Tip of the day: Channel mode +f is a powerful anti-flood feature. It is also slightly complex. Enable it in your most important channels, and consider setting a default in set::modes-on-join.
|
Spamreport block
The spamreport block allows doing HTTP(S) callbacks to services like DroneBL and Central spamreport on spamfilter hits or manually via the SPAMREPORT command. This way those services can blacklist or investigate the IP/user, improving spam/drone detection for everyone, so other IRC networks can benefit as well. If more people do this then we all help each other fight spam.
Reporting to DroneBL only exists in UnrealIRCd 6.1.2 and newer. Reporting to Central spamreport only exists in UnrealIRCd 6.1.3 and newer.
Usage
Spamreport blocks can be called from a Spamfilter block via spamfilter::action::report, like:
spamfilter {
..
action { report; gline; }
}
You can also use the SPAMREPORT command on IRC to report a user or IP address manually.
Syntax
spamreport <name> {
/* For Central spamreport you only need type: */
type central-spamreport;
/* For DroneBL: */
type dronebl;
parameters {
rpckey "XYZ";
type <number>; // see https://dronebl.org/classes, usually 6
//staging yes; // optional set this to yes for testing
}
/* For custom URL callbacks: */
type simple;
url '<url>'; // be sure to use single quotes and not double quotes!
http-method [get|post];
/* Options for all: */
except { };
rate-limit <count>:<period>;
}
For type central-spamreport:
- You only set the type
- You do need to load and configure the Central Blocklist module.
For type dronebl:
- You fill in parameters:
- parameters::rpckey is the RPC key you got from DroneBL
- parameters::type is the type to communicate to DroneBL when listing the spam, see https://dronebl.org/classes
- parameters::staging is an optional field and can be set to yes for testing, or no for real submissions
- The rest is configured automatically, like the url.
For type simple::
- url is the URL to be called, it can use the following
$variablesin the url:$ip: the IP address of the blacklisted user
- http-method is either
getorpost, usually post is preferred
Finally, there are some optional arguments:
- except is a Mask item. If you have this then the spamreport callback is not called for clients matching this except. IMPORTANT: for spamfilter hits and
SPAMREPORT Nicknamethis works well, but a manualSPAMREPORT ipadresswill bypass this except, even if you have an except::ip or except::mask, since the matching code can only work on 'real users' and not on arbitrary IP addresses. - rate-limit limits doing HTTP(S) requests for this block to <count> per <period> time, to avoid flooding both UnrealIRCd and the target webserver.
With regards to rate limiting, there is also a secondary protection mechanism, which is that no more than 100 HTTP(S) requests can be in transit at any time (concurrent requests). This to avoid flooding both UnrealIRCd and the target blacklist/callback service.
Examples
DroneBL
spamreport dronebl {
type dronebl;
parameters {
rpckey "xxx"; /* The key you received from DroneBL */
type 999; /* Replace with one of https://dronebl.org/classes */
}
}