Tip of the day: With the UnrealIRCd administration panel you can add and remove server bans and do other server management from your browser. |
Spamreport block
The spamreport block allows doing HTTP(S) callbacks to services like DroneBL and Central spamreport on spamfilter hits or manually via the SPAMREPORT
command. This way those services can blacklist or investigate the IP/user, improving spam/drone detection for everyone, so other IRC networks can benefit as well. If more people do this then we all help each other fight spam.
Reporting to DroneBL only exists in UnrealIRCd 6.1.2 and newer. Reporting to Central spamreport only exists in UnrealIRCd 6.1.3 and newer.
Usage
Spamreport blocks can be called from a Spamfilter block via spamfilter::action::report, like:
spamfilter { .. action { report; gline; } }
You can also use the SPAMREPORT
command on IRC to report a user or IP address manually.
Syntax
spamreport <name> { /* For Central spamreport you only need type: */ type central-spamreport; /* ...but you can also provide a custom url (if you do, be sure to use single quotes): */ url '<url>'; /* For DroneBL: */ type dronebl; parameters { rpckey "XYZ"; type <number>; // see https://dronebl.org/classes, usually 6 //staging yes; // optional set this to yes for testing } /* For custom URL callbacks: */ type simple; url '<url>'; // be sure to use single quotes and not double quotes! http-method [get|post]; /* Options for all: */ except { }; rate-limit <count>:<period>; }
For type central-spamreport
:
- You normally only set the type
- You must load and configure the Central Blocklist module.
- If you want to report to your own system, instead of ours, then set url.
For type dronebl
:
- You fill in parameters:
- parameters::rpckey is the RPC key you got from DroneBL
- parameters::type is the type to communicate to DroneBL when listing the spam, see https://dronebl.org/classes
- parameters::staging is an optional field and can be set to yes for testing, or no for real submissions
- The rest is configured automatically, like the url.
For type simple:
:
- url is the URL to be called, it can use the following
$variables
in the url:$ip
: the IP address of the blacklisted user
- http-method is either
get
orpost
, usually post is preferred
Finally, there are some optional arguments:
- except is a Mask item. If you have this then the spamreport callback is not called for clients matching this except. IMPORTANT: for spamfilter hits and
SPAMREPORT Nickname
this works well, but a manualSPAMREPORT ipadress
will bypass this except, even if you have an except::ip or except::mask, since the matching code can only work on 'real users' and not on arbitrary IP addresses. - rate-limit limits doing HTTP(S) requests for this block to <count> per <period> time, to avoid flooding both UnrealIRCd and the target webserver.
With regards to rate limiting, there is also a secondary protection mechanism, which is that no more than 100 HTTP(S) requests can be in transit at any time (concurrent requests). This to avoid flooding both UnrealIRCd and the target blacklist/callback service.
Examples
Central Spamreport
You can report spam to the UnrealIRCd team. This requires two things:
- You need an API key from https://www.unrealircd.org/central-api/
- You also need to have Central Blocklist enabled
spamreport unrealircd { type central-spamreport; }
DroneBL
NOTE: This requires an API key from https://dronebl.org
spamreport dronebl { type dronebl; parameters { rpckey "xxx"; /* The key you received from DroneBL */ type 999; /* Replace with one of https://dronebl.org/classes */ } }