Initial
This commit is contained in:
commit
ba255c481a
3
.gitignore
vendored
Normal file
3
.gitignore
vendored
Normal file
@ -0,0 +1,3 @@
|
|||||||
|
.idea
|
||||||
|
conf/tls/*.pem
|
||||||
|
conf/unrealircd.conf
|
21
Dockerfile
Normal file
21
Dockerfile
Normal file
@ -0,0 +1,21 @@
|
|||||||
|
FROM debian:unstable-slim as builder_source
|
||||||
|
RUN apt-get update && apt-get install -y \
|
||||||
|
&& apt-get install -y git build-essential pkg-config libssl-dev libpcre2-dev libargon2-0-dev libsodium-dev libc-ares-dev libcurl4-openssl-dev \
|
||||||
|
&& rm -rf /var/lib/apt/lists/*
|
||||||
|
|
||||||
|
WORKDIR /opt
|
||||||
|
RUN git clone https://github.com/unrealircd/unrealircd.git --depth 1 . \
|
||||||
|
&& ./configure --with-showlistmodes --enable-ssl --with-bindir=/app/bin --with-datadir=/app/data --with-pidfile=/app/data/unrealircd.pid --with-confdir=/app/conf --with-modulesdir=/app/modules --with-logdir=/app/logs --with-cachedir=/app/cache --with-docdir=/app/doc --with-tmpdir=/app/tmp --with-privatelibdir=/app/lib --with-scriptdir=/app --with-nick-history=2000 --with-permissions=0600 --enable-dynamic-linking \
|
||||||
|
&& make -j4 \
|
||||||
|
&& make install \
|
||||||
|
&& rm /app/source \
|
||||||
|
&& cp /app/conf/examples/example.conf /app/conf/unrealircd.conf
|
||||||
|
|
||||||
|
FROM builder_source AS builder_binary
|
||||||
|
COPY --from=builder_source /app /app
|
||||||
|
WORKDIR /app
|
||||||
|
RUN useradd unrealircd \
|
||||||
|
&& chown unrealircd:unrealircd -R /app
|
||||||
|
USER unrealircd
|
||||||
|
CMD /app/unrealircd start \
|
||||||
|
&& until ! [ -f /app/data/unrealircd.pid ]; do sleep 60; done
|
2
README.md
Normal file
2
README.md
Normal file
@ -0,0 +1,2 @@
|
|||||||
|
docker-compose build --no-cache
|
||||||
|
docker run -d -p 127.0.0.1:6900:6900 -p 127.0.0.1:6697:6697 -p 127.0.0.1:6667:6667 -v /${PWD}/conf/:/app/conf --name unrealircd unrealircd_ircd -it /bin/bash
|
43
conf/aliases/aliases.conf
Normal file
43
conf/aliases/aliases.conf
Normal file
@ -0,0 +1,43 @@
|
|||||||
|
/* Standard Aliases */
|
||||||
|
|
||||||
|
alias identify {
|
||||||
|
format "^#" {
|
||||||
|
target chanserv;
|
||||||
|
type services;
|
||||||
|
parameters "IDENTIFY %1-";
|
||||||
|
}
|
||||||
|
format "^[^#]" {
|
||||||
|
target nickserv;
|
||||||
|
type services;
|
||||||
|
parameters "IDENTIFY %1-";
|
||||||
|
}
|
||||||
|
type command;
|
||||||
|
}
|
||||||
|
|
||||||
|
alias services {
|
||||||
|
format "^#" {
|
||||||
|
target chanserv;
|
||||||
|
type services;
|
||||||
|
parameters "%1-";
|
||||||
|
}
|
||||||
|
format "^[^#]" {
|
||||||
|
target nickserv;
|
||||||
|
type services;
|
||||||
|
parameters "%1-";
|
||||||
|
}
|
||||||
|
type command;
|
||||||
|
}
|
||||||
|
|
||||||
|
alias register {
|
||||||
|
format "^#" {
|
||||||
|
target chanserv;
|
||||||
|
type services;
|
||||||
|
parameters "REGISTER %1-";
|
||||||
|
}
|
||||||
|
format "^[^#]" {
|
||||||
|
target nickserv;
|
||||||
|
type services;
|
||||||
|
parameters "REGISTER %1-";
|
||||||
|
}
|
||||||
|
type command;
|
||||||
|
}
|
17
conf/aliases/anope.conf
Normal file
17
conf/aliases/anope.conf
Normal file
@ -0,0 +1,17 @@
|
|||||||
|
/* Anope Aliases */
|
||||||
|
|
||||||
|
alias nickserv { type services; }
|
||||||
|
alias ns { target nickserv; type services; }
|
||||||
|
alias chanserv { type services; }
|
||||||
|
alias cs { target chanserv; type services; }
|
||||||
|
alias memoserv { type services; spamfilter yes; }
|
||||||
|
alias ms { target memoserv; type services; spamfilter yes; }
|
||||||
|
alias operserv { type services; }
|
||||||
|
alias os { target operserv; type services; }
|
||||||
|
alias botserv { type services; }
|
||||||
|
alias bs { target botserv; type services; }
|
||||||
|
alias hostserv { type services; }
|
||||||
|
alias hs { target hostserv; type services; }
|
||||||
|
|
||||||
|
include "aliases/aliases.conf";
|
||||||
|
|
26
conf/aliases/atheme.conf
Normal file
26
conf/aliases/atheme.conf
Normal file
@ -0,0 +1,26 @@
|
|||||||
|
/* Atheme Aliases */
|
||||||
|
|
||||||
|
alias nickserv { type services; }
|
||||||
|
alias ns { target nickserv; type services; }
|
||||||
|
alias chanserv { type services; }
|
||||||
|
alias cs { target chanserv; type services; }
|
||||||
|
alias memoserv { type services; spamfilter yes; }
|
||||||
|
alias ms { target memoserv; type services; spamfilter yes; }
|
||||||
|
alias operserv { type services; }
|
||||||
|
alias os { target operserv; type services; }
|
||||||
|
alias helpserv { type services; }
|
||||||
|
alias botserv { type services; }
|
||||||
|
alias bs { target botserv; type services; }
|
||||||
|
alias hostserv { type services; }
|
||||||
|
alias hs { target hostserv; type services; }
|
||||||
|
alias saslserv { type services; }
|
||||||
|
alias sss { target saslserv; type services; }
|
||||||
|
alias gameserv { type services; }
|
||||||
|
alias gms { target gameserv; type services; }
|
||||||
|
alias groupserv { type services; }
|
||||||
|
alias grs { target groupserv; type services; }
|
||||||
|
alias alis { type services; }
|
||||||
|
alias ls { target alis; type services; }
|
||||||
|
|
||||||
|
include "aliases/aliases.conf";
|
||||||
|
|
33
conf/aliases/auspice.conf
Normal file
33
conf/aliases/auspice.conf
Normal file
@ -0,0 +1,33 @@
|
|||||||
|
/* Auspice Aliases */
|
||||||
|
|
||||||
|
/* Uncomment this, if you have enabled "MassServ, W and X" in auspice */
|
||||||
|
# alias massserv { type services; }
|
||||||
|
# alias ma { target massserv; type services; }
|
||||||
|
# alias W { type services; }
|
||||||
|
# alias X { type services; }
|
||||||
|
|
||||||
|
/* Uncomment this, if you have enabled "WebServ" in auspice */
|
||||||
|
# alias webserv { type services; }
|
||||||
|
# alias ws { target webserv; type services; }
|
||||||
|
|
||||||
|
alias agent { type services; }
|
||||||
|
alias adminserv { type services; }
|
||||||
|
alias as { target adminserv; type services; }
|
||||||
|
alias botserv { type services; }
|
||||||
|
alias bs { target botserv; type services; }
|
||||||
|
alias chanserv { type services; }
|
||||||
|
alias cs { target chanserv; type services; }
|
||||||
|
alias helpserv { type services; }
|
||||||
|
alias hs { target helpserv; type services; }
|
||||||
|
alias hostserv { type services; }
|
||||||
|
alias ho { target hostserv; type services; }
|
||||||
|
alias memoserv { type services; spamfilter yes; }
|
||||||
|
alias ms { target memoserv; type services; spamfilter yes; }
|
||||||
|
alias nickserv { type services; }
|
||||||
|
alias ns { target nickserv; type services; }
|
||||||
|
alias operserv { type services; }
|
||||||
|
alias os { target operserv; type services; }
|
||||||
|
alias rootserv { type services; }
|
||||||
|
alias rs { target rootserv; type services; }
|
||||||
|
|
||||||
|
include "aliases/aliases.conf";
|
12
conf/aliases/cygnus.conf
Normal file
12
conf/aliases/cygnus.conf
Normal file
@ -0,0 +1,12 @@
|
|||||||
|
/* Cygnus Aliases */
|
||||||
|
|
||||||
|
alias nickserv { type services; }
|
||||||
|
alias ns { target nickserv; type services; }
|
||||||
|
alias chanserv { type services; }
|
||||||
|
alias cs { target chanserv; type services; }
|
||||||
|
alias memoserv { type services; spamfilter yes; }
|
||||||
|
alias ms { target memoserv; type services; spamfilter yes; }
|
||||||
|
alias rootserv { type services; }
|
||||||
|
alias rs { target rootserv; type services; }
|
||||||
|
|
||||||
|
include "aliases/aliases.conf";
|
16
conf/aliases/epona.conf
Normal file
16
conf/aliases/epona.conf
Normal file
@ -0,0 +1,16 @@
|
|||||||
|
/* Epona Aliases */
|
||||||
|
|
||||||
|
alias nickserv { type services; }
|
||||||
|
alias ns { target nickserv; type services; }
|
||||||
|
alias chanserv { type services; }
|
||||||
|
alias cs { target chanserv; type services; }
|
||||||
|
alias memoserv { type services; spamfilter yes; }
|
||||||
|
alias ms { target memoserv; type services; spamfilter yes; }
|
||||||
|
alias operserv { type services; }
|
||||||
|
alias os { target operserv; type services; }
|
||||||
|
alias helpserv { type services; }
|
||||||
|
alias hs { target helpserv; type services; }
|
||||||
|
alias botserv { type services; }
|
||||||
|
alias bs { target botserv; type services; }
|
||||||
|
|
||||||
|
include "aliases/aliases.conf";
|
14
conf/aliases/generic.conf
Normal file
14
conf/aliases/generic.conf
Normal file
@ -0,0 +1,14 @@
|
|||||||
|
/* Generic Aliases */
|
||||||
|
|
||||||
|
alias nickserv { type services; }
|
||||||
|
alias ns { target nickserv; type services; }
|
||||||
|
alias chanserv { type services; }
|
||||||
|
alias cs { target chanserv; type services; }
|
||||||
|
alias memoserv { type services; spamfilter yes; }
|
||||||
|
alias ms { target memoserv; type services; spamfilter yes; }
|
||||||
|
alias operserv { type services; }
|
||||||
|
alias os { target operserv; type services; }
|
||||||
|
alias helpserv { type services; }
|
||||||
|
alias hs { target helpserv; type services; }
|
||||||
|
|
||||||
|
include "aliases/aliases.conf";
|
4
conf/aliases/genericstats.conf
Normal file
4
conf/aliases/genericstats.conf
Normal file
@ -0,0 +1,4 @@
|
|||||||
|
/* Generic StatServ Aliases */
|
||||||
|
|
||||||
|
alias statserv { type stats; }
|
||||||
|
alias ss { target statserv; type stats; }
|
17
conf/aliases/ircservices.conf
Normal file
17
conf/aliases/ircservices.conf
Normal file
@ -0,0 +1,17 @@
|
|||||||
|
/* IRCServices Aliases */
|
||||||
|
|
||||||
|
alias nickserv { type services; }
|
||||||
|
alias ns { target nickserv; type services; }
|
||||||
|
alias chanserv { type services; }
|
||||||
|
alias cs { target chanserv; type services; }
|
||||||
|
alias memoserv { type services; spamfilter yes; }
|
||||||
|
alias ms { target memoserv; type services; spamfilter yes; }
|
||||||
|
alias operserv { type services; }
|
||||||
|
alias os { target operserv; type services; }
|
||||||
|
alias helpserv { type services; }
|
||||||
|
alias hs { target helpserv; type services; }
|
||||||
|
alias irciihelp { type services; }
|
||||||
|
alias statserv { type services; }
|
||||||
|
alias ss { target statserv; type services; }
|
||||||
|
|
||||||
|
include "aliases/aliases.conf";
|
6
conf/aliases/operstats.conf
Normal file
6
conf/aliases/operstats.conf
Normal file
@ -0,0 +1,6 @@
|
|||||||
|
/* OperStats Aliases */
|
||||||
|
|
||||||
|
alias operserv { type stats; }
|
||||||
|
alias os { target operserv; type stats; }
|
||||||
|
alias statserv { type stats; }
|
||||||
|
alias ss { target statserv; type stats; }
|
51
conf/badwords.conf
Normal file
51
conf/badwords.conf
Normal file
@ -0,0 +1,51 @@
|
|||||||
|
/*
|
||||||
|
Unreal Internet Relay Chat Daemon
|
||||||
|
Copyright (C) Carsten V. Munk 2000
|
||||||
|
|
||||||
|
NOTE: Those words are not meant to insult you (the user)
|
||||||
|
but is meant to be a list of words so that the +G channel/user mode
|
||||||
|
will work properly. You can easily modify this file at your will.
|
||||||
|
If you got words to add to this file, please mail badwords@tspre.org
|
||||||
|
|
||||||
|
|
||||||
|
|
||||||
|
|
||||||
|
|
||||||
|
|
||||||
|
This is some filling space, scroll down to see the words
|
||||||
|
|
||||||
|
|
||||||
|
|
||||||
|
|
||||||
|
|
||||||
|
|
||||||
|
|
||||||
|
|
||||||
|
|
||||||
|
|
||||||
|
|
||||||
|
|
||||||
|
|
||||||
|
|
||||||
|
|
||||||
|
|
||||||
|
*/
|
||||||
|
badword all { word "pussy"; }
|
||||||
|
badword all { word "fuck"; }
|
||||||
|
badword all { word "whore"; }
|
||||||
|
badword all { word "slut"; }
|
||||||
|
badword all { word "shit"; }
|
||||||
|
badword all { word "asshole"; }
|
||||||
|
badword all { word "bitch"; }
|
||||||
|
badword all { word "cunt"; }
|
||||||
|
badword all { word "vagina"; }
|
||||||
|
badword all { word "penis"; }
|
||||||
|
badword all { word "jackass"; }
|
||||||
|
badword all { word "*fucker*"; }
|
||||||
|
badword all { word "faggot"; }
|
||||||
|
badword all { word "fag"; }
|
||||||
|
badword all { word "horny"; }
|
||||||
|
badword all { word "dickhead"; }
|
||||||
|
badword all { word "sonuvabitch"; }
|
||||||
|
badword all { word "*fuck*"; }
|
||||||
|
badword all { word "tits"; }
|
42
conf/dccallow.conf
Normal file
42
conf/dccallow.conf
Normal file
@ -0,0 +1,42 @@
|
|||||||
|
/* Example of a possible semi-secure /DCCALLOW configuration written by Syzop.
|
||||||
|
* $Id$
|
||||||
|
*
|
||||||
|
* Actually nothing is *100% secure*... there could still be
|
||||||
|
* bugs in the software itself (think: a winamp bug that can
|
||||||
|
* be exploited via an mp3, or: a wmplayer bug that can be
|
||||||
|
* exploited via a specially crafted .wmv, etc..).
|
||||||
|
* If you are really that paranoid you could just remove
|
||||||
|
* all 'allow dcc'-blocks and prompt the user for EVERY file ;).
|
||||||
|
*
|
||||||
|
* Still, I think this file is a good tradeoff between userfriendlyness
|
||||||
|
* and security. Note that when you try to only DENY specific
|
||||||
|
* file type (exe, com, etc) you are *guaranteed* to miss ones
|
||||||
|
* (like: did you know .r17 gets treated as a rar archive?
|
||||||
|
* and that an exe can be disguished as .cmd which is executable
|
||||||
|
* on nt/w2k/xp?)
|
||||||
|
*/
|
||||||
|
|
||||||
|
/* first.. deny everything, then allow known-good stuff... */
|
||||||
|
deny dcc { filename "*"; reason "Possible executable content"; soft yes; }
|
||||||
|
/* common image formats */
|
||||||
|
allow dcc { filename "*.jpg"; soft yes; }
|
||||||
|
allow dcc { filename "*.jpeg"; soft yes; }
|
||||||
|
allow dcc { filename "*.gif"; soft yes; }
|
||||||
|
allow dcc { filename "*.png"; soft yes; }
|
||||||
|
allow dcc { filename "*.bmp"; soft yes; }
|
||||||
|
/* audio / video (but not scripted/playlists!) */
|
||||||
|
allow dcc { filename "*.mp1"; soft yes; }
|
||||||
|
allow dcc { filename "*.mp2"; soft yes; }
|
||||||
|
allow dcc { filename "*.mp3"; soft yes; }
|
||||||
|
allow dcc { filename "*.mpg"; soft yes; }
|
||||||
|
allow dcc { filename "*.mpeg"; soft yes; }
|
||||||
|
allow dcc { filename "*.m1v"; soft yes; }
|
||||||
|
allow dcc { filename "*.m2v"; soft yes; }
|
||||||
|
allow dcc { filename "*.vob"; soft yes; }
|
||||||
|
allow dcc { filename "*.wav"; soft yes; }
|
||||||
|
/* text / misc */
|
||||||
|
allow dcc { filename "*.txt"; soft yes; }
|
||||||
|
allow dcc { filename "*.log"; soft yes; }
|
||||||
|
allow dcc { filename "*.pdf"; soft yes; }
|
||||||
|
allow dcc { filename "*.c"; soft yes; }
|
||||||
|
allow dcc { filename "*.cpp"; soft yes; }
|
1463
conf/help/help.conf
Normal file
1463
conf/help/help.conf
Normal file
File diff suppressed because it is too large
Load Diff
1385
conf/help/help.de.conf
Normal file
1385
conf/help/help.de.conf
Normal file
File diff suppressed because it is too large
Load Diff
1465
conf/help/help.es.conf
Normal file
1465
conf/help/help.es.conf
Normal file
File diff suppressed because it is too large
Load Diff
1407
conf/help/help.fr.conf
Normal file
1407
conf/help/help.fr.conf
Normal file
File diff suppressed because it is too large
Load Diff
1311
conf/help/help.it.conf
Normal file
1311
conf/help/help.it.conf
Normal file
File diff suppressed because it is too large
Load Diff
1462
conf/help/help.nl.conf
Normal file
1462
conf/help/help.nl.conf
Normal file
File diff suppressed because it is too large
Load Diff
1494
conf/help/help.pl.conf
Normal file
1494
conf/help/help.pl.conf
Normal file
File diff suppressed because it is too large
Load Diff
1477
conf/help/help.ru.conf
Normal file
1477
conf/help/help.ru.conf
Normal file
File diff suppressed because it is too large
Load Diff
1328
conf/help/help.tr.conf
Normal file
1328
conf/help/help.tr.conf
Normal file
File diff suppressed because it is too large
Load Diff
237
conf/modules.default.conf
Normal file
237
conf/modules.default.conf
Normal file
@ -0,0 +1,237 @@
|
|||||||
|
/* This file will load (nearly) all modules available on UnrealIRCd.
|
||||||
|
* So all commands, channel modes, user modes, etc..
|
||||||
|
*
|
||||||
|
* If you want to have all UnrealIRCd functionality, then include this
|
||||||
|
* file from your unrealircd.conf by using:
|
||||||
|
* include "modules.default.conf";
|
||||||
|
*
|
||||||
|
* DO NOT EDIT THIS FILE! IT WILL BE OVERWRITTEN DURING NEXT UPGRADE!!
|
||||||
|
* If you want to customize the modules to load you have two options:
|
||||||
|
* 1) Keep the include for modules.default.conf as usual and make use
|
||||||
|
* of blacklist-module "xyz"; to selectively disable modules.
|
||||||
|
* See https://www.unrealircd.org/docs/Blacklist-module_directive
|
||||||
|
* 2) OR, make a copy of this file (eg: name it modules.custom.conf)
|
||||||
|
* and edit it. Then include that file from your unrealircd.conf
|
||||||
|
* instead of this one.
|
||||||
|
* The downside of option #2 is that you will need to track changes
|
||||||
|
* in the original modules.default.conf with each new UnrealIRCd
|
||||||
|
* release to make sure you don't miss any new functionality (as new
|
||||||
|
* important modules may be added you need to add them to your conf).
|
||||||
|
* You don't have this problem with option #1.
|
||||||
|
*/
|
||||||
|
|
||||||
|
/*** Cloaking (for user mode +x) ***/
|
||||||
|
loadmodule "cloak";
|
||||||
|
|
||||||
|
|
||||||
|
/*** Commands ***/
|
||||||
|
|
||||||
|
// User commands (MINIMAL)
|
||||||
|
// These provide just the minimal set of IRC commands that are
|
||||||
|
// required by RFC1459 along with WATCH and MAP.
|
||||||
|
loadmodule "admin";
|
||||||
|
loadmodule "away";
|
||||||
|
loadmodule "invite";
|
||||||
|
loadmodule "ison";
|
||||||
|
loadmodule "join";
|
||||||
|
loadmodule "kick";
|
||||||
|
loadmodule "links";
|
||||||
|
loadmodule "list";
|
||||||
|
loadmodule "lusers";
|
||||||
|
loadmodule "map";
|
||||||
|
loadmodule "message";
|
||||||
|
loadmodule "mode";
|
||||||
|
loadmodule "motd";
|
||||||
|
loadmodule "names";
|
||||||
|
loadmodule "nick";
|
||||||
|
loadmodule "part";
|
||||||
|
loadmodule "pass";
|
||||||
|
loadmodule "pingpong";
|
||||||
|
loadmodule "protoctl";
|
||||||
|
loadmodule "quit";
|
||||||
|
loadmodule "rules";
|
||||||
|
loadmodule "topic";
|
||||||
|
loadmodule "user";
|
||||||
|
loadmodule "userhost";
|
||||||
|
loadmodule "watch";
|
||||||
|
loadmodule "whox";
|
||||||
|
loadmodule "whois";
|
||||||
|
loadmodule "whowas";
|
||||||
|
|
||||||
|
// User commands (EXTENDED)
|
||||||
|
// These are commands that provide extended functionality.
|
||||||
|
loadmodule "botmotd";
|
||||||
|
loadmodule "cap";
|
||||||
|
loadmodule "cycle";
|
||||||
|
loadmodule "dccallow";
|
||||||
|
loadmodule "help";
|
||||||
|
loadmodule "knock";
|
||||||
|
loadmodule "lag";
|
||||||
|
loadmodule "sasl";
|
||||||
|
loadmodule "setname";
|
||||||
|
loadmodule "silence";
|
||||||
|
loadmodule "starttls";
|
||||||
|
loadmodule "time";
|
||||||
|
loadmodule "userip";
|
||||||
|
loadmodule "vhost";
|
||||||
|
loadmodule "history";
|
||||||
|
|
||||||
|
// IRC Operator commands
|
||||||
|
// Note: several of these like kill are also server-to-server commands
|
||||||
|
// which are required if you link to other servers.
|
||||||
|
loadmodule "addmotd";
|
||||||
|
loadmodule "addomotd";
|
||||||
|
loadmodule "chghost";
|
||||||
|
loadmodule "chgident";
|
||||||
|
loadmodule "chgname";
|
||||||
|
loadmodule "close";
|
||||||
|
loadmodule "connect";
|
||||||
|
loadmodule "squit";
|
||||||
|
loadmodule "dccdeny";
|
||||||
|
loadmodule "globops";
|
||||||
|
loadmodule "kill"; /* also server-to-server */
|
||||||
|
loadmodule "locops";
|
||||||
|
loadmodule "mkpasswd";
|
||||||
|
loadmodule "oper";
|
||||||
|
loadmodule "opermotd";
|
||||||
|
loadmodule "sajoin";
|
||||||
|
loadmodule "samode";
|
||||||
|
loadmodule "sapart";
|
||||||
|
loadmodule "sdesc";
|
||||||
|
loadmodule "sethost";
|
||||||
|
loadmodule "setident";
|
||||||
|
loadmodule "stats";
|
||||||
|
loadmodule "tkl"; /* also server-to-server */
|
||||||
|
loadmodule "trace";
|
||||||
|
loadmodule "tsctl";
|
||||||
|
loadmodule "unsqline";
|
||||||
|
loadmodule "wallops";
|
||||||
|
loadmodule "jumpserver";
|
||||||
|
|
||||||
|
// Server-to-server commands
|
||||||
|
// Don't remove these, unless you never link to other servers.
|
||||||
|
loadmodule "eos";
|
||||||
|
loadmodule "md";
|
||||||
|
loadmodule "netinfo";
|
||||||
|
loadmodule "server";
|
||||||
|
loadmodule "sjoin";
|
||||||
|
loadmodule "sqline";
|
||||||
|
loadmodule "swhois";
|
||||||
|
loadmodule "umode2";
|
||||||
|
loadmodule "sinfo";
|
||||||
|
loadmodule "require-module";
|
||||||
|
|
||||||
|
// Services commands
|
||||||
|
// You could disable these if you don't use Services
|
||||||
|
// https://www.unrealircd.org/docs/Services
|
||||||
|
loadmodule "sendsno";
|
||||||
|
loadmodule "sendumode";
|
||||||
|
loadmodule "svsjoin";
|
||||||
|
loadmodule "svskill";
|
||||||
|
loadmodule "svslusers";
|
||||||
|
loadmodule "svsmode";
|
||||||
|
loadmodule "svsmotd";
|
||||||
|
loadmodule "svsnick";
|
||||||
|
loadmodule "svsnline";
|
||||||
|
loadmodule "svsnolag";
|
||||||
|
loadmodule "svsnoop";
|
||||||
|
loadmodule "svspart";
|
||||||
|
loadmodule "svssilence";
|
||||||
|
loadmodule "svssno";
|
||||||
|
loadmodule "svswatch";
|
||||||
|
|
||||||
|
|
||||||
|
/*** Channel modes ***/
|
||||||
|
loadmodule "chanmodes/floodprot"; /* +f */
|
||||||
|
loadmodule "chanmodes/nocolor"; /* +c */
|
||||||
|
loadmodule "chanmodes/noctcp"; /* +C */
|
||||||
|
loadmodule "chanmodes/stripcolor"; /* +S */
|
||||||
|
loadmodule "chanmodes/issecure"; /* +Z */
|
||||||
|
loadmodule "chanmodes/permanent"; /* +P */
|
||||||
|
loadmodule "chanmodes/link"; /* +L */
|
||||||
|
loadmodule "chanmodes/censor"; /* +G */
|
||||||
|
loadmodule "chanmodes/delayjoin"; /* +D */
|
||||||
|
loadmodule "chanmodes/noknock"; /* +K */
|
||||||
|
loadmodule "chanmodes/noinvite"; /* +V */
|
||||||
|
loadmodule "chanmodes/operonly"; /* +O */
|
||||||
|
loadmodule "chanmodes/nonotice"; /* +T */
|
||||||
|
loadmodule "chanmodes/regonly"; /* +R */
|
||||||
|
loadmodule "chanmodes/nonickchange"; /* +N */
|
||||||
|
loadmodule "chanmodes/nokick"; /* +Q */
|
||||||
|
loadmodule "chanmodes/regonlyspeak"; /* +M */
|
||||||
|
loadmodule "chanmodes/secureonly"; /* +z */
|
||||||
|
loadmodule "chanmodes/history"; /* +H */
|
||||||
|
|
||||||
|
|
||||||
|
/*** User modes ***/
|
||||||
|
loadmodule "usermodes/bot"; /* +B (mark yourself as a bot) */
|
||||||
|
loadmodule "usermodes/servicebot"; /* +S (service bot) */
|
||||||
|
loadmodule "usermodes/noctcp"; /* +T (block CTCP's) */
|
||||||
|
loadmodule "usermodes/censor"; /* +G (censor bad words) */
|
||||||
|
loadmodule "usermodes/showwhois"; /* +W (show if someone does /WHOIS) */
|
||||||
|
loadmodule "usermodes/privacy"; /* +p (privacy, hide channels in /WHOIS) */
|
||||||
|
loadmodule "usermodes/nokick"; /* +q (unkickable oper) */
|
||||||
|
loadmodule "usermodes/regonlymsg"; /* +R (only registered users may private message you) */
|
||||||
|
loadmodule "usermodes/secureonlymsg"; /* +Z (only SSL/TLS users may private message you) */
|
||||||
|
loadmodule "usermodes/privdeaf"; /* +D (don't let other user PM you) */
|
||||||
|
|
||||||
|
|
||||||
|
/*** Server notice masks */
|
||||||
|
loadmodule "snomasks/dccreject"; /* +D (rejected DCC's) */
|
||||||
|
|
||||||
|
|
||||||
|
/*** Extended Bans ***/
|
||||||
|
loadmodule "extbans/join"; /* +b ~j (prevent only joins) */
|
||||||
|
loadmodule "extbans/quiet"; /* +b ~q (prevent only messaging) */
|
||||||
|
loadmodule "extbans/nickchange"; /* +b ~n (prevent only nick changes) */
|
||||||
|
loadmodule "extbans/realname"; /* +b ~r (ban by real name) */
|
||||||
|
loadmodule "extbans/account"; /* +b ~a (ban/exempt if logged in with services account) */
|
||||||
|
loadmodule "extbans/inchannel"; /* +b ~c (ban/exempt if in channel) */
|
||||||
|
loadmodule "extbans/operclass"; /* +b ~O (ban/exempt by operclass) */
|
||||||
|
loadmodule "extbans/certfp"; /* +b ~S (ban/exempt by certfp) */
|
||||||
|
loadmodule "extbans/textban"; /* +b ~T (censor or block text) */
|
||||||
|
loadmodule "extbans/msgbypass"; /* +e ~m (bypass message restrictions) */
|
||||||
|
loadmodule "extbans/timedban"; /* +b ~t (timed bans / temporary bans) */
|
||||||
|
loadmodule "extbans/partmsg"; /* +b ~p (hide part/quit message) */
|
||||||
|
loadmodule "extbans/securitygroup"; /* +b ~G (security group) */
|
||||||
|
|
||||||
|
|
||||||
|
/** IRCv3 extensions */
|
||||||
|
loadmodule "account-notify"; /* send ACCOUNT message upon services account login */
|
||||||
|
loadmodule "message-tags"; /* add tags to messages, required for various IRCv3 features */
|
||||||
|
loadmodule "batch"; /* also required for several IRCv3 features */
|
||||||
|
loadmodule "server-time"; /* adds server timestamp to various messages */
|
||||||
|
loadmodule "message-ids"; /* adds unique msgid to various messages */
|
||||||
|
loadmodule "account-tag"; /* adds services account information to messages */
|
||||||
|
loadmodule "echo-message"; /* shows clients if their messages are altered/filtered */
|
||||||
|
loadmodule "labeled-response"; /* correlate requests and responses easily */
|
||||||
|
loadmodule "bot-tag"; /* indicate the message comes from a bot (draft/bot) */
|
||||||
|
loadmodule "typing-indicator"; /* typing indicator in PM and channels (+typing) */
|
||||||
|
loadmodule "reply-tag"; /* indicate to which message you are responding (+draft/reply) */
|
||||||
|
loadmodule "clienttagdeny"; /* informs clients about supported client-only message tags */
|
||||||
|
loadmodule "sts"; /* strict transport policy (set::tls::sts-policy) */
|
||||||
|
loadmodule "link-security"; /* link-security announce */
|
||||||
|
loadmodule "plaintext-policy"; /* plaintext-policy announce */
|
||||||
|
loadmodule "chathistory"; /* CHATHISTORY client command, 005 and a CAP (draft) */
|
||||||
|
|
||||||
|
|
||||||
|
/*** Other ***/
|
||||||
|
// These are modules that don't fit in any of the previous sections
|
||||||
|
loadmodule "ident_lookup"; /* Ident lookups if set::options::identd-check is set*/
|
||||||
|
loadmodule "certfp"; /* SSL/TLS certificate fingerprint in /WHOIS (& more) */
|
||||||
|
loadmodule "tls_antidos"; /* prevent TLS DoS (renegotiate floods) */
|
||||||
|
loadmodule "webirc"; /* WEBIRC command. See webirc block. */
|
||||||
|
loadmodule "blacklist"; /* Blacklist support (DNSBL). See blacklist block. */
|
||||||
|
loadmodule "jointhrottle"; /* set::anti-flood::join-flood (previously chanmode +j) */
|
||||||
|
loadmodule "charsys"; /* Provides set::allowed-nickchars (must always be loaded!) */
|
||||||
|
loadmodule "authprompt"; /* Authentication prompt, see set::authentication-prompt */
|
||||||
|
loadmodule "history_backend_mem"; /* History storage backend (used by chanmodes/history) */
|
||||||
|
loadmodule "tkldb"; /* Write TKLines to .db file */
|
||||||
|
loadmodule "channeldb"; /* Write channel settings to .db file (+P channels only) */
|
||||||
|
loadmodule "rmtkl"; /* Easily remove *-Lines in bulk with /RMTKL */
|
||||||
|
loadmodule "restrict-commands"; /* Provides set::restrict-commands settings */
|
||||||
|
loadmodule "reputation"; /* used by Connthrottle and others, see next */
|
||||||
|
loadmodule "connthrottle"; /* see https://www.unrealircd.org/docs/Connthrottle */
|
||||||
|
loadmodule "userip-tag"; /* unrealircd.org/userip tag for ircops */
|
||||||
|
loadmodule "userhost-tag"; /* unrealircd.org/userhost tag for ircops */
|
||||||
|
loadmodule "targetfloodprot"; /* set::anti-flood::target-flood protection */
|
183
conf/modules.optional.conf
Normal file
183
conf/modules.optional.conf
Normal file
@ -0,0 +1,183 @@
|
|||||||
|
/* This file will load all optional modules. These are features that
|
||||||
|
* not everyone will use or are considered experimental.
|
||||||
|
* You can include this file from your unrealircd.conf like this:
|
||||||
|
* include "modules.optional.conf";
|
||||||
|
* OR... and this is probably a better idea... you can copy-paste it
|
||||||
|
* to another file where you do your own customizations.
|
||||||
|
*
|
||||||
|
* DO NOT EDIT THIS FILE! IT WILL BE OVERWRITTEN DURING NEXT UPGRADE!!
|
||||||
|
* If you want to customize, make a copy of this file (for example
|
||||||
|
* name it modules.custom.conf) and edit it.
|
||||||
|
* Then include that file from your unrealircd.conf instead of this one.
|
||||||
|
*/
|
||||||
|
|
||||||
|
/*** Commands ***/
|
||||||
|
|
||||||
|
// This add the /IRCOPS command: A more visual way for users
|
||||||
|
// to see which IRCOps are online.
|
||||||
|
loadmodule "ircops";
|
||||||
|
|
||||||
|
// This adds the /STAFF command: This command simply displays
|
||||||
|
// a text file that you can configure here:
|
||||||
|
loadmodule "staff";
|
||||||
|
set { staff-file "network.staff"; }
|
||||||
|
|
||||||
|
|
||||||
|
/*** Channel modes ***/
|
||||||
|
|
||||||
|
// The following module ('nocodes') is not a true channel mode.
|
||||||
|
// It simply enhances the existing channel mode +S/+c to include
|
||||||
|
// stripping/blocking of bold, underline and italic text.
|
||||||
|
loadmodule "nocodes";
|
||||||
|
|
||||||
|
|
||||||
|
/*** Other ***/
|
||||||
|
|
||||||
|
// The hideserver module will hide /MAP and /LINKS to regular users.
|
||||||
|
// It does not truly enhance security as server names can still be
|
||||||
|
// seen at other places.
|
||||||
|
// Comment out the following line to enable this:
|
||||||
|
// loadmodule "hideserver";
|
||||||
|
|
||||||
|
// The antirandom module will kill or *line users that have a nick,
|
||||||
|
// ident and/or realname that is considered "random".
|
||||||
|
// This helps to combat simple botnets/drones.
|
||||||
|
// Note that failure to set the right settings may ban innocent users.
|
||||||
|
// This is especially true if you are on a non-English network where
|
||||||
|
// the module may consider a sequence of characters "random" even though
|
||||||
|
// it is a perfectly pronounceable word in your language.
|
||||||
|
loadmodule "antirandom";
|
||||||
|
set {
|
||||||
|
antirandom {
|
||||||
|
/* THRESHOLD:
|
||||||
|
* This is pretty much the most important setting of all.
|
||||||
|
* For every randomly looking ident the user gets a certain amount of
|
||||||
|
* 'points', if this value reaches 'threshold' then the appropriate
|
||||||
|
* action is taken (killed, *lined, see later on).
|
||||||
|
* lower = more randomly looking users will be catched (but also more
|
||||||
|
* innocent users)
|
||||||
|
* higher = less chance of innocent users getting killed, but also less
|
||||||
|
* chance on bots getting catched.
|
||||||
|
* <2: DON'T!!
|
||||||
|
* 4: Works good, probably a few more innocent kills but if you got
|
||||||
|
* quite a bot problem then this might be a useful setting.
|
||||||
|
* 5: Works well with few innocent kills, probably good to begin with.
|
||||||
|
* 6: If you want to be a tad more careful
|
||||||
|
* >6: For the paranoid. Module can still be quite effective, though :)
|
||||||
|
*/
|
||||||
|
threshold 7;
|
||||||
|
|
||||||
|
/* BAN-ACTION:
|
||||||
|
* Action to take whenever the user is catched as random, options:
|
||||||
|
* warn, kill, gline, gzline, kline, zline, shun, tempshun
|
||||||
|
*/
|
||||||
|
ban-action kill;
|
||||||
|
|
||||||
|
/* BAN-TIME:
|
||||||
|
* Time to ban the user (irrelevant for tempshun/kill).
|
||||||
|
* Something between 1 hour and 2 days is recommended.
|
||||||
|
* If you set it higher than 3 or 4 days then you get quite a risk
|
||||||
|
* of catching innocent users due to dynamic IP, not to mention
|
||||||
|
* your *line list gets filled up... so choose it wisely.
|
||||||
|
*/
|
||||||
|
ban-time 4h;
|
||||||
|
|
||||||
|
/* BAN-REASON:
|
||||||
|
* The ban (or kill) reason to use.
|
||||||
|
* You might want to put in an entry to a FAQ or an email address
|
||||||
|
* where users can mail if they have been catched and don't know what to do.
|
||||||
|
* NOTE: One of the various reasons that ""innocent users"" are catched is
|
||||||
|
* if they just randomly type in info for their nick, ident, or realname.
|
||||||
|
*/
|
||||||
|
ban-reason "You look like a bot. Be sure to fill in your nick/ident/realname properly.";
|
||||||
|
|
||||||
|
/* CONVERT-TO-LOWERCASE:
|
||||||
|
* Convert nicks, idents, and realnames to lowercase before doing random checks?
|
||||||
|
* This has not been tested extensively for false positives, but might be (very)
|
||||||
|
* helpful to catch GnStA5FYhiTH51TUkf style random nicks as random.
|
||||||
|
* Enabled by default.
|
||||||
|
*/
|
||||||
|
convert-to-lowercase yes;
|
||||||
|
|
||||||
|
/* FULLSTATUS-ON-LOAD:
|
||||||
|
* If enabled, then upon loading it will check all users that are currently
|
||||||
|
* connected and give a status report about who it would have killed.
|
||||||
|
* Note that it doesn't actually kill any currently connected users, it is for
|
||||||
|
* informative purposes only.
|
||||||
|
* This can be (very) useful if you use the module for the first time.
|
||||||
|
* But you probably want to disable it after a while, since once the module
|
||||||
|
* is actively dealing with randomly looking persons, it shouldn't report any
|
||||||
|
* users anymore on load and then this check only eats useless CPU on /REHASH.
|
||||||
|
* Enabled by default.
|
||||||
|
*/
|
||||||
|
fullstatus-on-load yes;
|
||||||
|
|
||||||
|
/* SHOW-FAILEDCONNECTS:
|
||||||
|
* This will send out a notice whenever a randomly looking user has been catched
|
||||||
|
* during connecting. Obviously this can be pretty noisy.
|
||||||
|
* Especially recommended to enable during the first few days you use this module.
|
||||||
|
*/
|
||||||
|
show-failedconnects yes;
|
||||||
|
|
||||||
|
/* EXCEPT-HOSTS:
|
||||||
|
* Hostmasks on this list are matched against the IP and hostname of the connecting
|
||||||
|
* user. If it matches then we do not check if the nick/ident/realname is random.
|
||||||
|
* NOTE: Use the REAL host or IP here, not any cloaked hosts!
|
||||||
|
*/
|
||||||
|
except-hosts {
|
||||||
|
mask 192.168.0.0/16;
|
||||||
|
mask 127.0.0.0/8;
|
||||||
|
}
|
||||||
|
|
||||||
|
/* EXCEPT-WEBIRC:
|
||||||
|
* This will make antirandom not check connections from WEBIRC gateways.
|
||||||
|
* ( see https://www.unrealircd.org/docs/WebIRC_block )
|
||||||
|
* It seems WEBIRC connections frequently cause false positives so the
|
||||||
|
* default is 'yes'.
|
||||||
|
*/
|
||||||
|
except-webirc yes;
|
||||||
|
}
|
||||||
|
}
|
||||||
|
|
||||||
|
// This module will send a HTTP 301 redirect to any client which sends
|
||||||
|
// a HTTP request to us. This is commented out by default:
|
||||||
|
//loadmodule "webredir";
|
||||||
|
//set {
|
||||||
|
// webredir {
|
||||||
|
// url "https://...";
|
||||||
|
// }
|
||||||
|
//}
|
||||||
|
|
||||||
|
// This adds websocket support. For more information, see:
|
||||||
|
// https://www.unrealircd.org/docs/WebSocket_support
|
||||||
|
loadmodule "websocket";
|
||||||
|
|
||||||
|
// This module will detect and stop spam containing of characters of
|
||||||
|
// mixed "scripts", where (for example) some characters are in
|
||||||
|
// Latin script and other characters are in Cyrillic script.
|
||||||
|
loadmodule "antimixedutf8";
|
||||||
|
set {
|
||||||
|
antimixedutf8 {
|
||||||
|
/* Take action at this 'score' (lower = more sensitive)
|
||||||
|
*
|
||||||
|
* A score of 2 or 3 will catch a lot but also
|
||||||
|
* catch innocent users who are not using a pure
|
||||||
|
* Latin script, such as Russian people who
|
||||||
|
* commonly use a mix of Latin and Cyrillic.
|
||||||
|
*
|
||||||
|
* A score of 8 is a safe default.
|
||||||
|
*/
|
||||||
|
score 8;
|
||||||
|
|
||||||
|
/* Action to take, see:
|
||||||
|
* https://www.unrealircd.org/docs/Actions
|
||||||
|
*/
|
||||||
|
ban-action block;
|
||||||
|
|
||||||
|
/* Block/kill/ban reason (sent to user) */
|
||||||
|
ban-reason "Mixed character spam";
|
||||||
|
|
||||||
|
/* Duration of ban (does not apply to block/kill) */
|
||||||
|
ban-time 4h; // For other types
|
||||||
|
}
|
||||||
|
}
|
21
conf/modules.sources.list
Normal file
21
conf/modules.sources.list
Normal file
@ -0,0 +1,21 @@
|
|||||||
|
#
|
||||||
|
# This file contains the list of repositories that are used
|
||||||
|
# by the './unrealircd module' command.
|
||||||
|
# Note that 3rd party modules are NOT written by the UnrealIRCd team.
|
||||||
|
# Use such modules at your own risk. In case of problems, contact
|
||||||
|
# the module author. For more information, see:
|
||||||
|
# https://www.unrealircd.org/docs/Module_manager
|
||||||
|
#
|
||||||
|
|
||||||
|
#
|
||||||
|
# This is the unrealircd-contrib repository which is added by default in
|
||||||
|
# UnrealIRCd 5 to make it easy for users to install 3rd party modules.
|
||||||
|
# If you are a module coder and want to add your module to this repository
|
||||||
|
# as well, then read the rules and procedure at:
|
||||||
|
# https://www.unrealircd.org/docs/Rules_for_3rd_party_modules_in_unrealircd-contrib
|
||||||
|
#
|
||||||
|
https://modules.unrealircd.org/modules.list
|
||||||
|
|
||||||
|
# You can add more repositories here. However, do note that all
|
||||||
|
# URLs MUST start with https://
|
||||||
|
|
144
conf/operclass.default.conf
Normal file
144
conf/operclass.default.conf
Normal file
@ -0,0 +1,144 @@
|
|||||||
|
/* This file defines a number of default operclass blocks which you can
|
||||||
|
* use in your oper blocks (via oper::operclass).
|
||||||
|
*
|
||||||
|
* This file is normally included from your unrealircd.conf through:
|
||||||
|
* include "operclass.default.conf";
|
||||||
|
*
|
||||||
|
* The operclass block is extensively documented at:
|
||||||
|
* https://www.unrealircd.org/docs/Operclass_block
|
||||||
|
* And the permissions itself (operclass::permissions) at:
|
||||||
|
* https://www.unrealircd.org/docs/Operclass_permissions
|
||||||
|
*
|
||||||
|
* DO NOT EDIT THIS FILE! IT WILL BE OVERWRITTEN DURING NEXT UPGRADE!!
|
||||||
|
* Instead, if you want to change the permissions in an operclass block,
|
||||||
|
* you should copy the definition, or this entire file, to either your
|
||||||
|
* unrealircd.conf or some other file (eg: operclass.conf) that you
|
||||||
|
* you will include from your unrealircd.conf.
|
||||||
|
* Then edit it, and while doing so don't forget to change the name
|
||||||
|
* of your custom operclass block(s), so operclass <name>.
|
||||||
|
*/
|
||||||
|
|
||||||
|
/* Local IRC Operator */
|
||||||
|
operclass locop {
|
||||||
|
permissions {
|
||||||
|
chat;
|
||||||
|
channel { operonly; override { flood; } }
|
||||||
|
client { see; }
|
||||||
|
immune;
|
||||||
|
self { getbaddcc; opermodes; set; }
|
||||||
|
server { opermotd; info; close; module; dns; rehash; }
|
||||||
|
route { local; }
|
||||||
|
kill { local; }
|
||||||
|
server-ban {
|
||||||
|
kline;
|
||||||
|
zline { local; }
|
||||||
|
}
|
||||||
|
}
|
||||||
|
}
|
||||||
|
|
||||||
|
/* Global IRC Operator */
|
||||||
|
operclass globop {
|
||||||
|
permissions {
|
||||||
|
chat;
|
||||||
|
channel { operonly; see; override { flood; } }
|
||||||
|
client;
|
||||||
|
immune;
|
||||||
|
self { getbaddcc; opermodes; set; }
|
||||||
|
server { opermotd; info; close; module; dns; rehash;
|
||||||
|
remote; tsctl { view; } }
|
||||||
|
route;
|
||||||
|
kill;
|
||||||
|
server-ban { dccdeny; shun; zline; kline; gline; }
|
||||||
|
}
|
||||||
|
}
|
||||||
|
|
||||||
|
/* Server administrator */
|
||||||
|
operclass admin {
|
||||||
|
permissions {
|
||||||
|
chat;
|
||||||
|
channel { operonly; see; override { flood; } }
|
||||||
|
client;
|
||||||
|
immune;
|
||||||
|
self { getbaddcc; opermodes; set; }
|
||||||
|
server { opermotd; info; close; module; dns; rehash;
|
||||||
|
remote; description; addmotd;
|
||||||
|
addomotd; tsctl { view; } }
|
||||||
|
route;
|
||||||
|
kill;
|
||||||
|
server-ban;
|
||||||
|
}
|
||||||
|
}
|
||||||
|
|
||||||
|
/* Services Admin */
|
||||||
|
operclass services-admin {
|
||||||
|
permissions {
|
||||||
|
chat;
|
||||||
|
channel { operonly; see; override { flood; } }
|
||||||
|
client;
|
||||||
|
immune;
|
||||||
|
self { getbaddcc; opermodes; set; }
|
||||||
|
server { opermotd; info; close; module; dns; rehash;
|
||||||
|
remote; description; addmotd;
|
||||||
|
addomotd; tsctl { view; } }
|
||||||
|
route;
|
||||||
|
kill;
|
||||||
|
server-ban;
|
||||||
|
sacmd;
|
||||||
|
services;
|
||||||
|
}
|
||||||
|
}
|
||||||
|
|
||||||
|
/* Network Administrator */
|
||||||
|
operclass netadmin {
|
||||||
|
permissions {
|
||||||
|
chat;
|
||||||
|
channel { operonly; see; override { flood; } }
|
||||||
|
client;
|
||||||
|
immune;
|
||||||
|
self { getbaddcc; opermodes; set; }
|
||||||
|
server { opermotd; info; close; module; dns; rehash;
|
||||||
|
remote; description; addmotd;
|
||||||
|
addomotd; tsctl; }
|
||||||
|
route;
|
||||||
|
kill;
|
||||||
|
server-ban;
|
||||||
|
sacmd;
|
||||||
|
services;
|
||||||
|
}
|
||||||
|
}
|
||||||
|
|
||||||
|
/* Same as 'globop' operclass, but with OperOverride capabilities added */
|
||||||
|
operclass globop-with-override {
|
||||||
|
parent globop;
|
||||||
|
permissions {
|
||||||
|
channel { operonly; see; override; }
|
||||||
|
self { getbaddcc; opermodes; set; unkickablemode; }
|
||||||
|
}
|
||||||
|
}
|
||||||
|
|
||||||
|
/* Same as 'admin' operclass, but with OperOverride capabilities added */
|
||||||
|
operclass admin-with-override {
|
||||||
|
parent admin;
|
||||||
|
permissions {
|
||||||
|
channel { operonly; see; override; }
|
||||||
|
self { getbaddcc; opermodes; set; unkickablemode; }
|
||||||
|
}
|
||||||
|
}
|
||||||
|
|
||||||
|
/* Same as 'services-admin' operclass, but with OperOverride capabilities added */
|
||||||
|
operclass services-admin-with-override {
|
||||||
|
parent services-admin;
|
||||||
|
permissions {
|
||||||
|
channel { operonly; see; override; }
|
||||||
|
self { getbaddcc; opermodes; set; unkickablemode; }
|
||||||
|
}
|
||||||
|
}
|
||||||
|
|
||||||
|
/* Same as 'netadmin' operclass, but with OperOverride capabilities added */
|
||||||
|
operclass netadmin-with-override {
|
||||||
|
parent netadmin;
|
||||||
|
permissions {
|
||||||
|
channel { operonly; see; override; }
|
||||||
|
self { getbaddcc; opermodes; set; unkickablemode; }
|
||||||
|
}
|
||||||
|
}
|
154
conf/spamfilter.conf
Normal file
154
conf/spamfilter.conf
Normal file
@ -0,0 +1,154 @@
|
|||||||
|
/*
|
||||||
|
* This configuration file contains example spamfilter rules.
|
||||||
|
* They are real rules that were useful a long time ago.
|
||||||
|
* Since 2005 these rules are no longer maintained.
|
||||||
|
* The main purpose nowadays is to serve as an example
|
||||||
|
* to give you an idea of how powerful spamfilters can
|
||||||
|
* be in real-life situations.
|
||||||
|
*
|
||||||
|
* Documentation on spamfilter is available at:
|
||||||
|
* https://www.unrealircd.org/docs/Spamfilter
|
||||||
|
*/
|
||||||
|
|
||||||
|
/* General note:
|
||||||
|
* If you want to use a \ in a spamfilter, or in fact
|
||||||
|
* anywhere in the configuration file, then you need
|
||||||
|
* to escape this to \\ instead.
|
||||||
|
*/
|
||||||
|
|
||||||
|
|
||||||
|
/* First some spamfilters with match-type 'simple'.
|
||||||
|
* The only matchers available are * and ?
|
||||||
|
* PRO's: very fast, easy matching: everyone can do this.
|
||||||
|
* CON's: limited ability to fine-tune spamfilters
|
||||||
|
*/
|
||||||
|
|
||||||
|
spamfilter {
|
||||||
|
match-type simple;
|
||||||
|
match "Come watch me on my webcam and chat /w me :-) http://*:*/me.mpg";
|
||||||
|
target private;
|
||||||
|
action gline;
|
||||||
|
reason "Infected by fyle trojan: see http://www.sophos.com/virusinfo/analyses/trojfylexa.html";
|
||||||
|
}
|
||||||
|
|
||||||
|
/* This signature uses a \ which has to escaped to \\ in the configuration file */
|
||||||
|
spamfilter {
|
||||||
|
match-type simple;
|
||||||
|
match "C:\\WINNT\\system32\\*.zip";
|
||||||
|
target dcc;
|
||||||
|
action block;
|
||||||
|
reason "Infected by Gaggle worm?";
|
||||||
|
}
|
||||||
|
|
||||||
|
spamfilter {
|
||||||
|
match-type simple;
|
||||||
|
match "Speed up your mIRC DCC Transfer by up to 75%*www.freewebs.com/mircupdate/mircspeedup.exe";
|
||||||
|
target private;
|
||||||
|
action gline;
|
||||||
|
reason "Infected by mirseed trojan: see http://www.sophos.com/virusinfo/analyses/trojmirseeda.html";
|
||||||
|
}
|
||||||
|
|
||||||
|
spamfilter {
|
||||||
|
match-type simple;
|
||||||
|
match "STOP SPAM, USE THIS COMMAND: //write nospam $decode(*) | .load -rs nospam | //mode $me +R";
|
||||||
|
target private;
|
||||||
|
action gline;
|
||||||
|
reason "Infected by nkie worm: see http://www.trojaninfo.com/nkie/nkie.htm";
|
||||||
|
}
|
||||||
|
|
||||||
|
|
||||||
|
/* Now spamfilters of type 'regex'.
|
||||||
|
* These use powerful regular expressions (Perl/PCRE style)
|
||||||
|
* You may have to learn more about "regex" first before you
|
||||||
|
* can use them. For example the dot ('.') has special meaning.
|
||||||
|
*/
|
||||||
|
|
||||||
|
/* This regex shows a pattern which requires 20 paramaters,
|
||||||
|
* such as "x x x x x x x x x x x x x x x x x x x x"
|
||||||
|
*/
|
||||||
|
spamfilter {
|
||||||
|
match-type regex;
|
||||||
|
match "\x01DCC (SEND|RESUME)[ ]+\"(.+ ){20}";
|
||||||
|
target { private; channel; }
|
||||||
|
action kill;
|
||||||
|
reason "mIRC 6.0-6.11 exploit attempt";
|
||||||
|
}
|
||||||
|
|
||||||
|
/* Similarly, this regex shows a pattern that matches
|
||||||
|
* against at least 225 characters in length.
|
||||||
|
*/
|
||||||
|
spamfilter {
|
||||||
|
match-type regex;
|
||||||
|
match "\x01DCC (SEND|RESUME).{225}";
|
||||||
|
target { private; channel; }
|
||||||
|
action kill;
|
||||||
|
reason "Possible mIRC 6.12 exploit attempt";
|
||||||
|
}
|
||||||
|
|
||||||
|
/* Earlier you saw an example of a $decode exploit which used
|
||||||
|
* match-type 'simple' and - indeed - the filter was quite simple.
|
||||||
|
* The following uses a regex with a similar example.
|
||||||
|
* Regular expressions are very powerful but here you can see
|
||||||
|
* that it actually complicates writing a filter quite a bit.
|
||||||
|
* With regex in this filter we need to escape the ( and all
|
||||||
|
* the dots, question marks, etc. if we want to match these
|
||||||
|
* characters in literal text.
|
||||||
|
*/
|
||||||
|
spamfilter {
|
||||||
|
match-type regex;
|
||||||
|
match "^Want To Be An IRCOp\? Try This New Bug Type: //write \$decode\(.+=.?,m\) \| \.load -rs \$decode\(.+=.?,m\)$";
|
||||||
|
target private;
|
||||||
|
action block;
|
||||||
|
reason "Spamming users with an mIRC trojan. Type '/unload -rs newb' to remove the trojan.";
|
||||||
|
}
|
||||||
|
|
||||||
|
spamfilter {
|
||||||
|
match-type regex;
|
||||||
|
match "^http://www\.angelfire\.com/[a-z0-9]+/[a-z0-9]+/[a-z_]+\.jpg <- .*!";
|
||||||
|
target private;
|
||||||
|
action block;
|
||||||
|
reason "Infected by fagot worm: see http://www.f-secure.com/v-descs/fagot.shtml";
|
||||||
|
}
|
||||||
|
|
||||||
|
/* This shows a regex which specifically matches an entire line by
|
||||||
|
* the use of ^ and $
|
||||||
|
*/
|
||||||
|
spamfilter {
|
||||||
|
match-type regex;
|
||||||
|
match "^!login Wasszup!$";
|
||||||
|
target channel;
|
||||||
|
action gline;
|
||||||
|
reason "Attempting to login to a GTBot";
|
||||||
|
}
|
||||||
|
|
||||||
|
/* An example of how to match against an IP address in text (IPv4 only) */
|
||||||
|
spamfilter {
|
||||||
|
match-type regex;
|
||||||
|
match "^!packet ([0-9]{1,3}\.){3}[0-9]{1,3} [0-9]{1,15}";
|
||||||
|
target channel;
|
||||||
|
action gline;
|
||||||
|
reason "Attempting to use a GTBot";
|
||||||
|
}
|
||||||
|
|
||||||
|
/* A slightly more complex example with a partial OR matcher (|) */
|
||||||
|
spamfilter {
|
||||||
|
match-type regex;
|
||||||
|
match "(^wait a minute plz\. i am updating my site|.*my erotic video).*http://.+/erotic(a)?/myvideo\.exe$";
|
||||||
|
target private;
|
||||||
|
action gline;
|
||||||
|
reason "Infected by some trojan (erotica?)";
|
||||||
|
}
|
||||||
|
|
||||||
|
/* In regex a \ is special and needs to be escaped to \\
|
||||||
|
* However in this configuration file, \ is also special and
|
||||||
|
* needs to be escaped to \\ as well.
|
||||||
|
* The result is that we need double escaping:
|
||||||
|
* To match a \ you need to write \\\\ in the configuration file.
|
||||||
|
*/
|
||||||
|
spamfilter {
|
||||||
|
match-type regex;
|
||||||
|
match "C:\\\\WINNT\\\\system32\\\\(notes|videos|xxx|ManualSeduccion|postal|hechizos|images|sex|avril)\.zip";
|
||||||
|
target dcc;
|
||||||
|
action dccblock;
|
||||||
|
reason "Infected by Gaggle worm";
|
||||||
|
}
|
3154
conf/tls/curl-ca-bundle.crt
Normal file
3154
conf/tls/curl-ca-bundle.crt
Normal file
File diff suppressed because it is too large
Load Diff
592
conf/unrealircd.conf.example
Normal file
592
conf/unrealircd.conf.example
Normal file
@ -0,0 +1,592 @@
|
|||||||
|
/* Configuration file for UnrealIRCd 5
|
||||||
|
*
|
||||||
|
* Simply copy this file to your conf/ directory, call it
|
||||||
|
* 'unrealircd.conf' and walk through it line by line (edit it!)
|
||||||
|
*
|
||||||
|
* Important: All lines, except { and } end with an ;
|
||||||
|
* This is very important, if you miss a ; somewhere then the
|
||||||
|
* configuration file parser will complain and the file will not
|
||||||
|
* be processed correctly!
|
||||||
|
* If this is your first experience with an UnrealIRCd configuration
|
||||||
|
* file then we really recommend you to read a little about the syntax,
|
||||||
|
* this only takes a few minutes and will help you a lot:
|
||||||
|
* https://www.unrealircd.org/docs/Configuration#Configuration_file_syntax
|
||||||
|
*
|
||||||
|
* UnrealIRCd 5 documentation (very extensive!):
|
||||||
|
* https://www.unrealircd.org/docs/UnrealIRCd_5_documentation
|
||||||
|
*
|
||||||
|
* Frequently Asked Questions:
|
||||||
|
* https://www.unrealircd.org/docs/FAQ
|
||||||
|
*
|
||||||
|
*/
|
||||||
|
|
||||||
|
/* This is a comment, all text here is ignored (comment type #1) */
|
||||||
|
// This is also a comment, this line is ignored (comment type #2)
|
||||||
|
# This is also a comment, again this line is ignored (comment type #3)
|
||||||
|
|
||||||
|
/* UnrealIRCd makes heavy use of modules. Modules allow you to completely
|
||||||
|
* customize the featureset you wish to enable in UnrealIRCd.
|
||||||
|
* See: https://www.unrealircd.org/docs/Modules
|
||||||
|
*
|
||||||
|
* By using the include below we instruct the IRCd to read the file
|
||||||
|
* 'modules.default.conf' which will load more than 150 modules
|
||||||
|
* shipped with UnrealIRCd. In other words: this will simply load
|
||||||
|
* all the available features in UnrealIRCd.
|
||||||
|
* If you are setting up UnrealIRCd for the first time we suggest you
|
||||||
|
* use this. Then, when everything is up and running you can come
|
||||||
|
* back later to customize the list (if you wish).
|
||||||
|
*/
|
||||||
|
include "modules.default.conf";
|
||||||
|
|
||||||
|
/* Now let's include some other files as well:
|
||||||
|
* - help/help.conf for our on-IRC /HELPOP system
|
||||||
|
* - badwords.conf for channel and user mode +G
|
||||||
|
* - spamfilter.conf as an example for spamfilter usage
|
||||||
|
* (commented out)
|
||||||
|
* - operclass.default.conf contains some good operclasses which
|
||||||
|
* you can use in your oper blocks.
|
||||||
|
*/
|
||||||
|
include "help/help.conf";
|
||||||
|
include "badwords.conf";
|
||||||
|
//include "spamfilter.conf";
|
||||||
|
include "operclass.default.conf";
|
||||||
|
|
||||||
|
/* This is the me { } block which basically says who we are.
|
||||||
|
* It defines our server name, some information line and an unique "sid".
|
||||||
|
* The server id (sid) must start with a digit followed by two digits or
|
||||||
|
* letters. The sid must be unique for your IRC network (each server should
|
||||||
|
* have it's own sid).
|
||||||
|
*/
|
||||||
|
me {
|
||||||
|
name "irc.example.org";
|
||||||
|
info "ExampleNET Server";
|
||||||
|
sid "001";
|
||||||
|
}
|
||||||
|
|
||||||
|
/* The admin { } block defines what users will see if they type /ADMIN.
|
||||||
|
* It normally contains information on how to contact the administrator.
|
||||||
|
*/
|
||||||
|
admin {
|
||||||
|
"Bob Smith";
|
||||||
|
"bob";
|
||||||
|
"email@example.org";
|
||||||
|
}
|
||||||
|
|
||||||
|
/* Clients and servers are put in class { } blocks, we define them here.
|
||||||
|
* Class blocks consist of the following items:
|
||||||
|
* - pingfreq: how often to ping a user / server (in seconds)
|
||||||
|
* - connfreq: how often we try to connect to this server (in seconds)
|
||||||
|
* - sendq: the maximum queue size for a connection
|
||||||
|
* - recvq: maximum receive queue from a connection (flood control)
|
||||||
|
*/
|
||||||
|
|
||||||
|
/* Client class with good defaults */
|
||||||
|
class clients
|
||||||
|
{
|
||||||
|
pingfreq 90;
|
||||||
|
maxclients 1000;
|
||||||
|
sendq 200k;
|
||||||
|
recvq 8000;
|
||||||
|
}
|
||||||
|
|
||||||
|
/* Special class for IRCOps with higher limits */
|
||||||
|
class opers
|
||||||
|
{
|
||||||
|
pingfreq 90;
|
||||||
|
maxclients 50;
|
||||||
|
sendq 1M;
|
||||||
|
recvq 8000;
|
||||||
|
}
|
||||||
|
|
||||||
|
/* Server class with good defaults */
|
||||||
|
class servers
|
||||||
|
{
|
||||||
|
pingfreq 60;
|
||||||
|
connfreq 15; /* try to connect every 15 seconds */
|
||||||
|
maxclients 10; /* max servers */
|
||||||
|
sendq 20M;
|
||||||
|
}
|
||||||
|
|
||||||
|
/* Allow blocks define which clients may connect to this server.
|
||||||
|
* This allows you to add a server password or restrict the server to
|
||||||
|
* specific IP's only. You also configure the maximum connections
|
||||||
|
* allowed per IP here.
|
||||||
|
* See also: https://www.unrealircd.org/docs/Allow_block
|
||||||
|
*/
|
||||||
|
|
||||||
|
/* Allow everyone in, but only 3 connections per IP */
|
||||||
|
allow {
|
||||||
|
mask *;
|
||||||
|
class clients;
|
||||||
|
maxperip 3;
|
||||||
|
}
|
||||||
|
|
||||||
|
/* Example of a special allow block on a specific IP:
|
||||||
|
* Requires users on that IP to connect with a password. If the password
|
||||||
|
* is correct then it permits 20 connections on that IP.
|
||||||
|
*/
|
||||||
|
allow {
|
||||||
|
mask 192.0.2.1;
|
||||||
|
class clients;
|
||||||
|
password "somesecretpasswd";
|
||||||
|
maxperip 20;
|
||||||
|
}
|
||||||
|
|
||||||
|
/* Oper blocks define your IRC Operators.
|
||||||
|
* IRC Operators are people who have "extra rights" compared to others,
|
||||||
|
* for example they may /KILL other people, initiate server linking,
|
||||||
|
* /JOIN channels even though they are banned, etc.
|
||||||
|
*
|
||||||
|
* For more information about becoming an IRCOp and how to do admin
|
||||||
|
* tasks, see: https://www.unrealircd.org/docs/IRCOp_guide
|
||||||
|
*
|
||||||
|
* For details regarding the oper { } block itself, see
|
||||||
|
* https://www.unrealircd.org/docs/Oper_block
|
||||||
|
*/
|
||||||
|
|
||||||
|
/* Here is an example oper block for 'bobsmith' with password 'test'.
|
||||||
|
* You MUST change this!!
|
||||||
|
*/
|
||||||
|
oper bobsmith {
|
||||||
|
class opers;
|
||||||
|
mask *@*;
|
||||||
|
password "test123";
|
||||||
|
/* Oper permissions are defined in an 'operclass' block.
|
||||||
|
* See https://www.unrealircd.org/docs/Operclass_block
|
||||||
|
* UnrealIRCd ships with a number of default blocks, see
|
||||||
|
* the article for a full list. We choose 'netadmin' here.
|
||||||
|
*/
|
||||||
|
operclass netadmin;
|
||||||
|
swhois "is a Network Administrator";
|
||||||
|
vhost netadmin.example.org;
|
||||||
|
}
|
||||||
|
|
||||||
|
/* Listen blocks define the ports where the server should listen on.
|
||||||
|
* In other words: the ports that clients and servers may use to
|
||||||
|
* connect to this server.
|
||||||
|
*
|
||||||
|
* Syntax:
|
||||||
|
* listen {
|
||||||
|
* {
|
||||||
|
* ip <ip>;
|
||||||
|
* port <port>;
|
||||||
|
* options {
|
||||||
|
* <options....>;
|
||||||
|
* }
|
||||||
|
* }
|
||||||
|
*/
|
||||||
|
|
||||||
|
/* Standard IRC port 6667 */
|
||||||
|
listen {
|
||||||
|
ip *;
|
||||||
|
port 6667;
|
||||||
|
}
|
||||||
|
|
||||||
|
/* Standard IRC SSL/TLS port 6697 */
|
||||||
|
listen {
|
||||||
|
ip *;
|
||||||
|
port 6697;
|
||||||
|
options { tls; }
|
||||||
|
}
|
||||||
|
|
||||||
|
/* Special SSL/TLS servers-only port for linking */
|
||||||
|
listen {
|
||||||
|
ip *;
|
||||||
|
port 6900;
|
||||||
|
options { tls; serversonly; }
|
||||||
|
}
|
||||||
|
|
||||||
|
/* NOTE: If you are on an IRCd shell with multiple IP's and you use
|
||||||
|
* the above listen { } blocks then you will likely get an
|
||||||
|
* 'Address already in use' error and the ircd won't start.
|
||||||
|
* This means you MUST bind to a specific IP instead of '*' like:
|
||||||
|
* listen { ip 1.2.3.4; port 6667; }
|
||||||
|
* Of course, replace the IP with the IP that was assigned to you.
|
||||||
|
*/
|
||||||
|
|
||||||
|
/*
|
||||||
|
* Link blocks allow you to link multiple servers together to form a network.
|
||||||
|
* See https://www.unrealircd.org/docs/Tutorial:_Linking_servers
|
||||||
|
*/
|
||||||
|
link hub.example.org
|
||||||
|
{
|
||||||
|
incoming {
|
||||||
|
mask *@something;
|
||||||
|
}
|
||||||
|
|
||||||
|
outgoing {
|
||||||
|
bind-ip *; /* or explicitly an IP */
|
||||||
|
hostname hub.example.org;
|
||||||
|
port 6900;
|
||||||
|
options { tls; }
|
||||||
|
}
|
||||||
|
|
||||||
|
/* We use the SPKI fingerprint of the other server for authentication.
|
||||||
|
* Run './unrealircd spkifp' on the other side to get it.
|
||||||
|
*/
|
||||||
|
password "AABBCCDDEEFFGGHHIIJJKKLLMMNNOOPPQQRRSSTTUUV=" { spkifp; }
|
||||||
|
|
||||||
|
class servers;
|
||||||
|
}
|
||||||
|
|
||||||
|
/* The link block for services is usually much simpler.
|
||||||
|
* For more information about what Services are,
|
||||||
|
* see https://www.unrealircd.org/docs/Services
|
||||||
|
*/
|
||||||
|
link services.example.org
|
||||||
|
{
|
||||||
|
incoming {
|
||||||
|
mask 127.0.0.1;
|
||||||
|
}
|
||||||
|
|
||||||
|
password "changemeplease";
|
||||||
|
|
||||||
|
class servers;
|
||||||
|
}
|
||||||
|
|
||||||
|
/* U-lines give other servers (even) more power/commands.
|
||||||
|
* If you use services you must add them here.
|
||||||
|
* NEVER put the name of an UnrealIRCd server here!!!
|
||||||
|
*/
|
||||||
|
ulines {
|
||||||
|
services.example.org;
|
||||||
|
}
|
||||||
|
|
||||||
|
/* Here you can add a password for the IRCOp-only /DIE and /RESTART commands.
|
||||||
|
* This is mainly meant to provide a little protection against accidental
|
||||||
|
* restarts and server kills.
|
||||||
|
*/
|
||||||
|
drpass {
|
||||||
|
restart "restart";
|
||||||
|
die "die";
|
||||||
|
}
|
||||||
|
|
||||||
|
/* The log block defines what should be logged and to what file.
|
||||||
|
* See also https://www.unrealircd.org/docs/Log_block
|
||||||
|
*/
|
||||||
|
|
||||||
|
/* This is a good default, it logs everything */
|
||||||
|
log "ircd.log" {
|
||||||
|
flags {
|
||||||
|
oper;
|
||||||
|
connects;
|
||||||
|
server-connects;
|
||||||
|
kills;
|
||||||
|
errors;
|
||||||
|
flood;
|
||||||
|
sadmin-commands;
|
||||||
|
chg-commands;
|
||||||
|
oper-override;
|
||||||
|
tkl;
|
||||||
|
spamfilter;
|
||||||
|
}
|
||||||
|
}
|
||||||
|
|
||||||
|
/* With "aliases" you can create an alias like /SOMETHING to send a message to
|
||||||
|
* some user or bot. They are usually used for services.
|
||||||
|
*
|
||||||
|
* We have a number of pre-set alias files, check out the alias/ directory.
|
||||||
|
* As an example, here we include all aliases used for anope services.
|
||||||
|
*/
|
||||||
|
include "aliases/anope.conf";
|
||||||
|
|
||||||
|
/* Ban nick names so they cannot be used by regular users */
|
||||||
|
ban nick {
|
||||||
|
mask "*C*h*a*n*S*e*r*v*";
|
||||||
|
reason "Reserved for Services";
|
||||||
|
}
|
||||||
|
|
||||||
|
/* Ban ip.
|
||||||
|
* Note that you normally use /KLINE, /GLINE and /ZLINE for this.
|
||||||
|
*/
|
||||||
|
ban ip {
|
||||||
|
mask 195.86.232.81;
|
||||||
|
reason "Hate you";
|
||||||
|
}
|
||||||
|
|
||||||
|
/* Ban server - if we see this server linked to someone then we delink */
|
||||||
|
ban server {
|
||||||
|
mask eris.berkeley.edu;
|
||||||
|
reason "Get out of here.";
|
||||||
|
}
|
||||||
|
|
||||||
|
/* Ban user - just as an example, you normally use /KLINE or /GLINE for this */
|
||||||
|
ban user {
|
||||||
|
mask *tirc@*.saturn.bbn.com;
|
||||||
|
reason "Idiot";
|
||||||
|
}
|
||||||
|
|
||||||
|
/* Ban realname allows you to ban clients based on their 'real name'
|
||||||
|
* or 'gecos' field.
|
||||||
|
*/
|
||||||
|
ban realname {
|
||||||
|
mask "Swat Team";
|
||||||
|
reason "mIRKFORCE";
|
||||||
|
}
|
||||||
|
|
||||||
|
ban realname {
|
||||||
|
mask "sub7server";
|
||||||
|
reason "sub7";
|
||||||
|
}
|
||||||
|
|
||||||
|
/* Ban and TKL exceptions. Allows you to exempt users / machines from
|
||||||
|
* KLINE, GLINE, etc.
|
||||||
|
* If you are an IRCOp with a static IP (and no untrusted persons on that IP)
|
||||||
|
* then we suggest you add yourself here. That way you can always get in
|
||||||
|
* even if you accidentally place a *LINE ban on yourself.
|
||||||
|
*/
|
||||||
|
|
||||||
|
/* except ban protects you from KLINE and ZLINE */
|
||||||
|
except ban {
|
||||||
|
mask *@192.0.2.1;
|
||||||
|
// you may add more mask entries here..
|
||||||
|
}
|
||||||
|
|
||||||
|
/* except ban with type 'all' protects you from GLINE, GZLINE, QLINE, SHUN */
|
||||||
|
except ban {
|
||||||
|
mask *@192.0.2.1;
|
||||||
|
type all;
|
||||||
|
}
|
||||||
|
|
||||||
|
/* With deny dcc blocks you can ban filenames for DCC */
|
||||||
|
deny dcc {
|
||||||
|
filename "*sub7*";
|
||||||
|
reason "Possible Sub7 Virus";
|
||||||
|
}
|
||||||
|
|
||||||
|
/* deny channel allows you to ban a channel (mask) entirely */
|
||||||
|
deny channel {
|
||||||
|
channel "*warez*";
|
||||||
|
reason "Warez is illegal";
|
||||||
|
class "clients";
|
||||||
|
}
|
||||||
|
|
||||||
|
/* VHosts (Virtual Hosts) allow users to acquire a different host.
|
||||||
|
* See https://www.unrealircd.org/docs/Vhost_block
|
||||||
|
*/
|
||||||
|
|
||||||
|
/* Example vhost which you can use. On IRC type: /VHOST test test
|
||||||
|
* NOTE: only people with an 'unrealircd.com' host may use it so
|
||||||
|
* be sure to change the vhost::mask before you test.
|
||||||
|
*/
|
||||||
|
vhost {
|
||||||
|
vhost i.hate.microsefrs.com;
|
||||||
|
mask *@unrealircd.com;
|
||||||
|
login "test";
|
||||||
|
password "test";
|
||||||
|
}
|
||||||
|
|
||||||
|
/* Blacklist blocks will query an external DNS Blacklist service
|
||||||
|
* whenever a user connects, to see if the IP address is known
|
||||||
|
* to cause drone attacks, is a known hacked machine, etc.
|
||||||
|
* Documentation: https://www.unrealircd.org/docs/Blacklist_block
|
||||||
|
* Or just have a look at the blocks below.
|
||||||
|
*/
|
||||||
|
|
||||||
|
/* DroneBL, probably the most popular blacklist used by IRC Servers.
|
||||||
|
* See https://dronebl.org/ for their documentation and the
|
||||||
|
* meaning of the reply types. At time of writing we use types:
|
||||||
|
* 3: IRC Drone, 5: Bottler, 6: Unknown spambot or drone,
|
||||||
|
* 7: DDoS Drone, 8: SOCKS Proxy, 9: HTTP Proxy, 10: ProxyChain,
|
||||||
|
* 11: Web Page Proxy, 12: Open DNS Resolver, 13: Brute force attackers,
|
||||||
|
* 14: Open Wingate Proxy, 15: Compromised router / gateway,
|
||||||
|
* 16: Autorooting worms.
|
||||||
|
*/
|
||||||
|
blacklist dronebl {
|
||||||
|
dns {
|
||||||
|
name dnsbl.dronebl.org;
|
||||||
|
type record;
|
||||||
|
reply { 3; 5; 6; 7; 8; 9; 10; 11; 12; 13; 14; 15; 16; }
|
||||||
|
}
|
||||||
|
action gline;
|
||||||
|
ban-time 24h;
|
||||||
|
reason "Proxy/Drone detected. Check https://dronebl.org/lookup?ip=$ip for details.";
|
||||||
|
}
|
||||||
|
|
||||||
|
/* EFnetRBL, see https://rbl.efnetrbl.org/ for documentation
|
||||||
|
* and the meaning of the reply types.
|
||||||
|
* At time of writing: 1 is open proxy, 4 is TOR, 5 is drones/flooding.
|
||||||
|
*
|
||||||
|
* NOTE: If you want to permit TOR proxies on your server, then
|
||||||
|
* you need to remove the '4;' below in the reply section.
|
||||||
|
*/
|
||||||
|
blacklist efnetrbl {
|
||||||
|
dns {
|
||||||
|
name rbl.efnetrbl.org;
|
||||||
|
type record;
|
||||||
|
reply { 1; 4; 5; }
|
||||||
|
}
|
||||||
|
action gline;
|
||||||
|
ban-time 24h;
|
||||||
|
reason "Proxy/Drone/TOR detected. Check https://rbl.efnetrbl.org/?i=$ip for details.";
|
||||||
|
}
|
||||||
|
|
||||||
|
/* You can include other configuration files */
|
||||||
|
/* include "klines.conf"; */
|
||||||
|
|
||||||
|
/* Network configuration */
|
||||||
|
set {
|
||||||
|
network-name "ExampleNET";
|
||||||
|
default-server "irc.example.org";
|
||||||
|
services-server "services.example.org";
|
||||||
|
stats-server "stats.example.org";
|
||||||
|
help-channel "#Help";
|
||||||
|
hiddenhost-prefix "Clk";
|
||||||
|
prefix-quit "Quit";
|
||||||
|
|
||||||
|
/* Cloak keys should be the same at all servers on the network.
|
||||||
|
* They are used for generating masked hosts and should be kept secret.
|
||||||
|
* The keys should be 3 random strings of 50-100 characters
|
||||||
|
* and must consist of lowcase (a-z), upcase (A-Z) and digits (0-9).
|
||||||
|
* HINT: On *NIX, you can run './unrealircd gencloak' in your shell to let
|
||||||
|
* UnrealIRCd generate 3 random strings for you.
|
||||||
|
*/
|
||||||
|
cloak-keys {
|
||||||
|
"aoAr1HnR6gl3sJ7hVz4Zb7x4YwpW";
|
||||||
|
"aoAr1HnR6gl3sJ7hVz4Zb7x4Yw11";
|
||||||
|
"aoAr1HnR6gl3sJ7hVz4Zb7x4Yw22";
|
||||||
|
}
|
||||||
|
}
|
||||||
|
|
||||||
|
/* Server specific configuration */
|
||||||
|
|
||||||
|
set {
|
||||||
|
kline-address "help@stuzer.link"; /* e-mail or URL shown when a user is banned */
|
||||||
|
modes-on-connect "+ixw"; /* when users connect, they will get these user modes */
|
||||||
|
modes-on-oper "+xws"; /* when someone becomes IRCOp they'll get these modes */
|
||||||
|
modes-on-join "+nt"; /* default channel modes when a new channel is created */
|
||||||
|
oper-auto-join "#opers"; /* IRCOps are auto-joined to this channel */
|
||||||
|
options {
|
||||||
|
hide-ulines; /* hide U-lines in /MAP and /LINKS */
|
||||||
|
show-connect-info; /* show "looking up your hostname" messages on connect */
|
||||||
|
}
|
||||||
|
|
||||||
|
maxchannelsperuser 10; /* maximum number of channels a user may /JOIN */
|
||||||
|
|
||||||
|
/* The minimum time a user must be connected before being allowed to
|
||||||
|
* use a QUIT message. This will hopefully help stop spam.
|
||||||
|
*/
|
||||||
|
anti-spam-quit-message-time 10s;
|
||||||
|
|
||||||
|
/* Or simply set a static quit, meaning any /QUIT reason is ignored */
|
||||||
|
/* static-quit "Client quit"; */
|
||||||
|
|
||||||
|
/* static-part does the same for /PART */
|
||||||
|
/* static-part yes; */
|
||||||
|
|
||||||
|
/* Flood protection:
|
||||||
|
* There are lots of settings for this and most have good defaults.
|
||||||
|
* See https://www.unrealircd.org/docs/Set_block#set::anti-flood
|
||||||
|
*/
|
||||||
|
anti-flood {
|
||||||
|
}
|
||||||
|
|
||||||
|
/* Settings for spam filter */
|
||||||
|
spamfilter {
|
||||||
|
ban-time 1d; /* default duration of a *LINE ban set by spamfilter */
|
||||||
|
ban-reason "Spam/Advertising"; /* default reason */
|
||||||
|
virus-help-channel "#help"; /* channel to use for 'viruschan' action */
|
||||||
|
/* except "#help"; channel to exempt from Spamfilter */
|
||||||
|
}
|
||||||
|
|
||||||
|
/* Restrict certain commands.
|
||||||
|
* See https://www.unrealircd.org/docs/Set_block#set::restrict-commands
|
||||||
|
*/
|
||||||
|
restrict-commands {
|
||||||
|
list {
|
||||||
|
connect-delay 60;
|
||||||
|
exempt-identified yes;
|
||||||
|
exempt-reputation-score 24;
|
||||||
|
}
|
||||||
|
invite {
|
||||||
|
connect-delay 120;
|
||||||
|
exempt-identified yes;
|
||||||
|
exempt-reputation-score 24;
|
||||||
|
}
|
||||||
|
/* In addition to the ability to restrict any command,
|
||||||
|
* such as shown above. There are also 4 special types
|
||||||
|
* that you can restrict. These are "private-message",
|
||||||
|
* "private-notice", "channel-message" and "channel-notice".
|
||||||
|
* They are commented out (disabled) in this example:
|
||||||
|
*/
|
||||||
|
//private-message {
|
||||||
|
// connect-delay 10;
|
||||||
|
//}
|
||||||
|
//private-notice {
|
||||||
|
// connect-delay 10;
|
||||||
|
//}
|
||||||
|
}
|
||||||
|
}
|
||||||
|
|
||||||
|
/*
|
||||||
|
* The following will configure connection throttling of "unknown users".
|
||||||
|
*
|
||||||
|
* When UnrealIRCd detects a high number of users connecting from IP addresses
|
||||||
|
* that have not been seen before, then connections from new IP's are rejected
|
||||||
|
* above the set rate. For example at 10:60 only 10 users per minute can connect
|
||||||
|
* that have not been seen before. Known IP addresses can always get in,
|
||||||
|
* regardless of the set rate. Same for users who login using SASL.
|
||||||
|
*
|
||||||
|
* See also https://www.unrealircd.org/docs/Connthrottle for details.
|
||||||
|
* Or just keep reading the default configuration settings below:
|
||||||
|
*/
|
||||||
|
|
||||||
|
set {
|
||||||
|
connthrottle {
|
||||||
|
/* First we must configure what we call "known users".
|
||||||
|
* By default these are users on IP addresses that have
|
||||||
|
* a score of 24 or higher. A score of 24 means that the
|
||||||
|
* IP was connected to this network for at least 2 hours
|
||||||
|
* in the past month (or minimum 1 hour if registered).
|
||||||
|
* The sasl-bypass option is another setting. It means
|
||||||
|
* that users who authenticate to services via SASL
|
||||||
|
* are considered known users as well.
|
||||||
|
* Users in the "known-users" group (either by reputation
|
||||||
|
* or by SASL) are always allowed in by this module.
|
||||||
|
*/
|
||||||
|
known-users {
|
||||||
|
minimum-reputation-score 24;
|
||||||
|
sasl-bypass yes;
|
||||||
|
}
|
||||||
|
|
||||||
|
/* New users are all users that do not belong in the
|
||||||
|
* known-users group. They are considered "new" and in
|
||||||
|
* case of a high number of such new users connecting
|
||||||
|
* they are subject to connection rate limiting.
|
||||||
|
* By default the rate is 20 new local users per minute
|
||||||
|
* and 30 new global users per minute.
|
||||||
|
*/
|
||||||
|
new-users {
|
||||||
|
local-throttle 20:60;
|
||||||
|
global-throttle 30:60;
|
||||||
|
}
|
||||||
|
|
||||||
|
/* This configures when this module will NOT be active.
|
||||||
|
* The default settings will disable the module when:
|
||||||
|
* - The reputation module has been running for less than
|
||||||
|
* a week. If running less than 1 week then there is
|
||||||
|
* insufficient data to consider who is a "known user".
|
||||||
|
* - The server has just been booted up (first 3 minutes).
|
||||||
|
*/
|
||||||
|
disabled-when {
|
||||||
|
reputation-gathering 1w;
|
||||||
|
start-delay 3m;
|
||||||
|
}
|
||||||
|
}
|
||||||
|
}
|
||||||
|
|
||||||
|
/* Finally, you may wish to have a MOTD (Message of the Day), this can be
|
||||||
|
* done by creating an 'ircd.motd' text file in your conf/ directory.
|
||||||
|
* This file will be shown to your users on connect.
|
||||||
|
* For more information see https://www.unrealircd.org/docs/MOTD_and_Rules
|
||||||
|
*/
|
||||||
|
|
||||||
|
/*
|
||||||
|
* Problems or need more help?
|
||||||
|
* 1) https://www.unrealircd.org/docs/UnrealIRCd_4_documentation
|
||||||
|
* 2) https://www.unrealircd.org/docs/FAQ <- answers 80% of your questions!
|
||||||
|
* 3) If you are still having problems then you can get support:
|
||||||
|
* - Forums: https://forums.unrealircd.org/
|
||||||
|
* - IRC: irc.unrealircd.org (SSL on port 6697) / #unreal-support
|
||||||
|
* Note that we require you to read the documentation and FAQ first!
|
||||||
|
*/
|
Reference in New Issue
Block a user