop :

My idea is to maintain in quarantine all the users who connect to the server, I put a countdown, if users does not respond to a question [randomize ], there comes the kill. Obviously, scripts of clones does not have the option to enter by keyboard some string.

Here's the error [on 3.2.3]:

14[132:1438] 11,12 server 14,14! unrealircd.conf:13: loadmodule src/modules/courtroom.c: failed to load: tmp/E8DA9B66.courtroom.c: invalid ELF header.

ELF header?

How can I do to fix this problem?

Thanks.
Dukat
Posts: 1083
Joined: Tue Mar 16, 2004 5:44 pm
Location: Switzerland

Post by Dukat »

You have to COMPILE the module first.

Read the documentation of the module.
If you don't make mistakes, you aren't really trying.
- Coleman Hawkins
JIVXor
Posts: 134
Joined: Fri Sep 09, 2005 10:53 pm
Location: Cuba

Post by JIVXor »

Dukat,

you mean : make custommodule MODULEFILE=courtroom

??

Oh yes, I'm compiling the module, when I rehash :

src/modules/courtroom.c: failed to load: tmp/E8DA9B66.courtroom.c: invalid ELF header.

Am I missing something?

Thanks.
Dukat
Posts: 1083
Joined: Tue Mar 16, 2004 5:44 pm
Location: Switzerland

Post by Dukat »

The .c is the source file, the compiled module is .so.
If you don't make mistakes, you aren't really trying.
- Coleman Hawkins
Locked