Tip of the day: Check out Special users on how to give trusted users/bots more rights without making them IRCOp.

Spamreport block

From UnrealIRCd documentation wiki
Jump to navigation Jump to search

The spamreport block allows doing HTTP(S) callbacks to services like DroneBL and Central spamreport on spamfilter hits or manually via the SPAMREPORT command. This way those services can blacklist or investigate the IP/user, improving spam/drone detection for everyone, so other IRC networks can benefit as well. If more people do this then we all help each other fight spam.

Reporting to DroneBL only exists in UnrealIRCd 6.1.2 and newer. Reporting to Central spamreport only exists in UnrealIRCd 6.1.3 and newer.

Usage

Spamreport blocks can be called from a Spamfilter block via spamfilter::action::report, like:

spamfilter {
..
        action { report; gline; }
}

You can also use the SPAMREPORT command on IRC to report a user or IP address manually.

Syntax

spamreport <name> {
        /* For Central spamreport you only need type: */
        type central-spamreport;
        /* ...but you can also provide a custom url (if you do, be sure to use single quotes): */
        url '<url>';

        /* For DroneBL: */
        type dronebl;
        parameters {
                rpckey "XYZ";
                type <number>; // see https://dronebl.org/classes, usually 6
                //staging yes; // optional set this to yes for testing
        }

        /* For custom URL callbacks: */
        type simple;
        url '<url>'; // be sure to use single quotes and not double quotes!
        http-method [get|post];

        /* Options for all: */
        except { };
        rate-limit <count>:<period>;
}

For type central-spamreport:

  • You normally only set the type
  • You must load and configure the Central Blocklist module.
  • If you want to report to your own system, instead of ours, then set url.

For type dronebl:

  • You fill in parameters:
  • The rest is configured automatically, like the url.

For type simple::

  • url is the URL to be called, it can use the following $variables in the url:
    • $ip: the IP address of the blacklisted user
  • http-method is either get or post, usually post is preferred

Finally, there are some optional arguments:

  • except is a Mask item. If you have this then the spamreport callback is not called for clients matching this except. IMPORTANT: for spamfilter hits and SPAMREPORT Nickname this works well, but a manual SPAMREPORT ipadress will bypass this except, even if you have an except::ip or except::mask, since the matching code can only work on 'real users' and not on arbitrary IP addresses.
  • rate-limit limits doing HTTP(S) requests for this block to <count> per <period> time, to avoid flooding both UnrealIRCd and the target webserver.

With regards to rate limiting, there is also a secondary protection mechanism, which is that no more than 100 HTTP(S) requests can be in transit at any time (concurrent requests). This to avoid flooding both UnrealIRCd and the target blacklist/callback service.

Examples

Central Spamreport

You can report spam to the UnrealIRCd team. This requires two things:

spamreport unrealircd { type central-spamreport; }

DroneBL

NOTE: This requires an API key from https://dronebl.org

spamreport dronebl {
      type dronebl;
      parameters {
              rpckey "xxx"; /* The key you received from DroneBL */
              type 999; /* Replace with one of https://dronebl.org/classes */
      }
}