Is it possible to do g/line in all countries?

Suratka · Post by **Suratka** » Thu Jul 06, 2023 7:41 pm

Greetings. I have a botnet stalking my server. That's hundreds of nicks with different proxy addresses from all over the world.

I saw that geoip classic is integrated on UNrealircd6 and that I can make permanent glines based on the country. ex: /gline ~country:US

Now I want to know if it is possible to make a gline that includes all countries in one command, and then if there is the possibility with another command to put one or two countries in exception from this gline

is all this possible?

With unrealircd 5 came Syzop's third party module which included locking to all countries of the world and if you wanted to lock out one or more of these countries, just remove it in the block dedicated to the module in unrealircd.conf

Post by **Valware** » Thu Jul 06, 2023 7:49 pm

you should be able to gline ~country:* and add an e-line for certain countries using the same manner

Suratka · Post by **Suratka** » Thu Jul 06, 2023 7:51 pm

sorry I did not understand. can you give me an example?
Can I make a single gline that includes all countries?

Suratka · Post by **Suratka** » Thu Jul 06, 2023 7:53 pm

ah ok, you say that the command to block all countries is /gline ~country:* ok, and how do I exclude two or more countries? can you give me the precise command?

Post by **Valware** » Thu Jul 06, 2023 8:47 pm

I will tell you, but first a forewarning:
Not every IP address has GEOIP location attached to it, and so you may be banning many regular users who could be using a mobile device or something.
As a result of this, I recommend that you make it into a soft-gline, in that if someone were to authenticate during connection (SASL) then they would still be able to join. My example uses a soft-ban prefix (%)

Code: Select all

/GLINE %~country:*@* 0 Sorry, your connection was not accepted.
/ELINE ~country:UK G 0 Country excepted

The G in the ELINE command represents that we are exempting the country/mask from G-Lines and the 0 means it's permanent. For more information you can see "/HELPOP ELINE"

Suratka · Post by **Suratka** » Thu Jul 06, 2023 9:13 pm

this error comes out:

Code: Select all

 ERROR: ExtBan ~country expects a two letter country code, or * to ban unknown countries. For example: +b ~country:UK

Post by **PeGaSuS** » Thu Jul 06, 2023 10:57 pm

Unfortunately you can't gline all the countries at once.

You can ban unknown countries (where the IP doesn't have a known geolocation) with:

Code: Select all

/GLINE ~country:* 0 No unknown countries allowed

This will prevent anyone with an unknown country to connect to the network.

You can also ban specific countries with:

Code: Select all

/GLINE ~country:RU 0 No connections allowed from your country

This will prevent anyone with a Russian IP to connect to the network.

You can exempt countries with:

Code: Select all

/ELINE ~country:ES v 0 Trusted user

This will allow anyone with a Spanish IP to connect to the network.
NOTE: The v bantype on the command above means that the country will bypass any ban version block and you need to specify at least one bantype.

If you still want to allow registered users from the banned countries to be able to connect using SASL, you need to use soft actions which are prefixed with a % (percent symbol):

Code: Select all

/GLINE %~country:RU 0 You need to identify via SASL to an account to be able to connect from this country

This would allow anyone with a Russian IP to connect to the network providing that they connect via SASL and identify to a registered account.

Suratka · Post by **Suratka** » Fri Jul 07, 2023 7:05 pm

Hi Pegasus.
I fixed it, at least I hope.
I made all permanent lines for all countries. and I put in line the ip that interested me.

I hope this tactic works this botnet.

Thank you.

Post by **Syzop** » Mon Jul 10, 2023 10:24 am

Banning everything and then ELINE-ing is not a good idea. Then an attacker just needs to find 1 proxy in a country and flood and you are screwed as they can't be klined/glined/whateveryouchose.

I think what you want is this:

Code: Select all

ban user {
    mask {
        mask *;
        exclude-country { NL; DE; FR; }
    }
    reason "Your country is not allowed";
}

You can also force all non-matching countries to require SASL, it will look very similar:

Code: Select all

require authentication {
    mask {
        mask *;
        exclude-country { NL; DE; FR; }
    }
    reason "Unregistered users are not allowed from your country";
}

Granted, it is not via IRC but in the config file, but likely not much of a problem

EDIT: I have update the documentation for except ban { } and require authentication { } since these pages not mention that ::mask is a Mask item and allows such flexibility. Also added the examples from above there.

For the same reason, if you would do something like this in a channel, don't do +b *!*@* with +e ~country:NL either... use +i +I ~country:NL, so you still have the ban layer to deal with abuse

UnrealIRCd Forums

Is it possible to do g/line in all countries?

Is it possible to do g/line in all countries?

Re: Is it possible to do g/line in all countries?

Re: Is it possible to do g/line in all countries?

Re: Is it possible to do g/line in all countries?

Re: Is it possible to do g/line in all countries?

Re: Is it possible to do g/line in all countries?

Re: Is it possible to do g/line in all countries?

Re: Is it possible to do g/line in all countries?

Re: Is it possible to do g/line in all countries?