forked from External/ergo
Shivaram Lingamneni
parent
57f2857e83
commit
a7ca6601c7
6 changed files with 150 additions and 29 deletions
|
|
@ -35,6 +35,7 @@ _Copyright © Daniel Oaks <daniel@danieloaks.net>, Shivaram Lingamneni <slingamn
|
|||
- Multiclient ("Bouncer")
|
||||
- History
|
||||
- IP cloaking
|
||||
- Moderation
|
||||
- Frequently Asked Questions
|
||||
- IRC over TLS
|
||||
- Modes
|
||||
|
|
@ -362,6 +363,26 @@ Oragono supports cloaking, which is enabled by default (via the `server.ip-cloak
|
|||
|
||||
Setting `server.ip-cloaking.num-bits` to 0 gives users cloaks that don't depend on their IP address information at all, which is an option for deployments where privacy is a more pressing concern than abuse. Holders of registered accounts can also use the vhost system (for details, `/msg HostServ HELP`.)
|
||||
|
||||
|
||||
## Moderation
|
||||
|
||||
Oragono's multiclient and always-on features mean that moderation (at the server operator level) requires different techniques than a traditional IRC network. Server operators have three principal tools for moderation:
|
||||
|
||||
1. `/NICKSERV SUSPEND`, which disables a user account and disconnects all associated clients
|
||||
2. `/DLINE ANDKILL`, which bans an IP or CIDR and disconnects clients
|
||||
3. `/DEFCON`, which can impose emergency restrictions on user activity in response to attacks
|
||||
|
||||
See the `/HELP` (or `/HELPOP`) entries for these commands for more information, but here's a rough workflow for mitigating spam or other attacks:
|
||||
|
||||
1. Subscribe to the `a` snomask to monitor for abusive registration attempts (this is set automatically in the default operator config, but can be added manually with `/mode mynick +s u`)
|
||||
2. Given abusive traffic from a nickname, identify whether they are using an account (this should be displayed in `/WHOIS` output)
|
||||
3. If they are using an account, suspend the account with `/NICKSERV SUSPEND`, which will disconnect them
|
||||
4. If they are not using an account, or if they're spamming new registrations from an IP, determine the IP (either from `/WHOIS` or from account registration notices) and temporarily `/DLINE` their IP
|
||||
5. When facing a flood of abusive registrations that cannot be stemmed with `/DLINE`, use `/DEFCON 4` to temporarily restrict registrations. (At `/DEFCON 2`, all new connections to the server will require SASL, but this will likely be disruptive to legitimate users as well.)
|
||||
|
||||
For channel operators, as opposed to server operators, most traditional moderation tools should be effective. In particular, bans on cloaked hostnames (e.g., `/mode #chan +b *!*@98rgwnst3dahu.my.network`) should work as expected. With `force-nick-equals-account` enabled, channel operators can also ban nicknames (with `/mode #chan +b nick`, which Oragono automatically expands to `/mode #chan +b nick!*@*` as a way of banning an account.)
|
||||
|
||||
|
||||
-------------------------------------------------------------------------------------------
|
||||
|
||||
|
||||
|
|
|
|||
Loading…
Add table
Add a link
Reference in a new issue