Page MenuHomeDevCentral

Ban automatically Excess Flood hosts on #wikipedia-fr
ClosedPublic

Authored by dereckson on Jul 29 2015, 18:44.
Referenced Files
F3763637: D31.diff
Fri, Nov 22, 01:17
Unknown Object (File)
Mon, Nov 18, 18:05
Unknown Object (File)
Wed, Nov 13, 08:55
Unknown Object (File)
Wed, Nov 13, 03:17
Unknown Object (File)
Tue, Nov 5, 16:25
Unknown Object (File)
Tue, Nov 5, 16:20
Unknown Object (File)
Tue, Nov 5, 15:28
Unknown Object (File)
Tue, Nov 5, 13:58
Subscribers

Details

Summary

If an unknown user from specified hosts quits in Excess flood,
with a 3-5 nick length, the bot will automatically put a ban.

New registry keys:

  • protection.botnet.hosts: the hosts to ban, * allowed
  • protection.botnet.banreason: the ban reason
  • protection.botnet.banduration: the ban duration in minutes

New helper procedures in core:

  • gethost: extracts the host part of a [nick!]user@host string
  • isipv4, isipv6, isip: determines if a string is an ip

Fixes T515.

Test Plan
  • Deploy on Daeghrefn
  • See how it behaves at the next attack

Diff Detail

Repository
rVIPERSERV ViperServ scripts [legacy Mercurial repo]
Lint
No Lint Coverage
Unit
No Test Coverage
Branch
master (bookmark) on default (branch)
Build Status
Buildable 18
Build 18: arc lint + arc unit

Event Timeline

dereckson retitled this revision from to Ban automatically Excess Flood hosts on #wikipedia-fr.
dereckson updated this object.
dereckson edited the test plan for this revision. (Show Details)
dereckson added a subscriber: rama.

Fixed typo in variable name

[sign:excessflood]: can't read "hot": no such variable

The protection works, but ban duration is in minutes, not in seconds.

On the channel:

19:38:11 -!- kuqdu [~kuqdu@ARennes-656-1-288-2.w2-10.abo.wanadoo.fr] has quit [Excess Flood]
19:38:12 -!- mode/#wikipedia-fr [+b *!*@ARennes-656-1-288-2.w2-10.abo.wanadoo.fr] by Daeghrefn

On the partyline:

19:44:54 <Dereckson> .bans
19:44:54 <Daeghrefn> Bans globaux:
19:44:54 <Daeghrefn> Bans spécifiques au canal #wikipedia-fr:  (* = non placé par le bot)
19:44:54 <Daeghrefn>   [  1] *!*@ARennes-656-1-288-2.w2-10.abo.wanadoo.fr (expires in 59 days) (sticky)
19:44:54 <Daeghrefn>         Daeghrefn!surfboard@wikimedia/bo: Cette adresse semble compromise et appartenir à un botnet.
19:44:54 <Daeghrefn>         Créé 19:38
[...]
This revision was automatically updated to reflect the committed changes.

Revision commit message updated: seconds → minutes

I've also updated in our registry protection.botnet.banduration to 1440.