/* Configuration file for UnrealIRCd 5 * * UnrealIRCd 5 documentation (very extensive!): * https://www.unrealircd.org/docs/UnrealIRCd_5_documentation * * Frequently Asked Questions: * https://www.unrealircd.org/docs/FAQ */ /* UnrealIRCd makes heavy use of modules. Modules allow you to completely * customize the featureset you wish to enable in UnrealIRCd. * See: https://www.unrealircd.org/docs/Modules */ include "modules.default.conf"; /* Now let's include some other files as well: * - help/help.conf for our on-IRC /HELPOP system * - badwords.conf for channel and user mode +G * - spamfilter.conf as an example for spamfilter usage * (commented out) * - operclass.default.conf contains some good operclasses which * you can use in your oper blocks. */ include "help/help.conf"; include "badwords.conf"; //include "spamfilter.conf"; include "operclass.default.conf"; include "opers.conf"; /* This is the me { } block which basically says who we are. * It defines our server name, some information line and an unique "sid". * The server id (sid) must start with a digit followed by two digits or * letters. The sid must be unique for your IRC network (each server should * have it's own sid). */ me { name "irc.stuzer.link"; info "Stuzer's IRC Server"; sid "001"; } /* The admin { } block defines what users will see if they type /ADMIN. * It normally contains information on how to contact the administrator. */ admin { "help@stuzer.link"; } /* Clients and servers are put in class { } blocks, we define them here. * Class blocks consist of the following items: * - pingfreq: how often to ping a user / server (in seconds) * - connfreq: how often we try to connect to this server (in seconds) * - sendq: the maximum queue size for a connection * - recvq: maximum receive queue from a connection (flood control) */ /* Client class with good defaults */ class clients { pingfreq 90; maxclients 1000; sendq 200k; recvq 8000; } /* Special class for IRCOps with higher limits */ class opers { pingfreq 90; maxclients 50; sendq 1M; recvq 8000; } /* Server class with good defaults */ class servers { pingfreq 60; connfreq 15; /* try to connect every 15 seconds */ maxclients 10; /* max servers */ sendq 20M; } /* Allow blocks define which clients may connect to this server. * This allows you to add a server password or restrict the server to * specific IP's only. You also configure the maximum connections * allowed per IP here. * See also: https://www.unrealircd.org/docs/Allow_block */ /* Allow everyone in, but only 3 connections per IP */ allow { mask *; class clients; maxperip 3; } /* Standard IRC port 6667 */ listen { ip *; port 6667; } /* Standard IRC SSL/TLS port 6697 */ listen { ip *; port 6697; options { tls; } } /* Special SSL/TLS servers-only port for linking */ listen { ip *; port 6900; options { tls; serversonly; } } /* Here you can add a password for the IRCOp-only /DIE and /RESTART commands. * This is mainly meant to provide a little protection against accidental * restarts and server kills. */ drpass { restart "restart"; die "die"; } /* The log block defines what should be logged and to what file. * See also https://www.unrealircd.org/docs/Log_block */ /* This is a good default, it logs everything */ log "ircd.log" { flags { oper; connects; server-connects; kills; errors; flood; sadmin-commands; chg-commands; oper-override; tkl; spamfilter; } } /* With "aliases" you can create an alias like /SOMETHING to send a message to * some user or bot. They are usually used for services. * * We have a number of pre-set alias files, check out the alias/ directory. * As an example, here we include all aliases used for anope services. */ include "aliases/anope.conf"; /* Ban nick names so they cannot be used by regular users */ ban nick { mask "*C*h*a*n*S*e*r*v*"; reason "Reserved for Services"; } /* Ban and TKL exceptions. Allows you to exempt users / machines from * KLINE, GLINE, etc. * If you are an IRCOp with a static IP (and no untrusted persons on that IP) * then we suggest you add yourself here. That way you can always get in * even if you accidentally place a *LINE ban on yourself. */ /* except ban protects you from KLINE and ZLINE */ # except ban { # mask *@192.168.0.1; # // you may add more mask entries here.. # } /* except ban with type 'all' protects you from GLINE, GZLINE, QLINE, SHUN */ #except ban { # mask *@192.168.0.1; # type all; #} /* VHosts (Virtual Hosts) allow users to acquire a different host. * See https://www.unrealircd.org/docs/Vhost_block */ /* Example vhost which you can use. On IRC type: /VHOST test test * NOTE: only people with an 'unrealircd.com' host may use it so * be sure to change the vhost::mask before you test. */ # vhost { # vhost i.hate.microsefrs.com; # mask *@unrealircd.com; # login "test"; # password "test"; # } /* Blacklist blocks will query an external DNS Blacklist service * whenever a user connects, to see if the IP address is known * to cause drone attacks, is a known hacked machine, etc. * Documentation: https://www.unrealircd.org/docs/Blacklist_block * Or just have a look at the blocks below. */ /* DroneBL, probably the most popular blacklist used by IRC Servers. * See https://dronebl.org/ for their documentation and the * meaning of the reply types. At time of writing we use types: * 3: IRC Drone, 5: Bottler, 6: Unknown spambot or drone, * 7: DDoS Drone, 8: SOCKS Proxy, 9: HTTP Proxy, 10: ProxyChain, * 11: Web Page Proxy, 12: Open DNS Resolver, 13: Brute force attackers, * 14: Open Wingate Proxy, 15: Compromised router / gateway, * 16: Autorooting worms. */ blacklist dronebl { dns { name dnsbl.dronebl.org; type record; reply { 3; 5; 6; 7; 8; 9; 10; 11; 12; 13; 14; 15; 16; } } action gline; ban-time 24h; reason "Proxy/Drone detected. Check https://dronebl.org/lookup?ip=$ip for details."; } /* EFnetRBL, see https://rbl.efnetrbl.org/ for documentation * and the meaning of the reply types. * At time of writing: 1 is open proxy, 4 is TOR, 5 is drones/flooding. * * NOTE: If you want to permit TOR proxies on your server, then * you need to remove the '4;' below in the reply section. */ blacklist efnetrbl { dns { name rbl.efnetrbl.org; type record; reply { 1; 4; 5; } } action gline; ban-time 24h; reason "Proxy/Drone/TOR detected. Check https://rbl.efnetrbl.org/?i=$ip for details."; } /* You can include other configuration files */ /* include "klines.conf"; */ /* Network configuration */ set { network-name "irc.stuzer.link"; default-server "irc.stuzer.link"; # services-server "services.example.org"; # stats-server "stats.example.org"; help-channel "#help"; hiddenhost-prefix "Clk"; prefix-quit "Quit"; /* Cloak keys should be the same at all servers on the network. * They are used for generating masked hosts and should be kept secret. * The keys should be 3 random strings of 50-100 characters * and must consist of lowcase (a-z), upcase (A-Z) and digits (0-9). * HINT: On *NIX, you can run './unrealircd gencloak' in your shell to let * UnrealIRCd generate 3 random strings for you. */ cloak-keys { "Kh03T3EwC4cwZztptbnh1tbVoIXdyyj2gy9LahkpWeF7rymBcYvCfEDA2Ad7"; "xVrpAEym8UUfeS0rOKEJoIV9W8YoyDOhTWg0bpAjtMq0bciVLLT0WlBRWiE3"; "NRPCfVJhT5BnvLogE5MAKzQSjGLvjeE6uzYP9yneoNOZ9CXV1fD5gwCo2S2h"; } } /* Server specific configuration */ set { kline-address "help@stuzer.link"; /* e-mail or URL shown when a user is banned */ modes-on-connect "+ixwT"; /* when users connect, they will get these user modes */ modes-on-oper "+xws"; /* when someone becomes IRCOp they'll get these modes */ modes-on-join "+ntC"; /* default channel modes when a new channel is created */ oper-auto-join "#opers"; /* IRCOps are auto-joined to this channel */ options { hide-ulines; /* hide U-lines in /MAP and /LINKS */ #show-connect-info; /* show "looking up your hostname" messages on connect */ } restrict-channelmodes "C"; restrict-usermodes "T"; level-on-join "halfop"; maxchannelsperuser 10; /* maximum number of channels a user may /JOIN */ /* The minimum time a user must be connected before being allowed to * use a QUIT message. This will hopefully help stop spam. */ anti-spam-quit-message-time 10s; /* Or simply set a static quit, meaning any /QUIT reason is ignored */ /* static-quit "Client quit"; */ /* static-part does the same for /PART */ /* static-part yes; */ /* Flood protection: * There are lots of settings for this and most have good defaults. * See https://www.unrealircd.org/docs/Set_block#set::anti-flood */ anti-flood { } /* Settings for spam filter */ spamfilter { ban-time 1d; /* default duration of a *LINE ban set by spamfilter */ ban-reason "Spam/Advertising"; /* default reason */ virus-help-channel "#help"; /* channel to use for 'viruschan' action */ /* except "#help"; channel to exempt from Spamfilter */ } /* Restrict certain commands. * See https://www.unrealircd.org/docs/Set_block#set::restrict-commands */ restrict-commands { list { connect-delay 20; exempt-identified yes; exempt-reputation-score 24; } invite { connect-delay 120; exempt-identified yes; exempt-reputation-score 24; } /* In addition to the ability to restrict any command, * such as shown above. There are also 4 special types * that you can restrict. These are "private-message", * "private-notice", "channel-message" and "channel-notice". * They are commented out (disabled) in this example: */ //private-message { // connect-delay 10; //} //private-notice { // connect-delay 10; //} } } /* * The following will configure connection throttling of "unknown users". * * When UnrealIRCd detects a high number of users connecting from IP addresses * that have not been seen before, then connections from new IP's are rejected * above the set rate. For example at 10:60 only 10 users per minute can connect * that have not been seen before. Known IP addresses can always get in, * regardless of the set rate. Same for users who login using SASL. * * See also https://www.unrealircd.org/docs/Connthrottle for details. * Or just keep reading the default configuration settings below: */ set { connthrottle { /* First we must configure what we call "known users". * By default these are users on IP addresses that have * a score of 24 or higher. A score of 24 means that the * IP was connected to this network for at least 2 hours * in the past month (or minimum 1 hour if registered). * The sasl-bypass option is another setting. It means * that users who authenticate to services via SASL * are considered known users as well. * Users in the "known-users" group (either by reputation * or by SASL) are always allowed in by this module. */ known-users { minimum-reputation-score 24; sasl-bypass yes; } /* New users are all users that do not belong in the * known-users group. They are considered "new" and in * case of a high number of such new users connecting * they are subject to connection rate limiting. * By default the rate is 20 new local users per minute * and 30 new global users per minute. */ new-users { local-throttle 20:60; global-throttle 30:60; } /* This configures when this module will NOT be active. * The default settings will disable the module when: * - The reputation module has been running for less than * a week. If running less than 1 week then there is * insufficient data to consider who is a "known user". * - The server has just been booted up (first 3 minutes). */ disabled-when { reputation-gathering 1w; start-delay 3m; } } } set { plaintext-policy { user allow; /* must be one of: allow, warn, deny */ oper warn; /* must be one of: allow, warn, deny */ server deny; /* must be one of: allow, warn, deny */ }; }; /* Finally, you may wish to have a MOTD (Message of the Day), this can be * done by creating an 'ircd.motd' text file in your conf/ directory. * This file will be shown to your users on connect. * For more information see https://www.unrealircd.org/docs/MOTD_and_Rules */