[N] Allow authorized nicks to bypass banned IP address

These are old archives. They are kept for historic purposes only.

Moderators: Gottem, Supporters

Post Reply
ivp
Posts: 24
Joined: Fri Sep 09, 2016 6:14 pm

[N] Allow authorized nicks to bypass banned IP address

Post by ivp »

We are having trouble fighting spammers and often using KLINE/ZLINE/GLINE to ban IP addresses. This is not ideal solution, since many users are using dynamic IP addresses.

Wondering how to implement this scenario:

When user connects to IRC server to receive message: "Access from your IP address is forbidden due to IRC policy violation. To continue please identify yourself using nickname and password. For more information please visit: https://..."

Meaning user doesn’t get disconnected immediately, but IRC server allows couple of minutes to register nickname and/or identify himself.

If successfully authorized: check if his nickname is banned and disconnect him in that case. Otherwise, continue regular events as IP is not banned in the first place.
Gottem
UnrealIRCd coder
Posts: 192
Joined: Fri Aug 19, 2016 5:26 pm
Location: NL

Re: Allow authorized nicks to bypass banned IP address

Post by Gottem »

Users don't have dynamic IP addresses in the sense that they can switch on a whim. It's usually possible to force a different IP (at least here lel) by disconnecting your ISP's modem entirely for about 8 hours, which is a much-used duration for DHCP leases. You're more likely seeing proxy connections, so either use Unreal's blacklist module or Anope's dnsbl instead. ;] It's also much less intensive on opers cuz you don't have to keep banning people manually.

Also, in your last sentence you say:
ivp wrote: Thu Jan 18, 2018 7:53 am If successfully authorized: check if his nickname is banned and disconnect him in that case. Otherwise, continue regular events as IP is not banned in the first place.
So if spammers don't register/identify they'll come right through anyways. Also they could just change their nickname and bypass it too. So again, go with one of the blacklist mods. =]
If you like my modules, pls consider donating (credit card or iDEAL, use the custom job fee option in my shop) ;];]
ivp
Posts: 24
Joined: Fri Sep 09, 2016 6:14 pm

Re: Allow authorized nicks to bypass banned IP address

Post by ivp »

We are already using proxy detector, DNSBL and have captcha when connecting.

It is easy to change IP addresses when using mobile broadband modem or mobile phone. Just restart it or turn airplane mode on, wait 2 minutes, then turn it off.

With the new module, spammers wouldn't pass thorough without registering completely new nickname and/or authorizing with existing non-banned nickname. Meaning they would be allowed to enter commands for registering or authorizing existing nickname only when IP is banned using the module.

I guess would have to block disposable temporary email providers, too. Existing captcha would prevent from creating automatic scripts for bypassing this.
Gottem
UnrealIRCd coder
Posts: 192
Joined: Fri Aug 19, 2016 5:26 pm
Location: NL

Re: Allow authorized nicks to bypass banned IP address

Post by Gottem »

Well Unreal doesn't have a(n easy) way to "hold" a specific client's connection (while only allowing PRIVMSG to NickServ) before X:Line checking is done. Unreal also processes everything in series so if 6 people were to connect at once and the timeout is set to 1 minute, every consecutive client would have to wait at most (clientnumber - 1) * timeout minutes before they're even able to message NickServ.

Proper spamfilters, chanmode +f and DNSBL mods should be enough to work with. ;]
If you like my modules, pls consider donating (credit card or iDEAL, use the custom job fee option in my shop) ;];]
Post Reply