This commit is contained in:
Illya Marchenko 2021-10-12 02:40:30 +03:00
commit ba255c481a
31 changed files with 17584 additions and 0 deletions

3
.gitignore vendored Normal file
View File

@ -0,0 +1,3 @@
.idea
conf/tls/*.pem
conf/unrealircd.conf

21
Dockerfile Normal file
View File

@ -0,0 +1,21 @@
FROM debian:unstable-slim as builder_source
RUN apt-get update && apt-get install -y \
&& apt-get install -y git build-essential pkg-config libssl-dev libpcre2-dev libargon2-0-dev libsodium-dev libc-ares-dev libcurl4-openssl-dev \
&& rm -rf /var/lib/apt/lists/*
WORKDIR /opt
RUN git clone https://github.com/unrealircd/unrealircd.git --depth 1 . \
&& ./configure --with-showlistmodes --enable-ssl --with-bindir=/app/bin --with-datadir=/app/data --with-pidfile=/app/data/unrealircd.pid --with-confdir=/app/conf --with-modulesdir=/app/modules --with-logdir=/app/logs --with-cachedir=/app/cache --with-docdir=/app/doc --with-tmpdir=/app/tmp --with-privatelibdir=/app/lib --with-scriptdir=/app --with-nick-history=2000 --with-permissions=0600 --enable-dynamic-linking \
&& make -j4 \
&& make install \
&& rm /app/source \
&& cp /app/conf/examples/example.conf /app/conf/unrealircd.conf
FROM builder_source AS builder_binary
COPY --from=builder_source /app /app
WORKDIR /app
RUN useradd unrealircd \
&& chown unrealircd:unrealircd -R /app
USER unrealircd
CMD /app/unrealircd start \
&& until ! [ -f /app/data/unrealircd.pid ]; do sleep 60; done

2
README.md Normal file
View File

@ -0,0 +1,2 @@
docker-compose build --no-cache
docker run -d -p 127.0.0.1:6900:6900 -p 127.0.0.1:6697:6697 -p 127.0.0.1:6667:6667 -v /${PWD}/conf/:/app/conf --name unrealircd unrealircd_ircd -it /bin/bash

43
conf/aliases/aliases.conf Normal file
View File

@ -0,0 +1,43 @@
/* Standard Aliases */
alias identify {
format "^#" {
target chanserv;
type services;
parameters "IDENTIFY %1-";
}
format "^[^#]" {
target nickserv;
type services;
parameters "IDENTIFY %1-";
}
type command;
}
alias services {
format "^#" {
target chanserv;
type services;
parameters "%1-";
}
format "^[^#]" {
target nickserv;
type services;
parameters "%1-";
}
type command;
}
alias register {
format "^#" {
target chanserv;
type services;
parameters "REGISTER %1-";
}
format "^[^#]" {
target nickserv;
type services;
parameters "REGISTER %1-";
}
type command;
}

17
conf/aliases/anope.conf Normal file
View File

@ -0,0 +1,17 @@
/* Anope Aliases */
alias nickserv { type services; }
alias ns { target nickserv; type services; }
alias chanserv { type services; }
alias cs { target chanserv; type services; }
alias memoserv { type services; spamfilter yes; }
alias ms { target memoserv; type services; spamfilter yes; }
alias operserv { type services; }
alias os { target operserv; type services; }
alias botserv { type services; }
alias bs { target botserv; type services; }
alias hostserv { type services; }
alias hs { target hostserv; type services; }
include "aliases/aliases.conf";

26
conf/aliases/atheme.conf Normal file
View File

@ -0,0 +1,26 @@
/* Atheme Aliases */
alias nickserv { type services; }
alias ns { target nickserv; type services; }
alias chanserv { type services; }
alias cs { target chanserv; type services; }
alias memoserv { type services; spamfilter yes; }
alias ms { target memoserv; type services; spamfilter yes; }
alias operserv { type services; }
alias os { target operserv; type services; }
alias helpserv { type services; }
alias botserv { type services; }
alias bs { target botserv; type services; }
alias hostserv { type services; }
alias hs { target hostserv; type services; }
alias saslserv { type services; }
alias sss { target saslserv; type services; }
alias gameserv { type services; }
alias gms { target gameserv; type services; }
alias groupserv { type services; }
alias grs { target groupserv; type services; }
alias alis { type services; }
alias ls { target alis; type services; }
include "aliases/aliases.conf";

33
conf/aliases/auspice.conf Normal file
View File

@ -0,0 +1,33 @@
/* Auspice Aliases */
/* Uncomment this, if you have enabled "MassServ, W and X" in auspice */
# alias massserv { type services; }
# alias ma { target massserv; type services; }
# alias W { type services; }
# alias X { type services; }
/* Uncomment this, if you have enabled "WebServ" in auspice */
# alias webserv { type services; }
# alias ws { target webserv; type services; }
alias agent { type services; }
alias adminserv { type services; }
alias as { target adminserv; type services; }
alias botserv { type services; }
alias bs { target botserv; type services; }
alias chanserv { type services; }
alias cs { target chanserv; type services; }
alias helpserv { type services; }
alias hs { target helpserv; type services; }
alias hostserv { type services; }
alias ho { target hostserv; type services; }
alias memoserv { type services; spamfilter yes; }
alias ms { target memoserv; type services; spamfilter yes; }
alias nickserv { type services; }
alias ns { target nickserv; type services; }
alias operserv { type services; }
alias os { target operserv; type services; }
alias rootserv { type services; }
alias rs { target rootserv; type services; }
include "aliases/aliases.conf";

12
conf/aliases/cygnus.conf Normal file
View File

@ -0,0 +1,12 @@
/* Cygnus Aliases */
alias nickserv { type services; }
alias ns { target nickserv; type services; }
alias chanserv { type services; }
alias cs { target chanserv; type services; }
alias memoserv { type services; spamfilter yes; }
alias ms { target memoserv; type services; spamfilter yes; }
alias rootserv { type services; }
alias rs { target rootserv; type services; }
include "aliases/aliases.conf";

16
conf/aliases/epona.conf Normal file
View File

@ -0,0 +1,16 @@
/* Epona Aliases */
alias nickserv { type services; }
alias ns { target nickserv; type services; }
alias chanserv { type services; }
alias cs { target chanserv; type services; }
alias memoserv { type services; spamfilter yes; }
alias ms { target memoserv; type services; spamfilter yes; }
alias operserv { type services; }
alias os { target operserv; type services; }
alias helpserv { type services; }
alias hs { target helpserv; type services; }
alias botserv { type services; }
alias bs { target botserv; type services; }
include "aliases/aliases.conf";

14
conf/aliases/generic.conf Normal file
View File

@ -0,0 +1,14 @@
/* Generic Aliases */
alias nickserv { type services; }
alias ns { target nickserv; type services; }
alias chanserv { type services; }
alias cs { target chanserv; type services; }
alias memoserv { type services; spamfilter yes; }
alias ms { target memoserv; type services; spamfilter yes; }
alias operserv { type services; }
alias os { target operserv; type services; }
alias helpserv { type services; }
alias hs { target helpserv; type services; }
include "aliases/aliases.conf";

View File

@ -0,0 +1,4 @@
/* Generic StatServ Aliases */
alias statserv { type stats; }
alias ss { target statserv; type stats; }

View File

@ -0,0 +1,17 @@
/* IRCServices Aliases */
alias nickserv { type services; }
alias ns { target nickserv; type services; }
alias chanserv { type services; }
alias cs { target chanserv; type services; }
alias memoserv { type services; spamfilter yes; }
alias ms { target memoserv; type services; spamfilter yes; }
alias operserv { type services; }
alias os { target operserv; type services; }
alias helpserv { type services; }
alias hs { target helpserv; type services; }
alias irciihelp { type services; }
alias statserv { type services; }
alias ss { target statserv; type services; }
include "aliases/aliases.conf";

View File

@ -0,0 +1,6 @@
/* OperStats Aliases */
alias operserv { type stats; }
alias os { target operserv; type stats; }
alias statserv { type stats; }
alias ss { target statserv; type stats; }

51
conf/badwords.conf Normal file
View File

@ -0,0 +1,51 @@
/*
Unreal Internet Relay Chat Daemon
Copyright (C) Carsten V. Munk 2000
NOTE: Those words are not meant to insult you (the user)
but is meant to be a list of words so that the +G channel/user mode
will work properly. You can easily modify this file at your will.
If you got words to add to this file, please mail badwords@tspre.org
This is some filling space, scroll down to see the words
*/
badword all { word "pussy"; }
badword all { word "fuck"; }
badword all { word "whore"; }
badword all { word "slut"; }
badword all { word "shit"; }
badword all { word "asshole"; }
badword all { word "bitch"; }
badword all { word "cunt"; }
badword all { word "vagina"; }
badword all { word "penis"; }
badword all { word "jackass"; }
badword all { word "*fucker*"; }
badword all { word "faggot"; }
badword all { word "fag"; }
badword all { word "horny"; }
badword all { word "dickhead"; }
badword all { word "sonuvabitch"; }
badword all { word "*fuck*"; }
badword all { word "tits"; }

42
conf/dccallow.conf Normal file
View File

@ -0,0 +1,42 @@
/* Example of a possible semi-secure /DCCALLOW configuration written by Syzop.
* $Id$
*
* Actually nothing is *100% secure*... there could still be
* bugs in the software itself (think: a winamp bug that can
* be exploited via an mp3, or: a wmplayer bug that can be
* exploited via a specially crafted .wmv, etc..).
* If you are really that paranoid you could just remove
* all 'allow dcc'-blocks and prompt the user for EVERY file ;).
*
* Still, I think this file is a good tradeoff between userfriendlyness
* and security. Note that when you try to only DENY specific
* file type (exe, com, etc) you are *guaranteed* to miss ones
* (like: did you know .r17 gets treated as a rar archive?
* and that an exe can be disguished as .cmd which is executable
* on nt/w2k/xp?)
*/
/* first.. deny everything, then allow known-good stuff... */
deny dcc { filename "*"; reason "Possible executable content"; soft yes; }
/* common image formats */
allow dcc { filename "*.jpg"; soft yes; }
allow dcc { filename "*.jpeg"; soft yes; }
allow dcc { filename "*.gif"; soft yes; }
allow dcc { filename "*.png"; soft yes; }
allow dcc { filename "*.bmp"; soft yes; }
/* audio / video (but not scripted/playlists!) */
allow dcc { filename "*.mp1"; soft yes; }
allow dcc { filename "*.mp2"; soft yes; }
allow dcc { filename "*.mp3"; soft yes; }
allow dcc { filename "*.mpg"; soft yes; }
allow dcc { filename "*.mpeg"; soft yes; }
allow dcc { filename "*.m1v"; soft yes; }
allow dcc { filename "*.m2v"; soft yes; }
allow dcc { filename "*.vob"; soft yes; }
allow dcc { filename "*.wav"; soft yes; }
/* text / misc */
allow dcc { filename "*.txt"; soft yes; }
allow dcc { filename "*.log"; soft yes; }
allow dcc { filename "*.pdf"; soft yes; }
allow dcc { filename "*.c"; soft yes; }
allow dcc { filename "*.cpp"; soft yes; }

1463
conf/help/help.conf Normal file

File diff suppressed because it is too large Load Diff

1385
conf/help/help.de.conf Normal file

File diff suppressed because it is too large Load Diff

1465
conf/help/help.es.conf Normal file

File diff suppressed because it is too large Load Diff

1407
conf/help/help.fr.conf Normal file

File diff suppressed because it is too large Load Diff

1311
conf/help/help.it.conf Normal file

File diff suppressed because it is too large Load Diff

1462
conf/help/help.nl.conf Normal file

File diff suppressed because it is too large Load Diff

1494
conf/help/help.pl.conf Normal file

File diff suppressed because it is too large Load Diff

1477
conf/help/help.ru.conf Normal file

File diff suppressed because it is too large Load Diff

1328
conf/help/help.tr.conf Normal file

File diff suppressed because it is too large Load Diff

237
conf/modules.default.conf Normal file
View File

@ -0,0 +1,237 @@
/* This file will load (nearly) all modules available on UnrealIRCd.
* So all commands, channel modes, user modes, etc..
*
* If you want to have all UnrealIRCd functionality, then include this
* file from your unrealircd.conf by using:
* include "modules.default.conf";
*
* DO NOT EDIT THIS FILE! IT WILL BE OVERWRITTEN DURING NEXT UPGRADE!!
* If you want to customize the modules to load you have two options:
* 1) Keep the include for modules.default.conf as usual and make use
* of blacklist-module "xyz"; to selectively disable modules.
* See https://www.unrealircd.org/docs/Blacklist-module_directive
* 2) OR, make a copy of this file (eg: name it modules.custom.conf)
* and edit it. Then include that file from your unrealircd.conf
* instead of this one.
* The downside of option #2 is that you will need to track changes
* in the original modules.default.conf with each new UnrealIRCd
* release to make sure you don't miss any new functionality (as new
* important modules may be added you need to add them to your conf).
* You don't have this problem with option #1.
*/
/*** Cloaking (for user mode +x) ***/
loadmodule "cloak";
/*** Commands ***/
// User commands (MINIMAL)
// These provide just the minimal set of IRC commands that are
// required by RFC1459 along with WATCH and MAP.
loadmodule "admin";
loadmodule "away";
loadmodule "invite";
loadmodule "ison";
loadmodule "join";
loadmodule "kick";
loadmodule "links";
loadmodule "list";
loadmodule "lusers";
loadmodule "map";
loadmodule "message";
loadmodule "mode";
loadmodule "motd";
loadmodule "names";
loadmodule "nick";
loadmodule "part";
loadmodule "pass";
loadmodule "pingpong";
loadmodule "protoctl";
loadmodule "quit";
loadmodule "rules";
loadmodule "topic";
loadmodule "user";
loadmodule "userhost";
loadmodule "watch";
loadmodule "whox";
loadmodule "whois";
loadmodule "whowas";
// User commands (EXTENDED)
// These are commands that provide extended functionality.
loadmodule "botmotd";
loadmodule "cap";
loadmodule "cycle";
loadmodule "dccallow";
loadmodule "help";
loadmodule "knock";
loadmodule "lag";
loadmodule "sasl";
loadmodule "setname";
loadmodule "silence";
loadmodule "starttls";
loadmodule "time";
loadmodule "userip";
loadmodule "vhost";
loadmodule "history";
// IRC Operator commands
// Note: several of these like kill are also server-to-server commands
// which are required if you link to other servers.
loadmodule "addmotd";
loadmodule "addomotd";
loadmodule "chghost";
loadmodule "chgident";
loadmodule "chgname";
loadmodule "close";
loadmodule "connect";
loadmodule "squit";
loadmodule "dccdeny";
loadmodule "globops";
loadmodule "kill"; /* also server-to-server */
loadmodule "locops";
loadmodule "mkpasswd";
loadmodule "oper";
loadmodule "opermotd";
loadmodule "sajoin";
loadmodule "samode";
loadmodule "sapart";
loadmodule "sdesc";
loadmodule "sethost";
loadmodule "setident";
loadmodule "stats";
loadmodule "tkl"; /* also server-to-server */
loadmodule "trace";
loadmodule "tsctl";
loadmodule "unsqline";
loadmodule "wallops";
loadmodule "jumpserver";
// Server-to-server commands
// Don't remove these, unless you never link to other servers.
loadmodule "eos";
loadmodule "md";
loadmodule "netinfo";
loadmodule "server";
loadmodule "sjoin";
loadmodule "sqline";
loadmodule "swhois";
loadmodule "umode2";
loadmodule "sinfo";
loadmodule "require-module";
// Services commands
// You could disable these if you don't use Services
// https://www.unrealircd.org/docs/Services
loadmodule "sendsno";
loadmodule "sendumode";
loadmodule "svsjoin";
loadmodule "svskill";
loadmodule "svslusers";
loadmodule "svsmode";
loadmodule "svsmotd";
loadmodule "svsnick";
loadmodule "svsnline";
loadmodule "svsnolag";
loadmodule "svsnoop";
loadmodule "svspart";
loadmodule "svssilence";
loadmodule "svssno";
loadmodule "svswatch";
/*** Channel modes ***/
loadmodule "chanmodes/floodprot"; /* +f */
loadmodule "chanmodes/nocolor"; /* +c */
loadmodule "chanmodes/noctcp"; /* +C */
loadmodule "chanmodes/stripcolor"; /* +S */
loadmodule "chanmodes/issecure"; /* +Z */
loadmodule "chanmodes/permanent"; /* +P */
loadmodule "chanmodes/link"; /* +L */
loadmodule "chanmodes/censor"; /* +G */
loadmodule "chanmodes/delayjoin"; /* +D */
loadmodule "chanmodes/noknock"; /* +K */
loadmodule "chanmodes/noinvite"; /* +V */
loadmodule "chanmodes/operonly"; /* +O */
loadmodule "chanmodes/nonotice"; /* +T */
loadmodule "chanmodes/regonly"; /* +R */
loadmodule "chanmodes/nonickchange"; /* +N */
loadmodule "chanmodes/nokick"; /* +Q */
loadmodule "chanmodes/regonlyspeak"; /* +M */
loadmodule "chanmodes/secureonly"; /* +z */
loadmodule "chanmodes/history"; /* +H */
/*** User modes ***/
loadmodule "usermodes/bot"; /* +B (mark yourself as a bot) */
loadmodule "usermodes/servicebot"; /* +S (service bot) */
loadmodule "usermodes/noctcp"; /* +T (block CTCP's) */
loadmodule "usermodes/censor"; /* +G (censor bad words) */
loadmodule "usermodes/showwhois"; /* +W (show if someone does /WHOIS) */
loadmodule "usermodes/privacy"; /* +p (privacy, hide channels in /WHOIS) */
loadmodule "usermodes/nokick"; /* +q (unkickable oper) */
loadmodule "usermodes/regonlymsg"; /* +R (only registered users may private message you) */
loadmodule "usermodes/secureonlymsg"; /* +Z (only SSL/TLS users may private message you) */
loadmodule "usermodes/privdeaf"; /* +D (don't let other user PM you) */
/*** Server notice masks */
loadmodule "snomasks/dccreject"; /* +D (rejected DCC's) */
/*** Extended Bans ***/
loadmodule "extbans/join"; /* +b ~j (prevent only joins) */
loadmodule "extbans/quiet"; /* +b ~q (prevent only messaging) */
loadmodule "extbans/nickchange"; /* +b ~n (prevent only nick changes) */
loadmodule "extbans/realname"; /* +b ~r (ban by real name) */
loadmodule "extbans/account"; /* +b ~a (ban/exempt if logged in with services account) */
loadmodule "extbans/inchannel"; /* +b ~c (ban/exempt if in channel) */
loadmodule "extbans/operclass"; /* +b ~O (ban/exempt by operclass) */
loadmodule "extbans/certfp"; /* +b ~S (ban/exempt by certfp) */
loadmodule "extbans/textban"; /* +b ~T (censor or block text) */
loadmodule "extbans/msgbypass"; /* +e ~m (bypass message restrictions) */
loadmodule "extbans/timedban"; /* +b ~t (timed bans / temporary bans) */
loadmodule "extbans/partmsg"; /* +b ~p (hide part/quit message) */
loadmodule "extbans/securitygroup"; /* +b ~G (security group) */
/** IRCv3 extensions */
loadmodule "account-notify"; /* send ACCOUNT message upon services account login */
loadmodule "message-tags"; /* add tags to messages, required for various IRCv3 features */
loadmodule "batch"; /* also required for several IRCv3 features */
loadmodule "server-time"; /* adds server timestamp to various messages */
loadmodule "message-ids"; /* adds unique msgid to various messages */
loadmodule "account-tag"; /* adds services account information to messages */
loadmodule "echo-message"; /* shows clients if their messages are altered/filtered */
loadmodule "labeled-response"; /* correlate requests and responses easily */
loadmodule "bot-tag"; /* indicate the message comes from a bot (draft/bot) */
loadmodule "typing-indicator"; /* typing indicator in PM and channels (+typing) */
loadmodule "reply-tag"; /* indicate to which message you are responding (+draft/reply) */
loadmodule "clienttagdeny"; /* informs clients about supported client-only message tags */
loadmodule "sts"; /* strict transport policy (set::tls::sts-policy) */
loadmodule "link-security"; /* link-security announce */
loadmodule "plaintext-policy"; /* plaintext-policy announce */
loadmodule "chathistory"; /* CHATHISTORY client command, 005 and a CAP (draft) */
/*** Other ***/
// These are modules that don't fit in any of the previous sections
loadmodule "ident_lookup"; /* Ident lookups if set::options::identd-check is set*/
loadmodule "certfp"; /* SSL/TLS certificate fingerprint in /WHOIS (& more) */
loadmodule "tls_antidos"; /* prevent TLS DoS (renegotiate floods) */
loadmodule "webirc"; /* WEBIRC command. See webirc block. */
loadmodule "blacklist"; /* Blacklist support (DNSBL). See blacklist block. */
loadmodule "jointhrottle"; /* set::anti-flood::join-flood (previously chanmode +j) */
loadmodule "charsys"; /* Provides set::allowed-nickchars (must always be loaded!) */
loadmodule "authprompt"; /* Authentication prompt, see set::authentication-prompt */
loadmodule "history_backend_mem"; /* History storage backend (used by chanmodes/history) */
loadmodule "tkldb"; /* Write TKLines to .db file */
loadmodule "channeldb"; /* Write channel settings to .db file (+P channels only) */
loadmodule "rmtkl"; /* Easily remove *-Lines in bulk with /RMTKL */
loadmodule "restrict-commands"; /* Provides set::restrict-commands settings */
loadmodule "reputation"; /* used by Connthrottle and others, see next */
loadmodule "connthrottle"; /* see https://www.unrealircd.org/docs/Connthrottle */
loadmodule "userip-tag"; /* unrealircd.org/userip tag for ircops */
loadmodule "userhost-tag"; /* unrealircd.org/userhost tag for ircops */
loadmodule "targetfloodprot"; /* set::anti-flood::target-flood protection */

183
conf/modules.optional.conf Normal file
View File

@ -0,0 +1,183 @@
/* This file will load all optional modules. These are features that
* not everyone will use or are considered experimental.
* You can include this file from your unrealircd.conf like this:
* include "modules.optional.conf";
* OR... and this is probably a better idea... you can copy-paste it
* to another file where you do your own customizations.
*
* DO NOT EDIT THIS FILE! IT WILL BE OVERWRITTEN DURING NEXT UPGRADE!!
* If you want to customize, make a copy of this file (for example
* name it modules.custom.conf) and edit it.
* Then include that file from your unrealircd.conf instead of this one.
*/
/*** Commands ***/
// This add the /IRCOPS command: A more visual way for users
// to see which IRCOps are online.
loadmodule "ircops";
// This adds the /STAFF command: This command simply displays
// a text file that you can configure here:
loadmodule "staff";
set { staff-file "network.staff"; }
/*** Channel modes ***/
// The following module ('nocodes') is not a true channel mode.
// It simply enhances the existing channel mode +S/+c to include
// stripping/blocking of bold, underline and italic text.
loadmodule "nocodes";
/*** Other ***/
// The hideserver module will hide /MAP and /LINKS to regular users.
// It does not truly enhance security as server names can still be
// seen at other places.
// Comment out the following line to enable this:
// loadmodule "hideserver";
// The antirandom module will kill or *line users that have a nick,
// ident and/or realname that is considered "random".
// This helps to combat simple botnets/drones.
// Note that failure to set the right settings may ban innocent users.
// This is especially true if you are on a non-English network where
// the module may consider a sequence of characters "random" even though
// it is a perfectly pronounceable word in your language.
loadmodule "antirandom";
set {
antirandom {
/* THRESHOLD:
* This is pretty much the most important setting of all.
* For every randomly looking ident the user gets a certain amount of
* 'points', if this value reaches 'threshold' then the appropriate
* action is taken (killed, *lined, see later on).
* lower = more randomly looking users will be catched (but also more
* innocent users)
* higher = less chance of innocent users getting killed, but also less
* chance on bots getting catched.
* <2: DON'T!!
* 4: Works good, probably a few more innocent kills but if you got
* quite a bot problem then this might be a useful setting.
* 5: Works well with few innocent kills, probably good to begin with.
* 6: If you want to be a tad more careful
* >6: For the paranoid. Module can still be quite effective, though :)
*/
threshold 7;
/* BAN-ACTION:
* Action to take whenever the user is catched as random, options:
* warn, kill, gline, gzline, kline, zline, shun, tempshun
*/
ban-action kill;
/* BAN-TIME:
* Time to ban the user (irrelevant for tempshun/kill).
* Something between 1 hour and 2 days is recommended.
* If you set it higher than 3 or 4 days then you get quite a risk
* of catching innocent users due to dynamic IP, not to mention
* your *line list gets filled up... so choose it wisely.
*/
ban-time 4h;
/* BAN-REASON:
* The ban (or kill) reason to use.
* You might want to put in an entry to a FAQ or an email address
* where users can mail if they have been catched and don't know what to do.
* NOTE: One of the various reasons that ""innocent users"" are catched is
* if they just randomly type in info for their nick, ident, or realname.
*/
ban-reason "You look like a bot. Be sure to fill in your nick/ident/realname properly.";
/* CONVERT-TO-LOWERCASE:
* Convert nicks, idents, and realnames to lowercase before doing random checks?
* This has not been tested extensively for false positives, but might be (very)
* helpful to catch GnStA5FYhiTH51TUkf style random nicks as random.
* Enabled by default.
*/
convert-to-lowercase yes;
/* FULLSTATUS-ON-LOAD:
* If enabled, then upon loading it will check all users that are currently
* connected and give a status report about who it would have killed.
* Note that it doesn't actually kill any currently connected users, it is for
* informative purposes only.
* This can be (very) useful if you use the module for the first time.
* But you probably want to disable it after a while, since once the module
* is actively dealing with randomly looking persons, it shouldn't report any
* users anymore on load and then this check only eats useless CPU on /REHASH.
* Enabled by default.
*/
fullstatus-on-load yes;
/* SHOW-FAILEDCONNECTS:
* This will send out a notice whenever a randomly looking user has been catched
* during connecting. Obviously this can be pretty noisy.
* Especially recommended to enable during the first few days you use this module.
*/
show-failedconnects yes;
/* EXCEPT-HOSTS:
* Hostmasks on this list are matched against the IP and hostname of the connecting
* user. If it matches then we do not check if the nick/ident/realname is random.
* NOTE: Use the REAL host or IP here, not any cloaked hosts!
*/
except-hosts {
mask 192.168.0.0/16;
mask 127.0.0.0/8;
}
/* EXCEPT-WEBIRC:
* This will make antirandom not check connections from WEBIRC gateways.
* ( see https://www.unrealircd.org/docs/WebIRC_block )
* It seems WEBIRC connections frequently cause false positives so the
* default is 'yes'.
*/
except-webirc yes;
}
}
// This module will send a HTTP 301 redirect to any client which sends
// a HTTP request to us. This is commented out by default:
//loadmodule "webredir";
//set {
// webredir {
// url "https://...";
// }
//}
// This adds websocket support. For more information, see:
// https://www.unrealircd.org/docs/WebSocket_support
loadmodule "websocket";
// This module will detect and stop spam containing of characters of
// mixed "scripts", where (for example) some characters are in
// Latin script and other characters are in Cyrillic script.
loadmodule "antimixedutf8";
set {
antimixedutf8 {
/* Take action at this 'score' (lower = more sensitive)
*
* A score of 2 or 3 will catch a lot but also
* catch innocent users who are not using a pure
* Latin script, such as Russian people who
* commonly use a mix of Latin and Cyrillic.
*
* A score of 8 is a safe default.
*/
score 8;
/* Action to take, see:
* https://www.unrealircd.org/docs/Actions
*/
ban-action block;
/* Block/kill/ban reason (sent to user) */
ban-reason "Mixed character spam";
/* Duration of ban (does not apply to block/kill) */
ban-time 4h; // For other types
}
}

21
conf/modules.sources.list Normal file
View File

@ -0,0 +1,21 @@
#
# This file contains the list of repositories that are used
# by the './unrealircd module' command.
# Note that 3rd party modules are NOT written by the UnrealIRCd team.
# Use such modules at your own risk. In case of problems, contact
# the module author. For more information, see:
# https://www.unrealircd.org/docs/Module_manager
#
#
# This is the unrealircd-contrib repository which is added by default in
# UnrealIRCd 5 to make it easy for users to install 3rd party modules.
# If you are a module coder and want to add your module to this repository
# as well, then read the rules and procedure at:
# https://www.unrealircd.org/docs/Rules_for_3rd_party_modules_in_unrealircd-contrib
#
https://modules.unrealircd.org/modules.list
# You can add more repositories here. However, do note that all
# URLs MUST start with https://

144
conf/operclass.default.conf Normal file
View File

@ -0,0 +1,144 @@
/* This file defines a number of default operclass blocks which you can
* use in your oper blocks (via oper::operclass).
*
* This file is normally included from your unrealircd.conf through:
* include "operclass.default.conf";
*
* The operclass block is extensively documented at:
* https://www.unrealircd.org/docs/Operclass_block
* And the permissions itself (operclass::permissions) at:
* https://www.unrealircd.org/docs/Operclass_permissions
*
* DO NOT EDIT THIS FILE! IT WILL BE OVERWRITTEN DURING NEXT UPGRADE!!
* Instead, if you want to change the permissions in an operclass block,
* you should copy the definition, or this entire file, to either your
* unrealircd.conf or some other file (eg: operclass.conf) that you
* you will include from your unrealircd.conf.
* Then edit it, and while doing so don't forget to change the name
* of your custom operclass block(s), so operclass <name>.
*/
/* Local IRC Operator */
operclass locop {
permissions {
chat;
channel { operonly; override { flood; } }
client { see; }
immune;
self { getbaddcc; opermodes; set; }
server { opermotd; info; close; module; dns; rehash; }
route { local; }
kill { local; }
server-ban {
kline;
zline { local; }
}
}
}
/* Global IRC Operator */
operclass globop {
permissions {
chat;
channel { operonly; see; override { flood; } }
client;
immune;
self { getbaddcc; opermodes; set; }
server { opermotd; info; close; module; dns; rehash;
remote; tsctl { view; } }
route;
kill;
server-ban { dccdeny; shun; zline; kline; gline; }
}
}
/* Server administrator */
operclass admin {
permissions {
chat;
channel { operonly; see; override { flood; } }
client;
immune;
self { getbaddcc; opermodes; set; }
server { opermotd; info; close; module; dns; rehash;
remote; description; addmotd;
addomotd; tsctl { view; } }
route;
kill;
server-ban;
}
}
/* Services Admin */
operclass services-admin {
permissions {
chat;
channel { operonly; see; override { flood; } }
client;
immune;
self { getbaddcc; opermodes; set; }
server { opermotd; info; close; module; dns; rehash;
remote; description; addmotd;
addomotd; tsctl { view; } }
route;
kill;
server-ban;
sacmd;
services;
}
}
/* Network Administrator */
operclass netadmin {
permissions {
chat;
channel { operonly; see; override { flood; } }
client;
immune;
self { getbaddcc; opermodes; set; }
server { opermotd; info; close; module; dns; rehash;
remote; description; addmotd;
addomotd; tsctl; }
route;
kill;
server-ban;
sacmd;
services;
}
}
/* Same as 'globop' operclass, but with OperOverride capabilities added */
operclass globop-with-override {
parent globop;
permissions {
channel { operonly; see; override; }
self { getbaddcc; opermodes; set; unkickablemode; }
}
}
/* Same as 'admin' operclass, but with OperOverride capabilities added */
operclass admin-with-override {
parent admin;
permissions {
channel { operonly; see; override; }
self { getbaddcc; opermodes; set; unkickablemode; }
}
}
/* Same as 'services-admin' operclass, but with OperOverride capabilities added */
operclass services-admin-with-override {
parent services-admin;
permissions {
channel { operonly; see; override; }
self { getbaddcc; opermodes; set; unkickablemode; }
}
}
/* Same as 'netadmin' operclass, but with OperOverride capabilities added */
operclass netadmin-with-override {
parent netadmin;
permissions {
channel { operonly; see; override; }
self { getbaddcc; opermodes; set; unkickablemode; }
}
}

154
conf/spamfilter.conf Normal file
View File

@ -0,0 +1,154 @@
/*
* This configuration file contains example spamfilter rules.
* They are real rules that were useful a long time ago.
* Since 2005 these rules are no longer maintained.
* The main purpose nowadays is to serve as an example
* to give you an idea of how powerful spamfilters can
* be in real-life situations.
*
* Documentation on spamfilter is available at:
* https://www.unrealircd.org/docs/Spamfilter
*/
/* General note:
* If you want to use a \ in a spamfilter, or in fact
* anywhere in the configuration file, then you need
* to escape this to \\ instead.
*/
/* First some spamfilters with match-type 'simple'.
* The only matchers available are * and ?
* PRO's: very fast, easy matching: everyone can do this.
* CON's: limited ability to fine-tune spamfilters
*/
spamfilter {
match-type simple;
match "Come watch me on my webcam and chat /w me :-) http://*:*/me.mpg";
target private;
action gline;
reason "Infected by fyle trojan: see http://www.sophos.com/virusinfo/analyses/trojfylexa.html";
}
/* This signature uses a \ which has to escaped to \\ in the configuration file */
spamfilter {
match-type simple;
match "C:\\WINNT\\system32\\*.zip";
target dcc;
action block;
reason "Infected by Gaggle worm?";
}
spamfilter {
match-type simple;
match "Speed up your mIRC DCC Transfer by up to 75%*www.freewebs.com/mircupdate/mircspeedup.exe";
target private;
action gline;
reason "Infected by mirseed trojan: see http://www.sophos.com/virusinfo/analyses/trojmirseeda.html";
}
spamfilter {
match-type simple;
match "STOP SPAM, USE THIS COMMAND: //write nospam $decode(*) | .load -rs nospam | //mode $me +R";
target private;
action gline;
reason "Infected by nkie worm: see http://www.trojaninfo.com/nkie/nkie.htm";
}
/* Now spamfilters of type 'regex'.
* These use powerful regular expressions (Perl/PCRE style)
* You may have to learn more about "regex" first before you
* can use them. For example the dot ('.') has special meaning.
*/
/* This regex shows a pattern which requires 20 paramaters,
* such as "x x x x x x x x x x x x x x x x x x x x"
*/
spamfilter {
match-type regex;
match "\x01DCC (SEND|RESUME)[ ]+\"(.+ ){20}";
target { private; channel; }
action kill;
reason "mIRC 6.0-6.11 exploit attempt";
}
/* Similarly, this regex shows a pattern that matches
* against at least 225 characters in length.
*/
spamfilter {
match-type regex;
match "\x01DCC (SEND|RESUME).{225}";
target { private; channel; }
action kill;
reason "Possible mIRC 6.12 exploit attempt";
}
/* Earlier you saw an example of a $decode exploit which used
* match-type 'simple' and - indeed - the filter was quite simple.
* The following uses a regex with a similar example.
* Regular expressions are very powerful but here you can see
* that it actually complicates writing a filter quite a bit.
* With regex in this filter we need to escape the ( and all
* the dots, question marks, etc. if we want to match these
* characters in literal text.
*/
spamfilter {
match-type regex;
match "^Want To Be An IRCOp\? Try This New Bug Type: //write \$decode\(.+=.?,m\) \| \.load -rs \$decode\(.+=.?,m\)$";
target private;
action block;
reason "Spamming users with an mIRC trojan. Type '/unload -rs newb' to remove the trojan.";
}
spamfilter {
match-type regex;
match "^http://www\.angelfire\.com/[a-z0-9]+/[a-z0-9]+/[a-z_]+\.jpg <- .*!";
target private;
action block;
reason "Infected by fagot worm: see http://www.f-secure.com/v-descs/fagot.shtml";
}
/* This shows a regex which specifically matches an entire line by
* the use of ^ and $
*/
spamfilter {
match-type regex;
match "^!login Wasszup!$";
target channel;
action gline;
reason "Attempting to login to a GTBot";
}
/* An example of how to match against an IP address in text (IPv4 only) */
spamfilter {
match-type regex;
match "^!packet ([0-9]{1,3}\.){3}[0-9]{1,3} [0-9]{1,15}";
target channel;
action gline;
reason "Attempting to use a GTBot";
}
/* A slightly more complex example with a partial OR matcher (|) */
spamfilter {
match-type regex;
match "(^wait a minute plz\. i am updating my site|.*my erotic video).*http://.+/erotic(a)?/myvideo\.exe$";
target private;
action gline;
reason "Infected by some trojan (erotica?)";
}
/* In regex a \ is special and needs to be escaped to \\
* However in this configuration file, \ is also special and
* needs to be escaped to \\ as well.
* The result is that we need double escaping:
* To match a \ you need to write \\\\ in the configuration file.
*/
spamfilter {
match-type regex;
match "C:\\\\WINNT\\\\system32\\\\(notes|videos|xxx|ManualSeduccion|postal|hechizos|images|sex|avril)\.zip";
target dcc;
action dccblock;
reason "Infected by Gaggle worm";
}

3154
conf/tls/curl-ca-bundle.crt Normal file

File diff suppressed because it is too large Load Diff

View File

@ -0,0 +1,592 @@
/* Configuration file for UnrealIRCd 5
*
* Simply copy this file to your conf/ directory, call it
* 'unrealircd.conf' and walk through it line by line (edit it!)
*
* Important: All lines, except { and } end with an ;
* This is very important, if you miss a ; somewhere then the
* configuration file parser will complain and the file will not
* be processed correctly!
* If this is your first experience with an UnrealIRCd configuration
* file then we really recommend you to read a little about the syntax,
* this only takes a few minutes and will help you a lot:
* https://www.unrealircd.org/docs/Configuration#Configuration_file_syntax
*
* UnrealIRCd 5 documentation (very extensive!):
* https://www.unrealircd.org/docs/UnrealIRCd_5_documentation
*
* Frequently Asked Questions:
* https://www.unrealircd.org/docs/FAQ
*
*/
/* This is a comment, all text here is ignored (comment type #1) */
// This is also a comment, this line is ignored (comment type #2)
# This is also a comment, again this line is ignored (comment type #3)
/* UnrealIRCd makes heavy use of modules. Modules allow you to completely
* customize the featureset you wish to enable in UnrealIRCd.
* See: https://www.unrealircd.org/docs/Modules
*
* By using the include below we instruct the IRCd to read the file
* 'modules.default.conf' which will load more than 150 modules
* shipped with UnrealIRCd. In other words: this will simply load
* all the available features in UnrealIRCd.
* If you are setting up UnrealIRCd for the first time we suggest you
* use this. Then, when everything is up and running you can come
* back later to customize the list (if you wish).
*/
include "modules.default.conf";
/* Now let's include some other files as well:
* - help/help.conf for our on-IRC /HELPOP system
* - badwords.conf for channel and user mode +G
* - spamfilter.conf as an example for spamfilter usage
* (commented out)
* - operclass.default.conf contains some good operclasses which
* you can use in your oper blocks.
*/
include "help/help.conf";
include "badwords.conf";
//include "spamfilter.conf";
include "operclass.default.conf";
/* This is the me { } block which basically says who we are.
* It defines our server name, some information line and an unique "sid".
* The server id (sid) must start with a digit followed by two digits or
* letters. The sid must be unique for your IRC network (each server should
* have it's own sid).
*/
me {
name "irc.example.org";
info "ExampleNET Server";
sid "001";
}
/* The admin { } block defines what users will see if they type /ADMIN.
* It normally contains information on how to contact the administrator.
*/
admin {
"Bob Smith";
"bob";
"email@example.org";
}
/* Clients and servers are put in class { } blocks, we define them here.
* Class blocks consist of the following items:
* - pingfreq: how often to ping a user / server (in seconds)
* - connfreq: how often we try to connect to this server (in seconds)
* - sendq: the maximum queue size for a connection
* - recvq: maximum receive queue from a connection (flood control)
*/
/* Client class with good defaults */
class clients
{
pingfreq 90;
maxclients 1000;
sendq 200k;
recvq 8000;
}
/* Special class for IRCOps with higher limits */
class opers
{
pingfreq 90;
maxclients 50;
sendq 1M;
recvq 8000;
}
/* Server class with good defaults */
class servers
{
pingfreq 60;
connfreq 15; /* try to connect every 15 seconds */
maxclients 10; /* max servers */
sendq 20M;
}
/* Allow blocks define which clients may connect to this server.
* This allows you to add a server password or restrict the server to
* specific IP's only. You also configure the maximum connections
* allowed per IP here.
* See also: https://www.unrealircd.org/docs/Allow_block
*/
/* Allow everyone in, but only 3 connections per IP */
allow {
mask *;
class clients;
maxperip 3;
}
/* Example of a special allow block on a specific IP:
* Requires users on that IP to connect with a password. If the password
* is correct then it permits 20 connections on that IP.
*/
allow {
mask 192.0.2.1;
class clients;
password "somesecretpasswd";
maxperip 20;
}
/* Oper blocks define your IRC Operators.
* IRC Operators are people who have "extra rights" compared to others,
* for example they may /KILL other people, initiate server linking,
* /JOIN channels even though they are banned, etc.
*
* For more information about becoming an IRCOp and how to do admin
* tasks, see: https://www.unrealircd.org/docs/IRCOp_guide
*
* For details regarding the oper { } block itself, see
* https://www.unrealircd.org/docs/Oper_block
*/
/* Here is an example oper block for 'bobsmith' with password 'test'.
* You MUST change this!!
*/
oper bobsmith {
class opers;
mask *@*;
password "test123";
/* Oper permissions are defined in an 'operclass' block.
* See https://www.unrealircd.org/docs/Operclass_block
* UnrealIRCd ships with a number of default blocks, see
* the article for a full list. We choose 'netadmin' here.
*/
operclass netadmin;
swhois "is a Network Administrator";
vhost netadmin.example.org;
}
/* Listen blocks define the ports where the server should listen on.
* In other words: the ports that clients and servers may use to
* connect to this server.
*
* Syntax:
* listen {
* {
* ip <ip>;
* port <port>;
* options {
* <options....>;
* }
* }
*/
/* Standard IRC port 6667 */
listen {
ip *;
port 6667;
}
/* Standard IRC SSL/TLS port 6697 */
listen {
ip *;
port 6697;
options { tls; }
}
/* Special SSL/TLS servers-only port for linking */
listen {
ip *;
port 6900;
options { tls; serversonly; }
}
/* NOTE: If you are on an IRCd shell with multiple IP's and you use
* the above listen { } blocks then you will likely get an
* 'Address already in use' error and the ircd won't start.
* This means you MUST bind to a specific IP instead of '*' like:
* listen { ip 1.2.3.4; port 6667; }
* Of course, replace the IP with the IP that was assigned to you.
*/
/*
* Link blocks allow you to link multiple servers together to form a network.
* See https://www.unrealircd.org/docs/Tutorial:_Linking_servers
*/
link hub.example.org
{
incoming {
mask *@something;
}
outgoing {
bind-ip *; /* or explicitly an IP */
hostname hub.example.org;
port 6900;
options { tls; }
}
/* We use the SPKI fingerprint of the other server for authentication.
* Run './unrealircd spkifp' on the other side to get it.
*/
password "AABBCCDDEEFFGGHHIIJJKKLLMMNNOOPPQQRRSSTTUUV=" { spkifp; }
class servers;
}
/* The link block for services is usually much simpler.
* For more information about what Services are,
* see https://www.unrealircd.org/docs/Services
*/
link services.example.org
{
incoming {
mask 127.0.0.1;
}
password "changemeplease";
class servers;
}
/* U-lines give other servers (even) more power/commands.
* If you use services you must add them here.
* NEVER put the name of an UnrealIRCd server here!!!
*/
ulines {
services.example.org;
}
/* Here you can add a password for the IRCOp-only /DIE and /RESTART commands.
* This is mainly meant to provide a little protection against accidental
* restarts and server kills.
*/
drpass {
restart "restart";
die "die";
}
/* The log block defines what should be logged and to what file.
* See also https://www.unrealircd.org/docs/Log_block
*/
/* This is a good default, it logs everything */
log "ircd.log" {
flags {
oper;
connects;
server-connects;
kills;
errors;
flood;
sadmin-commands;
chg-commands;
oper-override;
tkl;
spamfilter;
}
}
/* With "aliases" you can create an alias like /SOMETHING to send a message to
* some user or bot. They are usually used for services.
*
* We have a number of pre-set alias files, check out the alias/ directory.
* As an example, here we include all aliases used for anope services.
*/
include "aliases/anope.conf";
/* Ban nick names so they cannot be used by regular users */
ban nick {
mask "*C*h*a*n*S*e*r*v*";
reason "Reserved for Services";
}
/* Ban ip.
* Note that you normally use /KLINE, /GLINE and /ZLINE for this.
*/
ban ip {
mask 195.86.232.81;
reason "Hate you";
}
/* Ban server - if we see this server linked to someone then we delink */
ban server {
mask eris.berkeley.edu;
reason "Get out of here.";
}
/* Ban user - just as an example, you normally use /KLINE or /GLINE for this */
ban user {
mask *tirc@*.saturn.bbn.com;
reason "Idiot";
}
/* Ban realname allows you to ban clients based on their 'real name'
* or 'gecos' field.
*/
ban realname {
mask "Swat Team";
reason "mIRKFORCE";
}
ban realname {
mask "sub7server";
reason "sub7";
}
/* Ban and TKL exceptions. Allows you to exempt users / machines from
* KLINE, GLINE, etc.
* If you are an IRCOp with a static IP (and no untrusted persons on that IP)
* then we suggest you add yourself here. That way you can always get in
* even if you accidentally place a *LINE ban on yourself.
*/
/* except ban protects you from KLINE and ZLINE */
except ban {
mask *@192.0.2.1;
// you may add more mask entries here..
}
/* except ban with type 'all' protects you from GLINE, GZLINE, QLINE, SHUN */
except ban {
mask *@192.0.2.1;
type all;
}
/* With deny dcc blocks you can ban filenames for DCC */
deny dcc {
filename "*sub7*";
reason "Possible Sub7 Virus";
}
/* deny channel allows you to ban a channel (mask) entirely */
deny channel {
channel "*warez*";
reason "Warez is illegal";
class "clients";
}
/* VHosts (Virtual Hosts) allow users to acquire a different host.
* See https://www.unrealircd.org/docs/Vhost_block
*/
/* Example vhost which you can use. On IRC type: /VHOST test test
* NOTE: only people with an 'unrealircd.com' host may use it so
* be sure to change the vhost::mask before you test.
*/
vhost {
vhost i.hate.microsefrs.com;
mask *@unrealircd.com;
login "test";
password "test";
}
/* Blacklist blocks will query an external DNS Blacklist service
* whenever a user connects, to see if the IP address is known
* to cause drone attacks, is a known hacked machine, etc.
* Documentation: https://www.unrealircd.org/docs/Blacklist_block
* Or just have a look at the blocks below.
*/
/* DroneBL, probably the most popular blacklist used by IRC Servers.
* See https://dronebl.org/ for their documentation and the
* meaning of the reply types. At time of writing we use types:
* 3: IRC Drone, 5: Bottler, 6: Unknown spambot or drone,
* 7: DDoS Drone, 8: SOCKS Proxy, 9: HTTP Proxy, 10: ProxyChain,
* 11: Web Page Proxy, 12: Open DNS Resolver, 13: Brute force attackers,
* 14: Open Wingate Proxy, 15: Compromised router / gateway,
* 16: Autorooting worms.
*/
blacklist dronebl {
dns {
name dnsbl.dronebl.org;
type record;
reply { 3; 5; 6; 7; 8; 9; 10; 11; 12; 13; 14; 15; 16; }
}
action gline;
ban-time 24h;
reason "Proxy/Drone detected. Check https://dronebl.org/lookup?ip=$ip for details.";
}
/* EFnetRBL, see https://rbl.efnetrbl.org/ for documentation
* and the meaning of the reply types.
* At time of writing: 1 is open proxy, 4 is TOR, 5 is drones/flooding.
*
* NOTE: If you want to permit TOR proxies on your server, then
* you need to remove the '4;' below in the reply section.
*/
blacklist efnetrbl {
dns {
name rbl.efnetrbl.org;
type record;
reply { 1; 4; 5; }
}
action gline;
ban-time 24h;
reason "Proxy/Drone/TOR detected. Check https://rbl.efnetrbl.org/?i=$ip for details.";
}
/* You can include other configuration files */
/* include "klines.conf"; */
/* Network configuration */
set {
network-name "ExampleNET";
default-server "irc.example.org";
services-server "services.example.org";
stats-server "stats.example.org";
help-channel "#Help";
hiddenhost-prefix "Clk";
prefix-quit "Quit";
/* Cloak keys should be the same at all servers on the network.
* They are used for generating masked hosts and should be kept secret.
* The keys should be 3 random strings of 50-100 characters
* and must consist of lowcase (a-z), upcase (A-Z) and digits (0-9).
* HINT: On *NIX, you can run './unrealircd gencloak' in your shell to let
* UnrealIRCd generate 3 random strings for you.
*/
cloak-keys {
"aoAr1HnR6gl3sJ7hVz4Zb7x4YwpW";
"aoAr1HnR6gl3sJ7hVz4Zb7x4Yw11";
"aoAr1HnR6gl3sJ7hVz4Zb7x4Yw22";
}
}
/* Server specific configuration */
set {
kline-address "help@stuzer.link"; /* e-mail or URL shown when a user is banned */
modes-on-connect "+ixw"; /* when users connect, they will get these user modes */
modes-on-oper "+xws"; /* when someone becomes IRCOp they'll get these modes */
modes-on-join "+nt"; /* default channel modes when a new channel is created */
oper-auto-join "#opers"; /* IRCOps are auto-joined to this channel */
options {
hide-ulines; /* hide U-lines in /MAP and /LINKS */
show-connect-info; /* show "looking up your hostname" messages on connect */
}
maxchannelsperuser 10; /* maximum number of channels a user may /JOIN */
/* The minimum time a user must be connected before being allowed to
* use a QUIT message. This will hopefully help stop spam.
*/
anti-spam-quit-message-time 10s;
/* Or simply set a static quit, meaning any /QUIT reason is ignored */
/* static-quit "Client quit"; */
/* static-part does the same for /PART */
/* static-part yes; */
/* Flood protection:
* There are lots of settings for this and most have good defaults.
* See https://www.unrealircd.org/docs/Set_block#set::anti-flood
*/
anti-flood {
}
/* Settings for spam filter */
spamfilter {
ban-time 1d; /* default duration of a *LINE ban set by spamfilter */
ban-reason "Spam/Advertising"; /* default reason */
virus-help-channel "#help"; /* channel to use for 'viruschan' action */
/* except "#help"; channel to exempt from Spamfilter */
}
/* Restrict certain commands.
* See https://www.unrealircd.org/docs/Set_block#set::restrict-commands
*/
restrict-commands {
list {
connect-delay 60;
exempt-identified yes;
exempt-reputation-score 24;
}
invite {
connect-delay 120;
exempt-identified yes;
exempt-reputation-score 24;
}
/* In addition to the ability to restrict any command,
* such as shown above. There are also 4 special types
* that you can restrict. These are "private-message",
* "private-notice", "channel-message" and "channel-notice".
* They are commented out (disabled) in this example:
*/
//private-message {
// connect-delay 10;
//}
//private-notice {
// connect-delay 10;
//}
}
}
/*
* The following will configure connection throttling of "unknown users".
*
* When UnrealIRCd detects a high number of users connecting from IP addresses
* that have not been seen before, then connections from new IP's are rejected
* above the set rate. For example at 10:60 only 10 users per minute can connect
* that have not been seen before. Known IP addresses can always get in,
* regardless of the set rate. Same for users who login using SASL.
*
* See also https://www.unrealircd.org/docs/Connthrottle for details.
* Or just keep reading the default configuration settings below:
*/
set {
connthrottle {
/* First we must configure what we call "known users".
* By default these are users on IP addresses that have
* a score of 24 or higher. A score of 24 means that the
* IP was connected to this network for at least 2 hours
* in the past month (or minimum 1 hour if registered).
* The sasl-bypass option is another setting. It means
* that users who authenticate to services via SASL
* are considered known users as well.
* Users in the "known-users" group (either by reputation
* or by SASL) are always allowed in by this module.
*/
known-users {
minimum-reputation-score 24;
sasl-bypass yes;
}
/* New users are all users that do not belong in the
* known-users group. They are considered "new" and in
* case of a high number of such new users connecting
* they are subject to connection rate limiting.
* By default the rate is 20 new local users per minute
* and 30 new global users per minute.
*/
new-users {
local-throttle 20:60;
global-throttle 30:60;
}
/* This configures when this module will NOT be active.
* The default settings will disable the module when:
* - The reputation module has been running for less than
* a week. If running less than 1 week then there is
* insufficient data to consider who is a "known user".
* - The server has just been booted up (first 3 minutes).
*/
disabled-when {
reputation-gathering 1w;
start-delay 3m;
}
}
}
/* Finally, you may wish to have a MOTD (Message of the Day), this can be
* done by creating an 'ircd.motd' text file in your conf/ directory.
* This file will be shown to your users on connect.
* For more information see https://www.unrealircd.org/docs/MOTD_and_Rules
*/
/*
* Problems or need more help?
* 1) https://www.unrealircd.org/docs/UnrealIRCd_4_documentation
* 2) https://www.unrealircd.org/docs/FAQ <- answers 80% of your questions!
* 3) If you are still having problems then you can get support:
* - Forums: https://forums.unrealircd.org/
* - IRC: irc.unrealircd.org (SSL on port 6697) / #unreal-support
* Note that we require you to read the documentation and FAQ first!
*/