Is it possible to do g/line in all countries?
Moderator: Supporters
Is it possible to do g/line in all countries?
Greetings. I have a botnet stalking my server. That's hundreds of nicks with different proxy addresses from all over the world.
I saw that geoip classic is integrated on UNrealircd6 and that I can make permanent glines based on the country. ex: /gline ~country:US
Now I want to know if it is possible to make a gline that includes all countries in one command, and then if there is the possibility with another command to put one or two countries in exception from this gline
is all this possible?
With unrealircd 5 came Syzop's third party module which included locking to all countries of the world and if you wanted to lock out one or more of these countries, just remove it in the block dedicated to the module in unrealircd.conf
I saw that geoip classic is integrated on UNrealircd6 and that I can make permanent glines based on the country. ex: /gline ~country:US
Now I want to know if it is possible to make a gline that includes all countries in one command, and then if there is the possibility with another command to put one or two countries in exception from this gline
is all this possible?
With unrealircd 5 came Syzop's third party module which included locking to all countries of the world and if you wanted to lock out one or more of these countries, just remove it in the block dedicated to the module in unrealircd.conf
Re: Is it possible to do g/line in all countries?
you should be able to gline ~country:* and add an e-line for certain countries using the same manner
Got an idea for a module? Don't be shy! Come talk to me on #unreal-support
Like the support I provide? Consider supporting me with a donation.
Like the support I provide? Consider supporting me with a donation.
Re: Is it possible to do g/line in all countries?
sorry I did not understand. can you give me an example?
Can I make a single gline that includes all countries?
Can I make a single gline that includes all countries?
Re: Is it possible to do g/line in all countries?
ah ok, you say that the command to block all countries is /gline ~country:* ok, and how do I exclude two or more countries? can you give me the precise command?
Re: Is it possible to do g/line in all countries?
I will tell you, but first a forewarning:
Not every IP address has GEOIP location attached to it, and so you may be banning many regular users who could be using a mobile device or something.
As a result of this, I recommend that you make it into a soft-gline, in that if someone were to authenticate during connection (SASL) then they would still be able to join. My example uses a soft-ban prefix (%)
The G in the ELINE command represents that we are exempting the country/mask from G-Lines and the 0 means it's permanent. For more information you can see "/HELPOP ELINE"
Not every IP address has GEOIP location attached to it, and so you may be banning many regular users who could be using a mobile device or something.
As a result of this, I recommend that you make it into a soft-gline, in that if someone were to authenticate during connection (SASL) then they would still be able to join. My example uses a soft-ban prefix (%)
Code: Select all
/GLINE %~country:*@* 0 Sorry, your connection was not accepted.
/ELINE ~country:UK G 0 Country excepted
Got an idea for a module? Don't be shy! Come talk to me on #unreal-support
Like the support I provide? Consider supporting me with a donation.
Like the support I provide? Consider supporting me with a donation.
Re: Is it possible to do g/line in all countries?
this error comes out:
Code: Select all
ERROR: ExtBan ~country expects a two letter country code, or * to ban unknown countries. For example: +b ~country:UK
Re: Is it possible to do g/line in all countries?
Unfortunately you can't gline all the countries at once.
This will prevent anyone with an unknown country to connect to the network.
This will prevent anyone with a Russian IP to connect to the network.
This will allow anyone with a Spanish IP to connect to the network.
NOTE: The v bantype on the command above means that the country will bypass any ban version block and you need to specify at least one bantype.
This would allow anyone with a Russian IP to connect to the network providing that they connect via SASL and identify to a registered account.
- You can ban unknown countries (where the IP doesn't have a known geolocation) with:
Code: Select all
/GLINE ~country:* 0 No unknown countries allowed
- You can also ban specific countries with:
Code: Select all
/GLINE ~country:RU 0 No connections allowed from your country
- You can exempt countries with:
Code: Select all
/ELINE ~country:ES v 0 Trusted user
NOTE: The v bantype on the command above means that the country will bypass any ban version block and you need to specify at least one bantype.
- If you still want to allow registered users from the banned countries to be able to connect using SASL, you need to use soft actions which are prefixed with a % (percent symbol):
Code: Select all
/GLINE %~country:RU 0 You need to identify via SASL to an account to be able to connect from this country
Re: Is it possible to do g/line in all countries?
Hi Pegasus.
I fixed it, at least I hope.
I made all permanent lines for all countries. and I put in line the ip that interested me.
I hope this tactic works this botnet.
Thank you.
I fixed it, at least I hope.
I made all permanent lines for all countries. and I put in line the ip that interested me.
I hope this tactic works this botnet.
Thank you.
Re: Is it possible to do g/line in all countries?
Banning everything and then ELINE-ing is not a good idea. Then an attacker just needs to find 1 proxy in a country and flood and you are screwed as they can't be klined/glined/whateveryouchose.
I think what you want is this:
You can also force all non-matching countries to require SASL, it will look very similar:
Granted, it is not via IRC but in the config file, but likely not much of a problem
EDIT: I have update the documentation for except ban { } and require authentication { } since these pages not mention that ::mask is a Mask item and allows such flexibility. Also added the examples from above there.
For the same reason, if you would do something like this in a channel, don't do +b *!*@* with +e ~country:NL either... use +i +I ~country:NL, so you still have the ban layer to deal with abuse
I think what you want is this:
Code: Select all
ban user {
mask {
mask *;
exclude-country { NL; DE; FR; }
}
reason "Your country is not allowed";
}
Code: Select all
require authentication {
mask {
mask *;
exclude-country { NL; DE; FR; }
}
reason "Unregistered users are not allowed from your country";
}
EDIT: I have update the documentation for except ban { } and require authentication { } since these pages not mention that ::mask is a Mask item and allows such flexibility. Also added the examples from above there.
For the same reason, if you would do something like this in a channel, don't do +b *!*@* with +e ~country:NL either... use +i +I ~country:NL, so you still have the ban layer to deal with abuse