Connthrottle

From UnrealIRCd documentation wiki
Jump to navigation Jump to search

When the connthrottle module in UnrealIRCd detects a high number of users connecting from IP addresses that have not been seen before, then connections from new IP's are rejected above the set rate. For example at 10:60 only 10 users per minute can connect that have not been seen before. Known IP addresses (so: your regular users) can always get in, regardless of the set rate. Same for users who login using SASL.

This module is highly effective against bot/drone attacks. It will reject most "bad" connections, while still allowing most of your regular users in.

See the article Reputation score for more information on what a reputation score is.

The details are best described by reading the example configuration:

set {
        connthrottle {
                /* First we must configure what we call "known users".
                 * By default these are users on IP addresses that have
                 * a score of 24 or higher. A score of 24 means that the
                 * IP was connected to this network for at least 2 hours
                 * in the past month (or minimum 1 hour if registered).
                 * The sasl-bypass option is another setting. It means
                 * that users who authenticate to services via SASL
                 * are considered known users as well.
                 * The webirc-bypass option is another setting too. It means
                 * that users who connecting via WEBIRC block
                 * are considered known users as well.
                 * Users in the "known-users" group (either by reputation
                 * or by SASL or by WEBIRC) are always allowed in by this module.
                 */
                known-users {
                        minimum-reputation-score 24;
                        sasl-bypass yes;
                        webirc-bypass yes;
                };

                /* New users are all users that do not belong in the
                 * known-users group. They are considered "new" and in
                 * case of a high number of such new users connecting
                 * they are subject to connection rate limiting.
                 * By default the rate is 20 new local users per minute
                 * and 30 new global users per minute.
                 */
                new-users {
                        local-throttle 20:60;
                        global-throttle 30:60;
                };

                /* This configures when this module will NOT be active.
                 * The default settings will disable the module when:
                 * - The reputation module has been running for less than
                 *   a week. If running less than 1 week then there is
                 *   insufficient data to consider who is a "known user".
                 * - The server has just been booted up (first 3 minutes).
                 */
                disabled-when {
                        reputation-gathering 1w;
                        start-delay 3m;
                };

                /* This error reason is shown to users when actively throttling */
                reason "Throttled: Too many users trying to connect, please wait a while and try again";
        };
};