UnrealIRCd Forums

Welcome to the UnrealIRCd Forums!
https://forums.unrealircd.org/

Is it possible to do g/line in all countries?

https://forums.unrealircd.org/viewtopic.php?t=9316

Page 1 of 1

Is it possible to do g/line in all countries?

Posted: Thu Jul 06, 2023 7:41 pm
by Suratka
Greetings. I have a botnet stalking my server. That's hundreds of nicks with different proxy addresses from all over the world.

I saw that geoip classic is integrated on UNrealircd6 and that I can make permanent glines based on the country. ex: /gline ~country:US

Now I want to know if it is possible to make a gline that includes all countries in one command, and then if there is the possibility with another command to put one or two countries in exception from this gline

is all this possible?

With unrealircd 5 came Syzop's third party module which included locking to all countries of the world and if you wanted to lock out one or more of these countries, just remove it in the block dedicated to the module in unrealircd.conf

Re: Is it possible to do g/line in all countries?

Posted: Thu Jul 06, 2023 7:49 pm
by Valware
you should be able to gline ~country:* and add an e-line for certain countries using the same manner

Re: Is it possible to do g/line in all countries?

Posted: Thu Jul 06, 2023 7:51 pm
by Suratka
sorry I did not understand. can you give me an example?
Can I make a single gline that includes all countries?

Re: Is it possible to do g/line in all countries?

Posted: Thu Jul 06, 2023 7:53 pm
by Suratka
ah ok, you say that the command to block all countries is /gline ~country:* ok, and how do I exclude two or more countries? can you give me the precise command?

Re: Is it possible to do g/line in all countries?

Posted: Thu Jul 06, 2023 8:47 pm
by Valware
I will tell you, but first a forewarning:
Not every IP address has GEOIP location attached to it, and so you may be banning many regular users who could be using a mobile device or something.
As a result of this, I recommend that you make it into a soft-gline, in that if someone were to authenticate during connection (SASL) then they would still be able to join. My example uses a soft-ban prefix (%)

Code: Select all

/GLINE %~country:*@* 0 Sorry, your connection was not accepted.
/ELINE ~country:UK G 0 Country excepted
The G in the ELINE command represents that we are exempting the country/mask from G-Lines and the 0 means it's permanent. For more information you can see "/HELPOP ELINE"

Re: Is it possible to do g/line in all countries?

Posted: Thu Jul 06, 2023 9:13 pm
by Suratka
this error comes out:

Code: Select all

 ERROR: ExtBan ~country expects a two letter country code, or * to ban unknown countries. For example: +b ~country:UK

Re: Is it possible to do g/line in all countries?

Posted: Thu Jul 06, 2023 10:57 pm
by PeGaSuS
Unfortunately you can't gline all the countries at once.
  • You can ban unknown countries (where the IP doesn't have a known geolocation) with:

Code: Select all

/GLINE ~country:* 0 No unknown countries allowed
This will prevent anyone with an unknown country to connect to the network.

  • You can also ban specific countries with:

Code: Select all

/GLINE ~country:RU 0 No connections allowed from your country
This will prevent anyone with a Russian IP to connect to the network.

  • You can exempt countries with:

Code: Select all

/ELINE ~country:ES v 0 Trusted user
This will allow anyone with a Spanish IP to connect to the network.
NOTE: The v bantype on the command above means that the country will bypass any ban version block and you need to specify at least one bantype.

  • If you still want to allow registered users from the banned countries to be able to connect using SASL, you need to use soft actions which are prefixed with a % (percent symbol):

Code: Select all

/GLINE %~country:RU 0 You need to identify via SASL to an account to be able to connect from this country
This would allow anyone with a Russian IP to connect to the network providing that they connect via SASL and identify to a registered account.

Re: Is it possible to do g/line in all countries?

Posted: Fri Jul 07, 2023 7:05 pm
by Suratka
Hi Pegasus.
I fixed it, at least I hope.
I made all permanent lines for all countries. and I put in line the ip that interested me.

I hope this tactic works this botnet.

Thank you.

Re: Is it possible to do g/line in all countries?

Posted: Mon Jul 10, 2023 10:24 am
by Syzop
Banning everything and then ELINE-ing is not a good idea. Then an attacker just needs to find 1 proxy in a country and flood and you are screwed as they can't be klined/glined/whateveryouchose.

I think what you want is this:

Code: Select all

ban user {
    mask {
        mask *;
        exclude-country { NL; DE; FR; }
    }
    reason "Your country is not allowed";
}
You can also force all non-matching countries to require SASL, it will look very similar:

Code: Select all

require authentication {
    mask {
        mask *;
        exclude-country { NL; DE; FR; }
    }
    reason "Unregistered users are not allowed from your country";
}
Granted, it is not via IRC but in the config file, but likely not much of a problem :)

EDIT: I have update the documentation for except ban { } and require authentication { } since these pages not mention that ::mask is a Mask item and allows such flexibility. Also added the examples from above there.

For the same reason, if you would do something like this in a channel, don't do +b *!*@* with +e ~country:NL either... use +i +I ~country:NL, so you still have the ban layer to deal with abuse :)
All times are UTC
Page 1 of 1

Powered by phpBB® Forum Software © phpBB Limited