Anope IRC Services

Anope.org => General Chat => Topic started by: CrazyCat on November 08, 2018, 09:40:02 AM

Title: the heavy spam attack (called "#freenodegate")
Post by: CrazyCat on November 08, 2018, 09:40:02 AM
Hi there,

I guess you suffer of this attack which seems to be a personnal vendetta. I don't know how you manage it, but I want to share the protection I used.

My network is based on UnrealIRCD 4.0.17 and Anope 2.0.5.

First, I've a dnsbl (see attached file blacklist.conf). I use the unreal module, but it also works with the anope' one.

On Unreal, I've add m_listrestrict to forbid unregistered users to do a /list immediately. The last version has an interesting feature: sending a fake list and gline people joining the fake(s) channel(s).

I also sets nickserv to restrict registration :
Code: [Select]
forceemail = yes
nickregdelay = 60s
maxemails = 1

And I set various spamfilters (UnrealIRCD feature):
Code: [Select]
spamfilter {
   match-type simple;
   match "*ATTN*";
   target { private; channel; private-notice; channel-notice; };
   reason: "No spamming here";
   action: gzline;
   ban-time 7d;
}
spamfilter {
   match-type simple;
   match "*freenodegate*";
   target { private; channel; channel-notice; quit; };
   reason: "No spamming here";
   action: gzline;
   ban-time 7d;
}
The first is to gline messages like : "/!\ ATTΝ: Thiѕ channeⅼ hаѕ mоved to irϲ.freеᥒоdᥱ.nеt #∕joіn /ǃ\" (the first sentence sent by bots), the second is to gline messages and quit messages containing "freenodegate".

It seems to work. Notice that the ban-time for all the sanctions concerning this attack is 7d, and I always have new bot coming, but they (actually) can't do anything.
I'm impressed with the size of the botnet they used. I say "they" but it may be only meepsheep (https://twitter.com/meepsheepkthnx).

Hope this post will help you.