egghelp/eggheads community

Ban or gline/kline users connecting from IPs in the list.

2020-07-16T03:55:23-04:00

If your server is on Linux I would go with a different approach: firewall.

I would first create an IP set with ipset (replace blacklist with whatever you want):

Code:

ipset create blacklist hash:net

tell iptables to drop any connection from any IP that is in this blacklist set:

Code:

iptables -I PREROUTING -t raw -m set --match-set blacklist src,dst -j DROP

and populate the blacklist with data by telling it to flush previous (if any) data and load stuff from a text file:

Code:

ipset flush blacklistipset restore -! < blacklist.txt

The blacklist.txt file has to be in this format:

Code:

create blacklist hash:net family inet hashsize 8192 maxelem 65536add badips x.x.x.xadd badips x.x.x.xadd badips x.x.x.xand so on

I got something similar (repo on Github) for script kiddies that keep on trying to brute-force their way in my server via the SSH service.

If you don't want to use this and want to stick with an eggdrop then I would proly use something like:

Code:

proc lookup {str} {set match 0set fh [open "blacklist.txt" "r"]set data [read -nonewline $fh]close $fhforeach line $data {if {[string equal $line $str]} {incr matchbreak}}return $match}

and trigger the glines when and if needed.

Code:

bind join * join:checkproc join:check {nick uhost hand chan} {scan $uhost {%[^@]@%s} user hostif {[lookup $host]} {# add the gline line}}

Statistics: Posted by caesar — Thu Jul 16, 2020 3:55 am

Ban or gline/kline users connecting from IPs in the list.

2020-07-16T02:39:34-04:00

Also, as you said, the UnrealIRCD ban blocks would be hectic to put all the ips creating the block for each. Or, is there a way to make the UnrealIRCD ban block read the list?

I really thought Eggdrop could do this task at ease as it is one of the powerful IRC bot I have seen so far.

If you have a file with all IPs, you can simply modify it with a good text editor (as notepad++ or pspad), or sed, to create an unrealircd comprehensive file that you'll include in your conf.
Just replace:

Code:

^(.*)$

with:

Code:

ban user { mask *@$1; reason "Denied IP"; };

(note that it may be $1 or \1 depending on the editor you use).

If you want to manage it with eggdrop:

Code:

set fi [open "ips.txt" "r"]set ips [read -nonewline $fi]close $fiforeach ip [split $ips "\n"] {   putserv "gzline *@$ip +0 :Denied IP"}

Statistics: Posted by CrazyCat — Thu Jul 16, 2020 2:39 am

Ban or gline/kline users connecting from IPs in the list.

2020-07-15T20:38:06-04:00

Did you try using the options of the unrealircd config ?

Not doubting you or anything, but just saying there is some handy stuff in there

Statistics: Posted by ComputerTech — Wed Jul 15, 2020 8:38 pm

Ban or gline/kline users connecting from IPs in the list.

2020-07-15T20:01:20-04:00

Finally, my thread got some replies.

Thanks simo, That's the right user connecting syntax (ssl and non-ssl) for UnrealIRCD.

caesar: Actually someone has really abused my IRC server using VPNs. It's really getting in the nerves.

CrazyCat: I went through that discussion too. It was not much of help as the module requested was not made. Also, as you said, the UnrealIRCD ban blocks would be hectic to put all the ips creating the block for each. Or, is there a way to make the UnrealIRCD ban block read the list?

I really thought Eggdrop could do this task at ease as it is one of the powerful IRC bot I have seen so far.

Statistics: Posted by TimeRider — Wed Jul 15, 2020 8:01 pm

Ban or gline/kline users connecting from IPs in the list.

2020-07-10T01:57:57-04:00

We had a discussion in urealircd forum concerning VPN: https://forums.unrealircd.org/viewtopic.php?f=54&t=8970

Statistics: Posted by CrazyCat — Fri Jul 10, 2020 1:57 am

Ban or gline/kline users connecting from IPs in the list.

2020-07-10T00:43:20-04:00

Well, the role of the VPN is to make the person behind it be somewhat anonymous, so on your server it could look like someone nice or some prick that's in for some trouble. Until he/she takes the first action you can't really tell who's who.

So, bottom line is that if you get too much abuse from the same VPN provider then just gline it.

Statistics: Posted by caesar — Fri Jul 10, 2020 12:43 am

Ban or gline/kline users connecting from IPs in the list.

2020-07-09T12:15:32-04:00

that was the first thing i thought of caesar but the thing is there isnt such a monitoring tool yet for vpn monitoring else of course that would be prefered as crazycat already mentioned there is only the usual dnsbl monitoring wich doesnt including vpn or not by design anyway

Statistics: Posted by simo — Thu Jul 09, 2020 12:15 pm

Ban or gline/kline users connecting from IPs in the list.

2020-07-09T09:29:19-04:00

Ah, then CrazyCat is right. Should do this on the server end via a module or something than rely on a bot that reads a text file each time someone connects.

Can't you recommend some modules simo?

Statistics: Posted by caesar — Thu Jul 09, 2020 9:29 am

Ban or gline/kline users connecting from IPs in the list.

2020-07-09T08:48:50-04:00

its unreal5 caesar

syntax is:

for ssl
*** Client connecting: NICK (IDENT@HOST) [IP] {clients} [secure ECDHE-RSA-AES256-GCM-SHA384]

for non ssl
*** Client connecting: NICK (IDENT@HOST) [IP] {clients}

there is another thing ive seen his list it also has cidr ranges

im not sure how that would compare against connecting IPS wich are normal IPS

he asked me to help basically he wants to decrease the ammount of vpn ips used to connect as they are mainly used for abuse

for example:

for ipv6:
2a0a:5ec0::/29

for ipv4:
2.56.16.0/22

Statistics: Posted by simo — Thu Jul 09, 2020 8:48 am

Ban or gline/kline users connecting from IPs in the list.

2020-07-09T00:44:15-04:00

Bad idea imho.
Unrealircd can manage that directly with the ban blocks, it will be more efficient.

Statistics: Posted by CrazyCat — Thu Jul 09, 2020 12:44 am

Ban or gline/kline users connecting from IPs in the list.

2020-07-09T00:43:37-04:00

Post an example of an user connecting to the network to see the syntax.

Statistics: Posted by caesar — Thu Jul 09, 2020 12:43 am

Ban or gline/kline users connecting from IPs in the list.

2020-07-08T18:41:57-04:00

Hello everyone, I have a huge list of IPs in .txt format that I would like to be blocked(gline/kline) in my Unrealircd server by eggdrop. So, basically I want a script where the eggdrop would oper up and see/scan if the user is connecting from the IPs in the list (ips.txt).

Can someone help me into this?

Thank you!

Statistics: Posted by TimeRider — Wed Jul 08, 2020 6:41 pm