Tip of the day: You can exempt users dynamically from server bans, spamfilter, maxperip and other restrictions with the ELINE command on IRC.

Connthrottle

From UnrealIRCd documentation wiki
Jump to navigation Jump to search

When the connthrottle module in UnrealIRCd detects a high number of users connecting from IP addresses that have not been seen before, then connections from new IP's are rejected above the set rate. For example at 10:60 only 10 users per minute can connect that have not been seen before. Known IP addresses (so: your regular users) can always get in, regardless of the set rate. Same for users who login using SASL.

This module is highly effective against bot/drone attacks. It will reject most "bad" connections, while still allowing most of your regular users in.

See the article Reputation score for more information on what a reputation score is. 

set {
        connthrottle {
                /* First we configure which users are exempt from the
                 * restrictions. These users are always allowed in!
                 * By default these are users on IP addresses that have
                 * a score of 24 or higher. A score of 24 means that the
                 * IP was connected to this network for at least 2 hours
                 * in the past month (or minimum 1 hour if registered).
                 * We also allow users who are identified to services via
                 * SASL to bypass the restrictions.
                 */
                except {
                        reputation-score 24;
                        identified yes;
                        webirc yes;
                        /* for more options, see
                         * https://www.unrealircd.org/docs/Mask_item
                         */
                }

                /* New users are all users that do not belong in the
                 * known-users group. They are considered "new" and in
                 * case of a high number of such new users connecting
                 * they are subject to connection rate limiting.
                 * By default the rate is 20 new local users per minute
                 * and 30 new global users per minute.
                 */
                new-users {
                        local-throttle 20:60;
                        global-throttle 30:60;
                };

                /* This configures when this module will NOT be active.
                 * The default settings will disable the module when:
                 * - The reputation module has been running for less than
                 *   a week. If running less than 1 week then there is
                 *   insufficient data to consider who is a "known user".
                 * - The server has just been booted up (first 3 minutes).
                 */
                disabled-when {
                        reputation-gathering 1w;
                        start-delay 3m;
                };

                /* This error reason is shown to users when actively throttling */
                reason "Throttled: Too many users trying to connect, please wait a while and try again";
        };
};
Retrieved from "https://www.unrealircd.org/docwiki/index.php?title=Connthrottle&oldid=15409"