Gline GECOS

[miniCruzer]

I'm taking preventative measures on my network, and I am trying to shut out all wIRC users. wIRC is not a threat to me, I just see it as an annoyance. Although there is no 100% un-evadable way of closing out all connections from wIRC (or other malicious clients), it is possible to put things into effect that will keep them guessing, and what part I have blocked of wIRC.

Starting with, wIRC 9.0 version replies with "mIRC v6.31 Khaled Mardam-Bey" instead of "wIRC 9.0," or something similar. The ban version block has the optional action to take against connections with a certain reply, but the ban realname block does not. Example:

Code: Select all

ban version {
	mask "mIRC v6.31 Khaled Mardam-Bey";
	reason "We do not allow wIRC on this server. Glined.";
	action gline;
};

I went ahead and blocked this version reply, since most mIRC users have a later version (6.34/6.35). It is rare that a non-wIRC user will be connecting with mIRC 6.31.

I have noticed, however, that wIRC's default GECOS is "wIRC Client." This is a red flag right away that someone has tried connecting with wIRC without changing their realname. I can block the realname of "wIRC Client," but the user can easily change his/her VERSION reply (if done before attempting a connection), and/or their real name and get past the filters in a 2nd or 3rd try.

Code: Select all

ban realname {
	mask "wIRC-client";
	reason "Do not attempt to use wIRC here.";
};

There is no action to take against users with the GECOS of "wIRC Client."
Is there a way to gline users with this GECOS?

[Stealth]

Use spamfilter for this.

[katsklaw]

There is no action to take against users with the GECOS of "wIRC Client."
Is there a way to gline users with this GECOS?

http://www.unrealircd.com/files/docs/un ... lnameblock

You should check your services package for the ability to akill/gline GECOS.