View Issue Details

IDProjectCategoryView StatusLast Update
0005007unrealircdpublic2018-09-02 12:35
Reportermarco500Assigned Tosyzop 
PrioritynormalSeverityfeatureReproducibilityhave not tried
Status resolvedResolutionfixed 
PlatformLinuxOSLinux BitchesOS VersionUbuntu linux
Product Version4.0.13 
Target Version4.2.0Fixed in Version4.2.0 
Summary0005007: antirandom: exclude webirc option
Description*** [antirandom] denied access to user with score 5: lysAHGpUtybX!lysAHGpUty@localhost:lysAHGpUtybX

This is nick is only getting a score of 5 and there are some random looking nicks that are getting less of a score and I realize that it would extremely difficult to catch all of them but I was curious if there could not be a way to improve the algorithm that detects antirandom nicks..seems like there is a better way :).
Steps To Reproduce...
Additional Information....
TagsNo tags attached.
3rd party modules

Relationships

has duplicate 0005027 closedsyzop m_antirandom except-hosts does not except hosts from randomness checks 

Activities

The_Myth

2017-10-09 22:49

reporter   ~0019912

It would be also useful if it could have some way to detect if the user is connecting from a valid webirc block and then don't act.
In my case that would be helpful as i have the web client set up to send the 'ident' part as the user IP in hex format, it could be something like KiwiIRC-98!e23vwfb45@XXX.YYY.ZZZ.IP, which will trigger the antirandom protection.

syzop

2017-10-11 10:17

administrator   ~0019918

Antirandom uses a table of 3 letter combinations that are "uncommon" in English. I don't remember from where they come from, but they are not mine. I believe they call them "triples", it may be from spamassassin.
So if there's some kind of new table then I can update it, but I'm not going to do my own research on them :D

Other than that, sure, adding exemptions for webirc blocks is easy to add.

The_Myth

2017-10-11 11:08

reporter   ~0019920

That would be very nice indeed. Maybe an option like 'set::antirandom::exclude-webirc yes|no'.
I could perhaps set a fixed ident to the user, but there are a few bots that needs the "hex2ip" ident in order to voice used in case the channel is moderated.

syzop

2017-10-11 13:02

administrator   ~0019921

Oh, I misunderstood, this is not for a trusted WEBIRC gateway[*] but for a random client that may be using an untrusted gateway?

[*] One you have a webirc { } block for

The_Myth

2017-10-11 13:06

reporter   ~0019922

No, it's for trusted webirc blocks. But in example, all my KiwiIRC webirc instances are sending the ident as hexip.

syzop

2017-10-11 13:08

administrator   ~0019923

Oh, okay. Yeah sure I'll add it.
That being said - and completely off-topic - I think from a users POV it would be nicer not to include their IP to be shown to everyone :D

The_Myth

2017-10-11 13:35

reporter   ~0019924

I must agree, but it was used that way when UnrealIRCd was no blacklist support, so I had an eggdrop converting hexip into a real IP and then checking ports which allowed me to ban users using proxies. But now, maybe I should set a fixed ident.

syzop

2017-11-10 17:19

administrator   ~0019957

0005027 was about the same thing, which exempt webirc option could help with. I don't understand why people (not just him, not just you, nothing personal) would configure their webirc software/gateway like that. Revealing the IP addresses of users is really a bad idea IMO.

Anyway, this bug will be used to track this feature. It will not be in 4.0.16.

Koragg

2017-11-15 10:05

reporter   ~0019967

Dear syzop,

Perhaps it was not clear the way I formulated it, but using the hashed IP of users as ident was a default in the webirc which is an insensiblbe default indeed. Thus I changed for that reason on my network.
Also it says on the UnrealIRCd docs website for antirandom that the webirc IP is to be specifically entered if one uses webirc/cgi:irc as stated here: https://www.unrealircd.org/docs/Set_block#set::antirandom

syzop

2017-11-15 11:44

administrator   ~0019968

Last edited: 2017-11-15 11:48

View 2 revisions

> Perhaps it was not clear the way I formulated it, but using the hashed IP of users as ident was a default in the webirc which is an insensiblbe default indeed. Thus I changed for that reason on my network.

Ah ok, I missed that. Good :D

> Also it says on the UnrealIRCd docs website for antirandom that the webirc IP is to be specifically entered if one uses webirc/cgi:irc as stated here: https://www.unrealircd.org/docs/Set_block#set::antirandom

I see. That is incorrect indeed, I'll fix the docs and config.

EDIT: Ah I understand where this is coming from, this is from before the hostname spoofing I think ;). Anyway I'll just remove the phrase(s), they are confusing.

The_Myth

2017-11-25 14:36

reporter   ~0019976

Side note on the improvement:

I've just re-enabled antirandom module yesterday and while setting it up, I've found that CIDR masks aren't accepted.
This module should support is, as a way to exempt some ISP and other services providers, such as IRccloud that have their own /64 and /48 IPv6 address blocks

Best regards.

syzop

2017-12-17 10:08

administrator   ~0019989

Last edited: 2017-12-17 16:13

View 2 revisions

commit 0a9306ca5bb7720938e8ee9fc10c7eda56744502
Author: Bram Matthys <syzop@vulnscan.org>
Date: Sun Dec 17 10:06:39 2017 +0100

    CIDR support in set::antirandom::except-hosts
    Or, to be more precise: converted code to use match_user() framework.

This also means the preferred style is now:
except-hosts {
    mask 192.168.*;
    mask 127.*;
    mask 1.2.3.0/24;
};

But the old style (without 'mask') still works.

The_Myth

2018-07-08 01:09

reporter   ~0020186

Sorry for putting some pressure on this, but we really need a way for WEBIRC blocks bypass this restriction.

I've added the WEBIRC blocks for KiwiIRC but users can't connect using the kiwiirc.com web client, because this happens:
*** [antirandom] denied access to user with score 5: Tested!Friends@xx.xxx.xx.xxx:[https://kiwiirc.com] Development release

Looking forward to see this solved soon.

Cheers

The_Myth

2018-07-08 01:18

reporter   ~0020187

Side note: Worth to mention that my antirandom setup has the threshold set to 4

syzop

2018-07-14 16:19

administrator   ~0020192

Ok, understood. I'll see what I can do.

This is a rather general bugreport by the way. It started with some scoring talk. With regards to that: I looked for other sets of "triples" (which would update the scoring algorithm so to say) and couldn't find one.
I'm now going to use this bug report for the exclude webirc option only. Once that it's done, I intend to close it.

syzop

2018-07-14 16:19

administrator   ~0020193

Last edited: 2018-07-14 16:21

View 2 revisions

bugreport renamed and set as target for UnrealIRCd 4.0.19.

syzop

2018-09-02 12:35

administrator   ~0020251

https://github.com/unrealircd/unrealircd/commit/d3dba63f564a87b6e2e35425cc4130b00e10a20e

commit d3dba63f564a87b6e2e35425cc4130b00e10a20e (HEAD -> unreal40, origin/unreal40, origin/HEAD)
Author: Bram Matthys <syzop@vulnscan.org>
Date: Sun Sep 2 12:34:03 2018 +0200

    AntiRandom: The module will now (by default) exempt WEBIRC gateways
    from antirandom checking because they frequently cause false positives.
    This new behavior can be disabled via:
    set { antirandom { except-webirc no; }; };
    Suggested by The_Myth in https://bugs.unrealircd.org/view.php?id=5007

Issue History

Date Modified Username Field Change
2017-09-12 21:14 marco500 New Issue
2017-09-16 18:21 syzop Summary I was wondering if improvments can be made with antirandom? => improve antirandom?
2017-09-16 20:08 syzop Priority high => normal
2017-10-09 22:49 The_Myth Note Added: 0019912
2017-10-11 10:17 syzop Note Added: 0019918
2017-10-11 11:08 The_Myth Note Added: 0019920
2017-10-11 13:02 syzop Note Added: 0019921
2017-10-11 13:06 The_Myth Note Added: 0019922
2017-10-11 13:08 syzop Note Added: 0019923
2017-10-11 13:35 The_Myth Note Added: 0019924
2017-11-10 17:14 syzop Relationship added has duplicate 0005027
2017-11-10 17:19 syzop Note Added: 0019957
2017-11-10 17:20 syzop Status new => acknowledged
2017-11-15 10:05 Koragg Note Added: 0019967
2017-11-15 11:44 syzop Note Added: 0019968
2017-11-15 11:48 syzop Note Edited: 0019968 View Revisions
2017-11-25 14:36 The_Myth Note Added: 0019976
2017-12-17 10:08 syzop Note Added: 0019989
2017-12-17 16:13 syzop Note Edited: 0019989 View Revisions
2018-07-08 01:09 The_Myth Note Added: 0020186
2018-07-08 01:18 The_Myth Note Added: 0020187
2018-07-14 16:19 syzop Note Added: 0020192
2018-07-14 16:19 syzop Target Version => 4.2.0
2018-07-14 16:19 syzop Summary improve antirandom? => antirandom: exclude webirc option
2018-07-14 16:19 syzop Note Added: 0020193
2018-07-14 16:21 syzop Note Edited: 0020193 View Revisions
2018-07-14 16:35 syzop Sticky Issue No => Yes
2018-09-02 12:35 syzop Assigned To => syzop
2018-09-02 12:35 syzop Status acknowledged => resolved
2018-09-02 12:35 syzop Resolution open => fixed
2018-09-02 12:35 syzop Fixed in Version => 4.2.0
2018-09-02 12:35 syzop Note Added: 0020251