View Issue Details

IDProjectCategoryView StatusLast Update
0005332unrealircdpublic2019-08-18 15:46
ReportersyzopAssigned ToGottem 
PrioritynormalSeverityfeatureReproducibilityN/A
Status resolvedResolutionfixed 
Product Version 
Target VersionFixed in Version5.0.0-alpha1 
Summary0005332: U5: restrict-commands
DescriptionThe original idea from a discussion on May 12, 2019:

restrict-commands {
    default-connect-delay 60;
    default-auth-exempt yes;
    default-reputation-exempt 24;
    list {
        connect-delay 60;
    };
    private-message {
        connect-delay 60;
    };
    invite {
        connect-delay 120;
    };
}
TagsNo tags attached.
3rd party modules

Relationships

child of 0005282 assignedGottem Gottem's todo list yo 

Activities

syzop

2019-07-13 19:32

administrator   ~0020784

Last edited: 2019-07-13 19:33

View 2 revisions

[16:40:08] <Syzop[AWAY]> so I always wanted a list delay in UnrealIRCd, but.. from what I heard your module also has something.. a bit weird.. from k4be or something?
[16:40:14] <Syzop[AWAY]> a fake channel list or something like that
[16:40:26] <Syzop[AWAY]> not sure if I'd want that :D
[16:41:03] <Syzop[AWAY]> and as for restrictions - yeah I am commenting without reading the module descriptions or code actually - just thinking out loud:
[16:41:12] <Syzop[AWAY]> - presumably by connect time
[16:41:42] <Syzop[AWAY]> - an option to exempt if the user is registered with services, IsLoggedIn()
[16:41:42] <Gottem> ya it's a honeypot sort of thing for bots that do /list, /join and then spam :D
[16:41:46] <Gottem> fakechans 1; // Send a fake channel list if connectdelay and/or needauth checks fail
[16:41:57] <Syzop[AWAY]> - someone suggested by reputation, I suppose that could be added.
[16:42:07] <Syzop[AWAY]> ah ok. yeah. hmm :D
[16:42:36] <Syzop[AWAY]> I guess I should look at the readme
[16:42:43] <Gottem> prolly easier to just check the example config :D -- https://gitgud.malvager.net/Wazakindjes/unrealircd_mods#m_listrestrict
[16:42:50] <Syzop[AWAY]> ok
[16:42:57] <Gottem> also reputation might be a good addition :>
[16:43:29] <Gottem> like if rep >= X then there's no need for the delay
[16:43:36] <Syzop[AWAY]> exactly
[16:43:37] <Gottem> (or any other restrictions)
[16:45:15] <Syzop[AWAY]> I wonder if it's a good idea to make it more general.. the whole thing.
[16:45:42] <Syzop[AWAY]> like, you specify the command, so it could apply to.. I don't know.. INVITE for example.
[16:46:06] * Syzop[AWAY] runs HELPOP USERCMDS for inspiration
[16:46:07] <Syzop[AWAY]> ;)
[16:46:52] <Syzop[AWAY]> LIST, PRIVMSG/NOTICE, INVITE, KNOCK, ... hmm....
[16:47:03] <Syzop[AWAY]> I don't see that many candidates, a bit more than the 2 that you have a module for, but not... 10 or something :D
[16:47:23] <Syzop[AWAY]> like I think it would be strange to delay allowing JOIN for instance :D
[16:47:30] <Syzop[AWAY]> then again I find delaying PRIVMSG also a bit odd, but ok
[16:47:30] <Syzop[AWAY]> lol
[16:48:38] <Syzop[AWAY]> still, maybe a good idea hm
[16:48:40] <Gottem> well pmdelay was written due to waves of bots joining a channel and spamming everyone in private :>
[16:48:51] <Gottem> since they generally quit right afterwards
[16:48:56] <Syzop[AWAY]> oh, right, pmdelay only does it for private, not for channels
[16:49:00] <Syzop[AWAY]> of course.. :)
[16:49:09] <Gottem> ya pm as in private message, not privmsg :DD
[16:49:13] <Syzop[AWAY]> right
[16:49:39] <Syzop[AWAY]> hmmm right right :D. the general idea breaks in pieces :D
[16:49:50] <Syzop[AWAY]> or would be a bit more hacky anyway
[16:51:07] <Gottem> just a bit? :>
[16:51:14] <Syzop[AWAY]> delay-command {
[16:51:14] <Syzop[AWAY]>     list {
[16:51:14] <Syzop[AWAY]>         connect-delay 60;
[16:51:14] <Syzop[AWAY]>         auth-exempt yes;
[16:51:14] <Syzop[AWAY]>         reputation-exempt >24;
[16:51:15] <Syzop[AWAY]>     };
[16:51:15] <Syzop[AWAY]>     private-message {
[16:51:16] <Syzop[AWAY]>         connect-delay 60;
[16:51:16] <Syzop[AWAY]>         auth-exempt yes;
[16:51:17] <Syzop[AWAY]>         reputation-exempt >24;
[16:51:17] <Syzop[AWAY]>     };
[16:51:18] <Syzop[AWAY]> }
[16:51:23] <Syzop[AWAY]> or whatever (don't really like the >24 thing but.. you get the idea)
[16:53:05] <Gottem> suppose you could just do reputation-exempt 24 and have it mean >= 24 :D
[16:53:19] <Syzop[AWAY]> :]
[16:54:37] <Syzop[AWAY]> also it becomes a bit long and repetitive with more commands so maybe hmm
[16:55:07] <Syzop[AWAY]> delay-command {
[16:55:07] <Syzop[AWAY]>     default-connect-delay 60;
[16:55:07] <Syzop[AWAY]>     default-auth-exempt yes;
[16:55:07] <Syzop[AWAY]>     default-reputation-exempt 24;
[16:55:07] <Syzop[AWAY]>     list {
[16:55:08] <Syzop[AWAY]>         connect-delay 60;
[16:55:08] <Syzop[AWAY]>     };
[16:55:09] <Syzop[AWAY]>     private-message {
[16:55:09] <Syzop[AWAY]>         connect-delay 60;
[16:55:10] <Syzop[AWAY]>     };
[16:55:10] <Syzop[AWAY]>     invite {
[16:55:11] <Syzop[AWAY]>         connect-delay 120;
[16:55:11] <Syzop[AWAY]>     };
[16:55:12] <Syzop[AWAY]> }
[16:55:12] <Syzop[AWAY]> or some default { } block
[16:55:21] <Syzop[AWAY]> in any case, some inheritance of defaults so you don't have to repeat them X times
[16:55:26] <Syzop[AWAY]> ah well, details.
[16:55:32] <Syzop[AWAY]> but what do you think of the general idea?
[16:55:32] <Syzop[AWAY]> lol
[16:56:20] <Syzop[AWAY]> just thoughts anyway... :)
[17:00:40] <Syzop[AWAY]> while preparing my hamburger I figured: it should probably be called restrict-command(s) and the connect-delay being optional
[17:00:49] <Syzop[AWAY]> that way you could for example make /invite only for registered users
[17:00:57] <Syzop[AWAY]> or even whois, or whatever crazy things admins may want
[17:00:57] <Syzop[AWAY]> ;D
[17:01:38] <Syzop[AWAY]> private-message for registered users only is often requested... with this it is easily understandable.. don't even have to explain modes-on-connect +R and such
[17:04:49] <Syzop[AWAY]> ah well.. thoughts thoughts thoughts...
[17:04:51] <Syzop[AWAY]> ;)
[17:07:35] <Gottem> sounds good, this way it's also easier to adapt for any future commands (like whois as you mentioned) :>
[17:13:53] <Syzop[AWAY]> :)
[17:15:42] <Syzop[AWAY]> the inheritance that I suggested earlier needs a bit more thought, like if you don't specify connect-delay in invite.. with the inheritance idea it would inherit it from the default connect delay.. so then.. hm.
[17:15:59] <Syzop[AWAY]> maybe better to scratch that inheritance thing.. will be too confusing probably.
[17:16:15] <Syzop[AWAY]> details ;p
[17:18:00] <Syzop[AWAY]> time to relax perhaps :]


syzop

2019-07-13 19:45

administrator   ~0020785

Last edited: 2019-07-13 19:55

View 3 revisions

restrict-commands {
        list {
                connect-delay 60;
                exempt-identified yes;
                exempt-reputation-score 24;
        }
        private-message {
                connect-delay 60;
        }
        invite {
                connect-delay 120;
        }
        somecommand {
                disable;
        }
}


Gottem

2019-07-14 23:10

developer   ~0020786

Last edited: 2019-07-14 23:11

View 2 revisions

Version 1 is done. =] Should be easy to add more commands as we go too.

Also if I remember correctly we eventually decided to always allow opers, regardless of the 'disable' setting right? :D Cuz that's how I set it up now.

Also2: I went with 'disable yes/no' instead of just 'disable;' to keep everything consistent. =]

Gottem

2019-07-27 21:14

developer   ~0020793

Should be good now. =] I'll leave this bug open for now so we can easily retrieve it, for like a final review by you. :D

syzop

2019-07-29 18:04

administrator   ~0020795

Looks good, but will check again when back from vacation :)

syzop

2019-08-18 15:46

administrator   ~0020830

To my knowledge this is working great. I even added it to example.conf to delay LIST and INVITE by default (by 60 and 120 seconds respectively).
It is also documented now at https://www.unrealircd.org/docs/Set_block#set::restrict-commands

Great work :)

Issue History

Date Modified Username Field Change
2019-07-13 19:32 syzop New Issue
2019-07-13 19:32 syzop Note Added: 0020784
2019-07-13 19:33 syzop Note Edited: 0020784 View Revisions
2019-07-13 19:34 syzop Description Updated View Revisions
2019-07-13 19:45 syzop Note Added: 0020785
2019-07-13 19:51 syzop Note Edited: 0020785 View Revisions
2019-07-13 19:55 syzop Note Edited: 0020785 View Revisions
2019-07-13 20:28 syzop Assigned To => Gottem
2019-07-13 20:28 syzop Status new => assigned
2019-07-14 23:10 Gottem Note Added: 0020786
2019-07-14 23:11 Gottem Note Edited: 0020786 View Revisions
2019-07-20 21:42 Gottem Relationship added child of 0005282
2019-07-27 21:14 Gottem Note Added: 0020793
2019-07-27 21:15 Gottem Status assigned => has patch
2019-07-29 18:04 syzop Note Added: 0020795
2019-08-18 15:17 syzop View Status private => public
2019-08-18 15:45 syzop Note View State: 0020793: public
2019-08-18 15:46 syzop Status has patch => resolved
2019-08-18 15:46 syzop Resolution open => fixed
2019-08-18 15:46 syzop Fixed in Version => 5.0.0-alpha1
2019-08-18 15:46 syzop Note Added: 0020830
2019-08-18 15:46 syzop Severity minor => feature
2019-08-18 15:48 syzop Note View State: 0020784: public