View Issue Details
| ID | Project | Category | View Status | Date Submitted | Last Update |
|---|---|---|---|---|---|
| 0005098 | unreal | ircd | public | 2018-05-29 14:06 | 2018-06-11 08:55 |
| Reporter | jesopo | Assigned To | syzop | ||
| Priority | normal | Severity | feature | Reproducibility | always |
| Status | resolved | Resolution | fixed | ||
| Fixed in Version | 4.0.18 | ||||
| Summary | 0005098: WEBIRC users bypass blacklist checks | ||||
| Description | It seems that users connecting through a webirc using the WEBIRC protocol are either not checked against blacklists or the blacklist is done before the IP spoofing is done | ||||
| Tags | No tags attached. | ||||
| 3rd party modules | |||||
|
|
Just a note for anyone else effected by this - putting the blacklist on anope (and I assume Atheme) will correctly catch these users. |
|
|
I can confirm the issue. I've tried myself on my mobile phone connecting directly and via browser (web chat, with Orbot). This is what happened: https://pastebin.com/VVKCNSnK |
|
|
This is the endless debate of where security checks should be done... at the perimeter or not. I'm therefore considering this a feature enhancement, not a bug. |
|
|
Thanks for the report. Tested with an IP from dronebl and seems to work. commit 93957fc7eeb607183459548429f5ee26bc96d3e6 Author: Bram Matthys <[email protected]> Date: Mon Jun 11 08:53:34 2018 +0200 blacklist module: also check the ip of WEBIRC users. Suggested by jesopo (0005098). |
| Date Modified | Username | Field | Change |
|---|---|---|---|
| 2018-05-29 14:06 | jesopo | New Issue | |
| 2018-06-03 17:37 | jesopo | Note Added: 0020135 | |
| 2018-06-10 18:10 | PeGaSuS | Note Added: 0020138 | |
| 2018-06-11 08:39 | syzop | Note Added: 0020142 | |
| 2018-06-11 08:39 | syzop | Severity | major => feature |
| 2018-06-11 08:39 | syzop | Status | new => acknowledged |
| 2018-06-11 08:55 | syzop | Assigned To | => syzop |
| 2018-06-11 08:55 | syzop | Status | acknowledged => resolved |
| 2018-06-11 08:55 | syzop | Resolution | open => fixed |
| 2018-06-11 08:55 | syzop | Fixed in Version | => 4.0.18 |
| 2018-06-11 08:55 | syzop | Note Added: 0020143 |
