It is currently Wed Jun 28, 2017 6:32 pm

All times are UTC [ DST ]




 Page 3 of 4 [ 47 posts ]  Go to page Previous  1, 2, 3, 4  Next
Author Message
 Post subject:
PostPosted: Sun Sep 25, 2005 7:53 pm 

Joined: Wed Dec 11, 2002 10:16 pm
Posts: 11
Location: #linux
Hyper^ wrote:
ok but did you have in mind the ban problem?
how will you ban individual if everyone has the same host? and don't tell me you'll ban the nick or identd... because than can be easyly changed for evading bans...

I fail to see the difference between the current situation and this one.

At this moment the ircd only applies the hostmask the moment the user has a flag set which only services can set, in this new situation the dependency is only covered by the usermode +x.



_________________
With kind regards, Lion-O
Offline
 Profile  
 
 Post subject:
PostPosted: Sun Sep 25, 2005 8:04 pm 
Forum Moderator
User avatar

Joined: Tue Feb 17, 2004 11:12 am
Posts: 760
Location: Romania
Pardon my low iq but what do you mean?! Make it clear for everyone, that includes stupid people like me...i don`t get your point...neither your english grammar.



_________________
sirAndrew @ Undernet.org

8 years on this forum and i'm still the #1 poster around.
Offline
 Profile  
 
 Post subject:
PostPosted: Sun Sep 25, 2005 11:22 pm 

Joined: Wed Dec 11, 2002 10:16 pm
Posts: 11
Location: #linux
Right, lets go into a little further detail then..

At this moment everyone is uncloaked after connecting, the moment they logon to X (which sets an authentication flag, unseen by the user) the ircd will cloak their hostname as soon as they turn on usermode +x (/mode <yournick> +x).

My suggestion is to remove the check if people have logged into X and simply always honour the +x flag. Either by replacing a part or the whole real (uncloaked) hostname with something else (for example the word "undernet" in case we replace a part of the host). IP adresses could be hashed into HEX gibberish.

As to the banning issue....

At this moment you can set a ban for a non-cloaked / real hostmask and ircu will still enforce this ban the moment the person tries to enter the channel again from the same host while having turned on usermode +x. So there is a check on hostmasks, despite of using cloaking.

So now I wonder if it isn't possible to extend this. In its easiest implementation you'd simply hash all hostnames with a secret key so that the system can always link a certain hashed host to a certain user by simply applying the hash on the real hostname again (after which the result will always result in the same hash. After all the key to produce the hash doesn't change. A situation comparible with MD5's.).

A more complicated form would be to replace parts, or the whole, hostmask with a simple word, say 'undernet', like I mentioned in the example above. While the implementation would basicly remain the same as it is now (you'd only by-pass the check to see if a user has been logged into X) you will need to extend a few functions.

If we're dealing with partly or fully cloaked hostnames things will have more impact since it would be up to the system to do translations the moment someone does something like setting a ban. After re-thinking this over I can't come up with an easy theory in order to manually set bans. This would require a user to ban a nickname after which the ircd would need to process it by checking the real hostname and replacing the ban on the nickname with the real hostname. And here is where some of the overhead comes into the picture. Also; the moment you list the banlist you don't want to display real hostnames. So either you hash these before you display them (which would make the option to list bans useless) or you could make the system replace the hostname with the nick currently being used by the person(s) using this host. So users would basicly only be dealing with nicknames, while the system itself would do the translations.

The impact on the system naturally differs on the way you hide the hostmasks but it is my belief this setup would really be an improvement on protecting the undernet users from abuse. Considering how this would also render the need to get X out of the way in order to prevent users to hide themselves totally useless, I can't help wonder if this setup would also decrease some abuse on the server(s) hosting GNUWorld (X).



_________________
With kind regards, Lion-O
Offline
 Profile  
 
 Post subject:
PostPosted: Mon Sep 26, 2005 3:06 am 

Joined: Fri Apr 15, 2005 3:32 pm
Posts: 7
Location: Athens, Greece
ok lads & gals,

for the past few months it's been a running argument about how undernet is going down the drain, how the real user to drone ratio has gone from 1:100 to 1:100000000, about how professional plain users should not have any expectations from volunteer admins/ircops ETC...

Long story, rehashed, systematically answered by the people least responsible for this decadent turn of reality -> Who really care but whose opinion doesn't really count for a peanut by the people who can really make a difference....

The bandwidth requirements for starting up an undernet server are going UP, while the REAL user count is going down.

Channels all over the undernet, channels with some/any kind of history, are being advised to go +r and unilaterally forgo a large percentage of users who CANNOT register because of Undernet's freemail abuse prevention program.

EVEN if the channel goes +r, it only takes ONE camouflaged registered "script kiddie" to "relay" 1-100 spam msgs to the target channel's registered users, effectively making a joke of the +r mode.

As I see it, there is only one solution. Mitko somewhere mentioned something about a "human" barrier somewhere in the join process which could separate the drone/clones from US HUMANS .. the real users who still care about human interaction on undernet.... jpegs being sent so that REAL users can recognize them so as to join & drones to be kept out.

What I suggest is for Undernet GLOBALLY to follow what they preach to channels with problems:

--------------------> +R <--------------------

free up ONE free-mail like yahoo or hotmail for people who do not have a paid mail account, ON JOIN send them to register making it clear that they have NO SAY in creating/supporting channels if their registered username comes from that on freemail. That 14 days from when they register, their freemail registration will expire (save the glines)

It SURELY will take longer for the script kiddies to mass register their drones on the ONE freemail account undernet offers, & maybe (maybe?) the PROFESSIONAL freemail employees as opposed to the VOLUNTEER undernet people will notice THOUSANDS of DRONES being registered there and actually DO something about it.

EVEN when after a few weeks, yahoo registered drones become a nuisance, Undernet can PURGE for good yahoo TEMPORARY users & declare ON JOIN that freemail has been switched to HOTMAIL.

Following simple instructions to register ANYTHING, especially for free, has been common & easy for YEARS for ANYBODY on the net. I REFUSE to be convinced that ANY undernet user, for the sake of FREEDOM of SPEECH has to put up with HUNDREDS OF THOUSANDS of clones/drones and at the same time be refused a temporary identity so as to PLAINLY & SIMPLY chat on the net.

Therefore, instead of being so touchy about "registration abuse through freemail" maybe YOU (not the overworked, overstressed, eunuched helpers, but the ppl who IMPLEMENT changes), should finally decide whether YOU want a chatNET with REAL people or just DRONES.

Sorry for the massive post, but i've had it with REAL helpers having arguments with REAL users with REAL problems all this time & the soap opera going nowhere.

rakouni


Offline
 Profile  
 
 Post subject:
PostPosted: Mon Sep 26, 2005 10:56 am 
Forum Moderator
User avatar

Joined: Fri Nov 19, 2004 9:51 pm
Posts: 594
Location: Europe
I have read the last post and I want to comment it,

Lets not play with the ratio since it's not like that. I may tell you the number of bots (drones and legal) on is something around 40% of Undernet, more or less.

Regrading blocking emails, that's cservice related problem, and it's like that because of the big abuse. If their username gets suspended, they'll register new one and so on. Simply they may register it on the email of some compromised machine. It may not be stopped. Someone may be helper, drone runner, and normal chatter with 3 different identities and you will never know it's the same person. (it was just an example)

I don't know what you mean by the +R mode. If you were thinking to recieve messages from logged in clients only, that will not help chatters since they are never logged in and they don't know much about IRC. For them, it's just a chat place. They don't even try to register or to find out something about X, etc (they don't know what X is). But the new IRCu (u2.10.12.) will have something which will make you able to protect yourself from non logged (users without umode +x) to send you private message, notice, dcc, or to ctcp you. For example if you want to silence everyone except +x clients you will do /silence *!*@*,~*!*@*undernet.org (without users. since that way you'll block X too). So the new IRCu supports exceptions in the silence done by '~' before the mask.

About that 'undernet freemail account' you mentioned, my opinion is that it is bad idea which will not resolve any of the problems, it will be abused only.

I have seen some big chat channels have message on join which tells "do not reply to this message or you will be banned" or something like that. Some bots (drones) reply so that's how they got banned. Some of them spam in different way and that's how they got banned. So, you just need one good code to protect the channel from spammers. Many channels are protected like that I may say. By an eggdrop. As DMSetup Administrator I know from where and how we get the infected clients. (in case you dont know dmsetup helps with malware related problems - I wont say anything else)

Best Regards,
Mit 8)



_________________
Dimitar Tnokovski aka Mitko
Image
Offline
 Profile  
 
 Post subject:
PostPosted: Mon Sep 26, 2005 1:39 pm 

Joined: Sun Apr 06, 2003 10:37 pm
Posts: 12
Location: Canada
Lion-O wrote:
Well, the silence is telling something. I guess people don't want this discussed anymore.

However, having suffered from 20+ netsplits in one day (I am aware of the different ircu versions being used on the network but really; if you put the blame for the increasing splits on that you're insulting ircu IMVHO) I'm wondering why people still need to be logged into services to get a cloaked hostmask. With all these splits thats becoming harder and harder to do.

So why not consider cloaking by default ? Thats also bound to make a lot of "fishing bots" obsolete thus perhaps relieving the network of some extra overhead. For example; replace the 1st or first 2 parts of the hostname with 'undernet'.

Lion-O!peter@myhostname.provider.nl could become Lion-O!peter@undernet.provider.nl. Or perhaps simply replace it entirely with "unregistered.undernet.org" which gets changed the moment you log onto services.

Just another 2 cents.


First of all, netsplit doesnt change anything to your hidden host. Once you logged in to X and set +x, your hidden host stay untill you disconnect, no matter if server or X split.

About your idea of having default hidden hostmask on connect, what about the users who doesnt want it? Lots of people want to keep their hostmask not hidden and they have all right to do so. For autoops/scripts etc and this without talking about banning issues.


Offline
 Profile  
 
 Post subject:
PostPosted: Mon Sep 26, 2005 2:35 pm 

Joined: Sun Sep 18, 2005 6:16 pm
Posts: 34
Location: Romania
let me see

There are 31404 users and 82510 invisible on 26 servers

and just now i have [744] bans active.
bans like *!*@20?.* like *!*@*.aol.com or like *!*@66.* *!*@*.t-dialin.net
or country/continent bans like *!*@.ca *!*@*.il all arin/lacnic/afrinic/apnic
and 80% of europe.
generaly i have about 1500 bans active daily. why?

cause one lamer have setting up proxy server and with a simple scaner
find out all the possibile proxies existened in world and via http tunneling and connected and joined automatically in my chan.also i have spam from zombies.spam from drones and rarely "want to be op" infected users.

you didnt know whois the lamer? mail sended to abuse mail.we say whois (all of them).
did you make something? purge one channel susspend 5 users accounts and nothing more.Scared logicaly to prevent DDos attack on servers.

so about what 40% are you talking about in the moment that i can demostrate you anytime that if i turn off the ban mashine(eggbot) and clear the banlist
you will see all the proxies existend from any part of the world connected on undernet and believe me is more than 10.000 daily.
i saw after a split how join the channel.
if you are curius just join #hellas without host *undernet.org(if you want to see the spam from zombies)

i can say that i am "proud" for the longest chan banlist all over the undernet.

Thats the truth.
Only if we demonstrate that any abuse have no sense they stop.
solutions like /silence or like /ignore everything exempt register users have no sense and can be considered annoying for limitation to free chat.
my propose has be done.I dont know if is possible to be effectuated.
more info on
http://forum.undernet.org/viewtopic.php?t=2116

In Undernet With Trust.

P.S. up to type the post the bans maded [823] and keep up.


Offline
 Profile  
 
 Post subject:
PostPosted: Mon Sep 26, 2005 4:23 pm 
Forum Moderator
User avatar

Joined: Fri Nov 19, 2004 9:51 pm
Posts: 594
Location: Europe
CrazyEgg, dude, it was already said there that you didn't understood the +D mode and you got wrong point. If you want to protect from drones, the only decision is to go and murder the drone runners. Simply, an IRC deamon cannot be perfection, there's nothing perfect. Even the wolrd is not perfect. If you make perfect IRC deamon which will use all the resources possible, the drones code will be perfect too. I wil repeat again, you got wrong point about the +D mode. Or, if you can do what you say (and I have no idea what you say since it's something illogical and bad english) then code it ? Think about that before the next reply.

Regrading what Lion-O said, either that way the servers won't be protected. And Undernet DOES protect the users with the +x mode already. But unfortunatelly the servers are not protected. So what will happen that way, if auto hidding is made and will be NOT if you ask me. The amount of ddos will be high, cause script kiddies will not be able to flood the clients, so they will simply flood(DdoS) all servers. Nice ? Not at all. Besides, what if someone doesn't want to hide the IP ? This was already discussed in another topic regrading hiding the IP by default so I am not going to OVER discuss it again, you may use the search button.

But, there is a way to stop it, with something that human MAY understand but bots can't. But, that way we should change the name of IRC, do not be IRC anymore. Since the IRC deamon will go far away from the IRC protocol standards (see RFC 1459 for more info). But honestly, so far, any of these ideas mentioned on this topic is not a real decision, just your own imagination and your wish. I will say again: NOT decision.

Please stop repeating same and old ideas which are not decisions.


Best Regards,
Mit 8)



_________________
Dimitar Tnokovski aka Mitko
Image
Offline
 Profile  
 
 Post subject:
PostPosted: Mon Sep 26, 2005 7:18 pm 

Joined: Wed Dec 11, 2002 10:16 pm
Posts: 11
Location: #linux
wulf wrote:
First of all, netsplit doesnt change anything to your hidden host. Once you logged in to X and set +x, your hidden host stay untill you disconnect, no matter if server or X split.

True.

However, I doubt that people will happily remain on a server once its splitted from the rest of the network. But; that is merely speculating.

Quote:
About your idea of having default hidden hostmask on connect, what about the users who doesnt want it?

Same as it is now; don't turn on usermode +x.



_________________
With kind regards, Lion-O
Offline
 Profile  
 
 Post subject:
PostPosted: Mon Sep 26, 2005 7:32 pm 

Joined: Wed Dec 11, 2002 10:16 pm
Posts: 11
Location: #linux
Mitko wrote:
Regrading what Lion-O said, either that way the servers won't be protected. And Undernet DOES protect the users with the +x mode already. But unfortunatelly the servers are not protected. So what will happen that way, if auto hidding is made and will be NOT if you ask me. The amount of ddos will be high, cause script kiddies will not be able to flood the clients, so they will simply flood(DdoS) all servers.

As if the servers aren't being DDoSS'ed right now...

Well, I can understand your reasoning but I don't agree with it. Not now where we're reaching a situation in which its almost starting to look as if the kiddies are basicly deciding on the policies to reduce the rising amounts of abuse while in fact they're a big (/biggest) cause themselves.

:-?, I guess thats politics.



_________________
With kind regards, Lion-O
Offline
 Profile  
 
 Post subject:
PostPosted: Wed Sep 28, 2005 1:45 pm 

Joined: Sun Sep 18, 2005 6:16 pm
Posts: 34
Location: Romania
dear mitko as you say i didnt understand the +D mode.
in the matter of truth i didnt want to understand a chan mode maded special for audits.
my english indeed are too bad.so i try to make you to understand the abuse at this time on undernet channels:

1.too many proxies.No just standard sock4 or 5 by default connected on 1080 but and many http proxies connected via http tunneling.
2.the most providers didnt give static ip to clients so lamers with a large band of dsl connection cannot be g-line cause change his ip with just a modem restart.
3.too many drones who try to make infected users with virused sites or send zip/jpg and any type of files onjoin.
4.too many infected users (zombies) cause come to IRC to chat and they didnt have any idea for all that what (connection on normal port)

now.what abuse are we talking about on undernet channels:
all type of floods: text flood,join/part flood private msg/notice/invite flood.
what kind of "weapons" can make flood: genocide,cyclon,devil bot,sdbot,zdbot,aggobot and many many others.

the question now:
what can we do to stop that abuse now and in the future?
if we consider as standar that its impossible to ban 2000 clones and 1000 drones daily and we cannot detect on connect all of them then we can demonstrate-if we can-that is unusefull to continue the abuse.
how?
just dont give the oportunity(to drone) to see the list of the channel and the users who joined the channel after the drones/floodbot etc.Just give the possibility to see the ops on channel and what the ops say onchannel. nothing more.
every channel have ops.they asume the responsability to make autovoice or to make a user unhide on channel.Also the +D mode is optionaly chan mode and not obligatory.
i dont say about search on connect for cloaked clients.i didnt say about nickserv or chanserv like the others networks.i didnt say to free mail for make register users. i didnt say about encrypted the ip or any other ideas.

just think that for every proxy/flood/drone exist and a ban.more resources on undernet consumed.

and at last.
the new ircd was neccesary to be maded cause many bugs that still exist like:
ban on 12length nick to x or like some special characters which is not recognisible from x.
now the +r was fine(at the beggining).why?
many ppl used dialup connection yet.yes thats the truth.in my country(hellas) sales card with units for internet access.(now i am in romania btw.)
so with this cards you didnt have mail.so its almost imposible to make register someone.
talk about what i realy know and no make speculation or imagine problems.
If you think that is not the solution lets talk about.The mode +D is the beggining and i saw how working.personaly i think that we wait about some months up to be functionaly 100%(bugs like op didnt see the joins).
I dont know what coders prepare.I have to trust them anyway cause they are irc chatters too and knows the problems.
now i hope to make some problems clear.i hope my english to not be so bad.I hope for little help.I hope to make chat and not join irc to make defence all time.
Hope die last!

In Undernet With Trust.


Offline
 Profile  
 
 Post subject:
PostPosted: Thu Sep 29, 2005 2:57 pm 
Senior Cservice Admin
User avatar

Joined: Sun Jul 06, 2003 2:47 am
Posts: 564
Location: Hamilton, New Zealand
Quote:
free up ONE free-mail like yahoo or hotmail for people who do not have a paid mail account, ON JOIN send them to register making it clear that they have NO SAY in creating/supporting channels if their registered username comes from that on freemail. That 14 days from when they register, their freemail registration will expire (save the glines)


as I say in #CService...
"Most freemails are blocked due to people abusing their services in order to abuse our services"
Most abusers already have hundreds of hotmail and/or yahoo accounts(to quote your example), and easily know how to create more

Your suggestion will actually generate a huge load on the services, effectively allow the abusers to register hundred of disposible accounts, making life harder for everyone, and only serve to encourage the abusers to further abuse the freemail server we would supposedly allow :(

Someone else mentioned having servers create a partial hidden host on connect, well I do not that isn't going to happen, this was thought about when the +x hodden host feature was created, but it was dumped. However what that is being worked on, is the ability to login on connect and get your +x hidden host on connect, but this feature is still a long way off :(


Offline
 Profile  
 
 Post subject:
PostPosted: Fri Sep 30, 2005 7:59 pm 
Forum Moderator
User avatar

Joined: Tue Feb 17, 2004 11:12 am
Posts: 760
Location: Romania
Actually xplora it`s not so hard to set the +x on connect, the login part is difficult. But if you are not logged in the +x on connect will have no effect on your host, but it will auto change into username.users.undernet.org the moment you login.



_________________
sirAndrew @ Undernet.org

8 years on this forum and i'm still the #1 poster around.
Offline
 Profile  
 
 Post subject:
PostPosted: Sat Oct 01, 2005 3:53 am 
User avatar

Joined: Sat Feb 14, 2004 3:49 pm
Posts: 408
Location: Southeast Asia, Philippines
it's not that hard for those lazy users around you can add those in the Perform commands or make something good in your remotes section.



_________________
I love Maria Katrina Rey
Offline
 Profile  
 
 Post subject:
PostPosted: Sun Jan 07, 2007 4:30 am 

Joined: Sun Jan 07, 2007 4:15 am
Posts: 3
Location: Undisclosed
Quote:
if we consider as standar that its impossible to ban 2000 clones



heheh.. you are crazy, i loaded a 2800 with port 1080, just block socks4/5 ports 1080 and u can stop a lot of abuse. Usually nobody really uses this f0cking port, and its only open if its a hacked box or sometimes shows open if u run a winBnc. so even if Opers ban this port real users are not affected.. *Amazed*


Offline
 Profile  
 
Display posts from previous:  Sort by  
 Page 3 of 4 [ 47 posts ]  Go to page Previous  1, 2, 3, 4  Next

All times are UTC [ DST ]


Who is online

Users browsing this forum: No registered users and 1 guest


You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot post attachments in this forum

Search for:
Jump to: