Connthrottle

When the connthrottle module in UnrealIRCd detects a high number of users connecting from IP addresses that have not been seen before, then connections from new IP's are rejected above the set rate. For example at 10:60 only 10 users per minute can connect that have not been seen before. Known IP addresses (so: your regular users) can always get in, regardless of the set rate. Same for users who login using SASL.

This module is highly effective against bot/drone attacks. It will reject most "bad" connections, while still allowing most of your regular users in.

See the article Reputation score for more information on what a reputation score is.

The details are best described by reading the example configuration: set { connthrottle { /* First we must configure what we call "known users". * By default these are users on IP addresses that have * a score of 24 or higher. A score of 24 means that the * IP was connected to this network for at least 2 hours * in the past month (or minimum 1 hour if registered). * The sasl-bypass option is another setting. It means * that users who authenticate to services via SASL * are considered known users as well. * The webirc-bypass option is another setting too. It means * that users who connecting via WEBIRC block * are considered known users as well. * Users in the "known-users" group (either by reputation                * or by SASL or by WEBIRC) are always allowed in by this module. */               known-users { minimum-reputation-score 24; sasl-bypass yes; webirc-bypass yes; };

/* New users are all users that do not belong in the * known-users group. They are considered "new" and in                * case of a high number of such new users connecting * they are subject to connection rate limiting. * By default the rate is 20 new local users per minute * and 30 new global users per minute. */               new-users { local-throttle 20:60; global-throttle 30:60; };

/* This configures when this module will NOT be active. * The default settings will disable the module when: * - The reputation module has been running for less than *  a week. If running less than 1 week then there is                *   insufficient data to consider who is a "known user". * - The server has just been booted up (first 3 minutes). */               disabled-when { reputation-gathering 1w; start-delay 3m; };

/* This error reason is shown to users when actively throttling */ reason "Throttled: Too many users trying to connect, please wait a while and try again"; }; };