View Issue Details
| ID | Project | Category | View Status | Date Submitted | Last Update |
|---|---|---|---|---|---|
| 0005806 | unreal | ircd | public | 2021-01-15 13:38 | 2023-04-14 07:31 |
| Reporter | PeGaSuS | Assigned To | syzop | ||
| Priority | normal | Severity | minor | Reproducibility | always |
| Status | resolved | Resolution | fixed | ||
| Platform | Unix | OS | Ubuntu | OS Version | 20.04 |
| Fixed in Version | 5.0.9-rc1 | ||||
| Summary | 0005806: [5.0.9-git] Localhost IPs (127.0.0.0/8 CIDR) on webirc gives false positive on dronebl dnsbl and stops users from connecting | ||||
| Description | I had my webchat connecting via one of the localhost IPs (127.0.0.3). After adding the dronebl blacklist to my configuration, my users were unable to connect to the network, because the IRCd was setting a G-Line on the localhost IP. Example: Soft G-Line added for *@77.152.53.41 on Fri Jan 15 11:47:53 2021 GMT (from irc1.ptirc.org to expire at Sat Jan 16 11:47:53 2021 GMT: [x] Proxy/Drone detected. Check https://dronebl.org/lookup?ip=127.0.0.3 for details. [x]). Using my VPS public IP instead, allow users to connect normally. IMHO, the entire CIDR of localhost (127.0.0.0/8) should be exempted of everything (or almost). Cheers | ||||
| Steps To Reproduce | 1) Setup a listen block to use the as listening IP 127.0.0.3 2) Add the dronbl blacklist to your unrealircd.conf and rehash the server 3) Setup a webirc connection using the same IP and an appropriated webirc block 4) Try to connect to your network using the webchat. Your connection will be killed because the localhost IP used | ||||
| Tags | No tags attached. | ||||
| 3rd party modules | |||||
|
|
Thanks. We are now exempting 127.* by default from a couple of ban types, including blacklist. https://github.com/unrealircd/unrealircd/commit/cd967a6ea626ac50da15d86f037a129283fbd847 And yes, DroneBL bans 127.0.0.3 and some other 127.* addresses too. Someone should probably tell them: $ host -t a 3.0.0.127.dnsbl.dronebl.org. 3.0.0.127.dnsbl.dronebl.org has address 127.0.0.3 Like you said, this leads to unexpected banning. |
| Date Modified | Username | Field | Change |
|---|---|---|---|
| 2021-01-15 13:38 | PeGaSuS | New Issue | |
| 2021-01-17 08:51 | syzop | Assigned To | => syzop |
| 2021-01-17 08:51 | syzop | Status | new => resolved |
| 2021-01-17 08:51 | syzop | Resolution | open => fixed |
| 2021-01-17 08:51 | syzop | Fixed in Version | => 5.0.9-rc1 |
| 2021-01-17 08:51 | syzop | Note Added: 0021880 | |
| 2023-04-14 07:31 | syzop | Relationship added | related to 0006258 |
