mirror of
https://github.com/pissnet/pissircd.git
synced 2024-06-05 07:48:44 +01:00
0971cf7d70
instead of standard wildcard. In this case, since it's antirandom, it is not really important as someone is not going to add DNS records specially to avoid triggering antirandom. That makes no sense since it is much easier to avoid using a random looking name. Main reason of changing it here is to set a good example.
183 lines
6.6 KiB
Text
183 lines
6.6 KiB
Text
/* This file will load all optional modules. These are features that
|
|
* not everyone will use or are considered experimental.
|
|
* You can include this file from your unrealircd.conf like this:
|
|
* include "modules.optional.conf";
|
|
* OR... and this is probably a better idea... you can copy-paste it
|
|
* to another file where you do your own customizations.
|
|
*
|
|
* DO NOT EDIT THIS FILE! IT WILL BE OVERWRITTEN DURING NEXT UPGRADE!!
|
|
* If you want to customize, make a copy of this file (for example
|
|
* name it modules.custom.conf) and edit it.
|
|
* Then include that file from your unrealircd.conf instead of this one.
|
|
*/
|
|
|
|
/*** Commands ***/
|
|
|
|
// This add the /IRCOPS command: A more visual way for users
|
|
// to see which IRCOps are online.
|
|
loadmodule "ircops";
|
|
|
|
// This adds the /STAFF command: This command simply displays
|
|
// a text file that you can configure here:
|
|
loadmodule "staff";
|
|
set { staff-file "network.staff"; }
|
|
|
|
|
|
/*** Channel modes ***/
|
|
|
|
// The following module ('nocodes') is not a true channel mode.
|
|
// It simply enhances the existing channel mode +S/+c to include
|
|
// stripping/blocking of bold, underline and italic text.
|
|
loadmodule "nocodes";
|
|
|
|
|
|
/*** Other ***/
|
|
|
|
// The hideserver module will hide /MAP and /LINKS to regular users.
|
|
// It does not truly enhance security as server names can still be
|
|
// seen at other places.
|
|
// Comment out the following line to enable this:
|
|
// loadmodule "hideserver";
|
|
|
|
// The antirandom module will kill or *line users that have a nick,
|
|
// ident and/or realname that is considered "random".
|
|
// This helps to combat simple botnets/drones.
|
|
// Note that failure to set the right settings may ban innocent users.
|
|
// This is especially true if you are on a non-English network where
|
|
// the module may consider a sequence of characters "random" even though
|
|
// it is a perfectly pronounceable word in your language.
|
|
loadmodule "antirandom";
|
|
set {
|
|
antirandom {
|
|
/* THRESHOLD:
|
|
* This is pretty much the most important setting of all.
|
|
* For every randomly looking ident the user gets a certain amount of
|
|
* 'points', if this value reaches 'threshold' then the appropriate
|
|
* action is taken (killed, *lined, see later on).
|
|
* lower = more randomly looking users will be catched (but also more
|
|
* innocent users)
|
|
* higher = less chance of innocent users getting killed, but also less
|
|
* chance on bots getting catched.
|
|
* <2: DON'T!!
|
|
* 4: Works good, probably a few more innocent kills but if you got
|
|
* quite a bot problem then this might be a useful setting.
|
|
* 5: Works well with few innocent kills, probably good to begin with.
|
|
* 6: If you want to be a tad more careful
|
|
* >6: For the paranoid. Module can still be quite effective, though :)
|
|
*/
|
|
threshold 7;
|
|
|
|
/* BAN-ACTION:
|
|
* Action to take whenever the user is catched as random, options:
|
|
* warn, kill, gline, gzline, kline, zline, shun, tempshun
|
|
*/
|
|
ban-action kill;
|
|
|
|
/* BAN-TIME:
|
|
* Time to ban the user (irrelevant for tempshun/kill).
|
|
* Something between 1 hour and 2 days is recommended.
|
|
* If you set it higher than 3 or 4 days then you get quite a risk
|
|
* of catching innocent users due to dynamic IP, not to mention
|
|
* your *line list gets filled up... so choose it wisely.
|
|
*/
|
|
ban-time 4h;
|
|
|
|
/* BAN-REASON:
|
|
* The ban (or kill) reason to use.
|
|
* You might want to put in an entry to a FAQ or an email address
|
|
* where users can mail if they have been catched and don't know what to do.
|
|
* NOTE: One of the various reasons that ""innocent users"" are catched is
|
|
* if they just randomly type in info for their nick, ident, or realname.
|
|
*/
|
|
ban-reason "You look like a bot. Be sure to fill in your nick/ident/realname properly.";
|
|
|
|
/* CONVERT-TO-LOWERCASE:
|
|
* Convert nicks, idents, and realnames to lowercase before doing random checks?
|
|
* This has not been tested extensively for false positives, but might be (very)
|
|
* helpful to catch GnStA5FYhiTH51TUkf style random nicks as random.
|
|
* Enabled by default.
|
|
*/
|
|
convert-to-lowercase yes;
|
|
|
|
/* FULLSTATUS-ON-LOAD:
|
|
* If enabled, then upon loading it will check all users that are currently
|
|
* connected and give a status report about who it would have killed.
|
|
* Note that it doesn't actually kill any currently connected users, it is for
|
|
* informative purposes only.
|
|
* This can be (very) useful if you use the module for the first time.
|
|
* But you probably want to disable it after a while, since once the module
|
|
* is actively dealing with randomly looking persons, it shouldn't report any
|
|
* users anymore on load and then this check only eats useless CPU on /REHASH.
|
|
* Enabled by default.
|
|
*/
|
|
fullstatus-on-load yes;
|
|
|
|
/* SHOW-FAILEDCONNECTS:
|
|
* This will send out a notice whenever a randomly looking user has been catched
|
|
* during connecting. Obviously this can be pretty noisy.
|
|
* Especially recommended to enable during the first few days you use this module.
|
|
*/
|
|
show-failedconnects yes;
|
|
|
|
/* EXCEPT-HOSTS:
|
|
* Hostmasks on this list are matched against the IP and hostname of the connecting
|
|
* user. If it matches then we do not check if the nick/ident/realname is random.
|
|
* NOTE: Use the REAL host or IP here, not any cloaked hosts!
|
|
*/
|
|
except-hosts {
|
|
mask 192.168.0.0/16;
|
|
mask 127.0.0.0/8;
|
|
}
|
|
|
|
/* EXCEPT-WEBIRC:
|
|
* This will make antirandom not check connections from WEBIRC gateways.
|
|
* ( see https://www.unrealircd.org/docs/WebIRC_block )
|
|
* It seems WEBIRC connections frequently cause false positives so the
|
|
* default is 'yes'.
|
|
*/
|
|
except-webirc yes;
|
|
}
|
|
}
|
|
|
|
// This module will send a HTTP 301 redirect to any client which sends
|
|
// a HTTP request to us. This is commented out by default:
|
|
//loadmodule "webredir";
|
|
//set {
|
|
// webredir {
|
|
// url "https://...";
|
|
// }
|
|
//}
|
|
|
|
// This adds websocket support. For more information, see:
|
|
// https://www.unrealircd.org/docs/WebSocket_support
|
|
loadmodule "websocket";
|
|
|
|
// This module will detect and stop spam containing of characters of
|
|
// mixed "scripts", where (for example) some characters are in
|
|
// Latin script and other characters are in Cyrillic script.
|
|
loadmodule "antimixedutf8";
|
|
set {
|
|
antimixedutf8 {
|
|
/* Take action at this 'score' (lower = more sensitive)
|
|
*
|
|
* A score of 2 or 3 will catch a lot but also
|
|
* catch innocent users who are not using a pure
|
|
* Latin script, such as Russian people who
|
|
* commonly use a mix of Latin and Cyrillic.
|
|
*
|
|
* A score of 8 is a safe default.
|
|
*/
|
|
score 8;
|
|
|
|
/* Action to take, see:
|
|
* https://www.unrealircd.org/docs/Actions
|
|
*/
|
|
ban-action block;
|
|
|
|
/* Block/kill/ban reason (sent to user) */
|
|
ban-reason "Mixed character spam";
|
|
|
|
/* Duration of ban (does not apply to block/kill) */
|
|
ban-time 4h; // For other types
|
|
}
|
|
}
|