Since a few days, there are waves of spam hitting many IRC networks. The spam uses this tool https://github.com/acidvegas/efknockr and the text ranges from simple phrases about SUPERNETS to ASCII art, colors, all kinds of stuff, being spammed in both channels and private message.
What sets this spam aside is not so much the content or that it exists, but that it affects so many IRC networks.
So what to do about this? We have some general advice, blacklists play a key role, and a new module. It's not perfect but it should be useful...
General advice
First of all, it is always wise to read the Security guide on the wiki to make sure you have all protection installed and to learn about the various countermeasures UnrealIRCd has to offer.
Spamfilter
For blocking simple phrases, spamfilter is a useful tool. It is said that using the phrase *i*r*c*.*s*u*p*e*r*n*e*t*s*.*o*r*g* in spamfilter is already quite effective.
On a related note, it is recommend to set set::spamfilter::utf8 to yes in your unrealircd.conf if you also want to block UTF8 characters, which are occasionally used. This setting exists in UnrealIRCd 6.0.7 (defaults to 'no') and 'yes' will be the new default in 6.1.2. So:Blacklists are very useful
A lot of the bots are caught by DroneBL. DroneBL is a DNS blacklist that we have been shipping with in unrealircd.conf for many years already, so one that you hopefully have (if not, again, check the Security article mentioned above.
New module to recheck blacklists periodically
There is also a new module that will automatically re-check DNS blacklists after a user has been connected for some time. By default it will check after 1 minute connect time and then again every 5 minutes. This will ensure that even drones who passed DNSBL checks at connect time, will still be killed once they get listed at DroneBL and the other blacklists. To install this module, simply use:And then add this to your unrealircd.conf:Important: the functionality of this module will be in UnrealIRCd 6.1.2 and later, so don't load the module on 6.1.2 or newer!
Drastic measure: blocking PM or only allowing registered users
If things are really unbearable to you then you could even consider:
More advice?
I myself have mostly been working on long-term solutions for spam, like building new features and new tools to combat, but that won't help anyone "today". I have not been involved much in combating this particular spam, so this forum thread is an invitation to discuss things. Share your tips, advice, or questions!
IMPORTANT: The spammer will be reading this forum thread too, there is no way around that, but it can still be useful to share things.
What sets this spam aside is not so much the content or that it exists, but that it affects so many IRC networks.
So what to do about this? We have some general advice, blacklists play a key role, and a new module. It's not perfect but it should be useful...
General advice
First of all, it is always wise to read the Security guide on the wiki to make sure you have all protection installed and to learn about the various countermeasures UnrealIRCd has to offer.
Spamfilter
For blocking simple phrases, spamfilter is a useful tool. It is said that using the phrase *i*r*c*.*s*u*p*e*r*n*e*t*s*.*o*r*g* in spamfilter is already quite effective.
On a related note, it is recommend to set set::spamfilter::utf8 to yes in your unrealircd.conf if you also want to block UTF8 characters, which are occasionally used. This setting exists in UnrealIRCd 6.0.7 (defaults to 'no') and 'yes' will be the new default in 6.1.2. So:
Code:
set { spamfilter { utf8 yes; } }
A lot of the bots are caught by DroneBL. DroneBL is a DNS blacklist that we have been shipping with in unrealircd.conf for many years already, so one that you hopefully have (if not, again, check the Security article mentioned above.
New module to recheck blacklists periodically
There is also a new module that will automatically re-check DNS blacklists after a user has been connected for some time. By default it will check after 1 minute connect time and then again every 5 minutes. This will ensure that even drones who passed DNSBL checks at connect time, will still be killed once they get listed at DroneBL and the other blacklists. To install this module, simply use:
Code:
./unrealircd module install third/blacklistrecheck
Code:
loadmodule "third/blacklistrecheck";
Drastic measure: blocking PM or only allowing registered users
If things are really unbearable to you then you could even consider:
- Disable private messages (but they can still spam in channels)
- Allowing only authenticated users on your server
More advice?
I myself have mostly been working on long-term solutions for spam, like building new features and new tools to combat, but that won't help anyone "today". I have not been involved much in combating this particular spam, so this forum thread is an invitation to discuss things. Share your tips, advice, or questions!
IMPORTANT: The spammer will be reading this forum thread too, there is no way around that, but it can still be useful to share things.
Statistics: Posted by Syzop — Fri Jul 07, 2023 12:27 pm — Replies 8 — Views 8119