Central Blocklist

The UnrealIRCd Central Blocklist is an attempt to detect and block spammers.

This works similar to DNS Blacklists but the central blocklist receives many more details about the user that is trying to connect and therefore can make a better decision on whether a user is likely a spammer or not.

'''IMPORTANT: This service is currently being tested and requires an API Key. It is not open to everyone!'''

Current status
As of October 14 2023, this blocklist is being tested by a limited number of networks and cannot be used by everyone. Using it requires an API key. The module too is under development and although it seems OK at this point (after several releases), there are no guarantees as for the stability.

This limited access is to get things tested, see if there is enough interest, handle any issues at an early stage. We would be unable to handle a large influx of signups at this point. At a later point registration should be automated and then the idea is that the blocklist should be open to all UnrealIRCd admins.

How it works / Privacy
When a user connects, the following information is sent to the central blocklist over HTTPS. This information may be expanded on future module updates. The current list is: server name, api key, timestamps, nick, user/ident, realname/gecos, IP, host, server, local port, remote port, TLS details, TCP/IP session details, geoip and reputation as looked up by the IRCd, plus the entire IRC handshake except that PASS and AUTHENTICATE are excluded (not sent).

Thanks to all that information, the central blocklist has a lot of information and will assign a spam score from 0 to 10. By default a score of 5 and above are flagged as spam and cause the connection to be rejected.

Traffic is routed through Cloudflare and then to our webserver(s) handling the central blocklist. Currently, logs on the webserver are kept and contain both requests and responses, because everything is so new and in development, to help debug problems and to improve things. Log files are retained for a maximum of 30 days after which they are deleted. The plan is to make this much shorter at a later point.

Other/third parties: IP addresses may be sent to DNSBLs and other blacklist services, exposing the IP to them. Although, these third parties would have no way to establish that the IP belongs to your IRC network, since we are in-between. So the third-party exposure is pretty similar to as if you were using a blacklist { } block.

Naturally, if you are not comfortable with all this, then don't use this service.

Getting the module
./unrealircd module install third/centralblocklist

Configuration
You need at least: loadmodule "third/centralblocklist";

You also need the  module loaded with the api-key set there, see Central API.

Here are all the config options, including the defaults. It is recommended that you DO NOT COPY all of this, so we can later change the defaults: /* These are the current default settings */ set { central-blocklist { /* You can have multiple score blocks, each with different actions. * The highest score wins (order does not matter) and only that block is executed. * By default we have actions for score 7+ and 5+. * IMPORTANT: If you add ANY score block to the conf, then all the * default score blocks will not be used. So you need to either add all or none. */

/* Score 10+ is likely a real spambot, so we shun silently for a decent period */ score 10 { ban-action shun; ban-time 1h; ban-reason "Rejected by central blocklist"; }

/* Score 5 to 9 are proxies or spambots with less certainty - do a short kline */ score 5 { /* Ban action */ ban-action kline; ban-time 15m; ban-reason "Rejected by central blocklist"; }

/* Don't check these users. By default we include * various exceptions here that are a good idea. * NOTE: If you add your own except block then the * defaults settings are completely ignored. So to		 * amend it (eg add an IP) you would need to duplicate * the entire block and then add that IP. */		except { reputation-score 2006; mask { *.irccloud.com; } ip { 127.*; 192.168.*; 10.*; } identified yes; }	} }