View Issue Details

IDProjectCategoryView StatusLast Update
0005098unrealircdpublic2018-06-11 08:55
Reporterjesopo Assigned Tosyzop  
Status resolvedResolutionfixed 
Fixed in Version4.0.18 
Summary0005098: WEBIRC users bypass blacklist checks
DescriptionIt seems that users connecting through a webirc using the WEBIRC protocol are either not checked against blacklists or the blacklist is done before the IP spoofing is done
TagsNo tags attached.
3rd party modules



2018-06-03 17:37

reporter   ~0020135

Just a note for anyone else effected by this - putting the blacklist on anope (and I assume Atheme) will correctly catch these users.


2018-06-10 18:10

reporter   ~0020138

I can confirm the issue. I've tried myself on my mobile phone connecting directly and via browser (web chat, with Orbot).

This is what happened:


2018-06-11 08:39

administrator   ~0020142

This is the endless debate of where security checks should be done... at the perimeter or not. I'm therefore considering this a feature enhancement, not a bug.


2018-06-11 08:55

administrator   ~0020143

Thanks for the report. Tested with an IP from dronebl and seems to work.

commit 93957fc7eeb607183459548429f5ee26bc96d3e6
Author: Bram Matthys <>
Date: Mon Jun 11 08:53:34 2018 +0200

    blacklist module: also check the ip of WEBIRC users.
    Suggested by jesopo (0005098).

Issue History

Date Modified Username Field Change
2018-05-29 14:06 jesopo New Issue
2018-06-03 17:37 jesopo Note Added: 0020135
2018-06-10 18:10 PeGaSuS Note Added: 0020138
2018-06-11 08:39 syzop Note Added: 0020142
2018-06-11 08:39 syzop Severity major => feature
2018-06-11 08:39 syzop Status new => acknowledged
2018-06-11 08:55 syzop Assigned To => syzop
2018-06-11 08:55 syzop Status acknowledged => resolved
2018-06-11 08:55 syzop Resolution open => fixed
2018-06-11 08:55 syzop Fixed in Version => 4.0.18
2018-06-11 08:55 syzop Note Added: 0020143