Page MenuHomeDevCentral
Differential D31

Ban automatically Excess Flood hosts on #wikipedia-fr
ClosedPublic
Actions

Authored by dereckson on Jul 29 2015, 18:44.
Tags
Referenced Files
Unknown Object (File)
Wed, May 7, 18:39
Unknown Object (File)
Mon, May 5, 15:30
Unknown Object (File)
Sat, May 3, 19:45
Unknown Object (File)
Sat, May 3, 11:03
Unknown Object (File)
Sat, May 3, 09:11
Unknown Object (File)
Sat, May 3, 04:05
Unknown Object (File)
Fri, May 2, 09:43
Unknown Object (File)
Thu, May 1, 12:02
View All Files
Subscribers
rama

Details

Reviewers
None
Maniphest Tasks
T515: Ban automatically Excess Flood hosts on #wikipedia-fr
Commits
rVIPER6d9fc047f06b: Ban automatically Excess Flood hosts on #wikipedia-fr
rVIPERSERV45e7c962a62d: Ban automatically Excess Flood hosts on #wikipedia-fr
Summary

If an unknown user from specified hosts quits in Excess flood,
with a 3-5 nick length, the bot will automatically put a ban.

New registry keys:

  • protection.botnet.hosts: the hosts to ban, * allowed
  • protection.botnet.banreason: the ban reason
  • protection.botnet.banduration: the ban duration in minutes

New helper procedures in core:

  • gethost: extracts the host part of a [nick!]user@host string
  • isipv4, isipv6, isip: determines if a string is an ip

Fixes T515.

Test Plan
  • Deploy on Daeghrefn
  • See how it behaves at the next attack

Diff Detail

Repository
rVIPERSERV ViperServ scripts [legacy Mercurial repo]
Lint
No Lint Coverage
Unit
No Test Coverage
Branch
master (bookmark) on default (branch)
Build Status
Buildable 18
Build 18: arc lint + arc unit

Event Timeline

dereckson updated this revision to Diff 63.Jul 29 2015, 18:44
dereckson retitled this revision from to Ban automatically Excess Flood hosts on #wikipedia-fr.
dereckson updated this object.
dereckson edited the test plan for this revision. (Show Details)
dereckson added a task: T515: Ban automatically Excess Flood hosts on #wikipedia-fr.
dereckson added a subscriber: rama.
dereckson updated this revision to Diff 64.Jul 29 2015, 19:33

Fixed typo in variable name

[sign:excessflood]: can't read "hot": no such variable

dereckson planned changes to this revision.Jul 29 2015, 19:46

The protection works, but ban duration is in minutes, not in seconds.

On the channel:

19:38:11 -!- kuqdu [~kuqdu@ARennes-656-1-288-2.w2-10.abo.wanadoo.fr] has quit [Excess Flood]
19:38:12 -!- mode/#wikipedia-fr [+b *!*@ARennes-656-1-288-2.w2-10.abo.wanadoo.fr] by Daeghrefn

On the partyline:

19:44:54 <Dereckson> .bans
19:44:54 <Daeghrefn> Bans globaux:
19:44:54 <Daeghrefn> Bans spécifiques au canal #wikipedia-fr:  (* = non placé par le bot)
19:44:54 <Daeghrefn>   [  1] *!*@ARennes-656-1-288-2.w2-10.abo.wanadoo.fr (expires in 59 days) (sticky)
19:44:54 <Daeghrefn>         Daeghrefn!surfboard@wikimedia/bo: Cette adresse semble compromise et appartenir à un botnet.
19:44:54 <Daeghrefn>         Créé 19:38
[...]
dereckson updated this object.Jul 29 2015, 19:49
dereckson added projects: Dæghrefn, Wikimedia.
Closed by commit rVIPERSERV45e7c962a62d: Ban automatically Excess Flood hosts on #wikipedia-fr (authored by dereckson). · Explain WhyJul 29 2015, 19:52
This revision was automatically updated to reflect the committed changes.
dereckson added a comment.Jul 29 2015, 19:55

Revision commit message updated: seconds → minutes

I've also updated in our registry protection.botnet.banduration to 1440.

Revision Contents
Changeset List

PathSize
86 lines
Daeghrefn/
38 lines

Diff 63

View Options

Core.tcl

Loading...
View Options

Daeghrefn/Channel.tcl

Loading...
Nasqueron DevCentral · If it had been much bigger the moon would have had a core of ice. · Powered by Phabricator