unrealircd

- supernets unrealircd source & configuration
git clone git://git.acid.vegas/unrealircd.git
Log | Files | Refs | Archive | README | LICENSE

commit d266e652b7618bcb29a9156368f022048d08cb73
parent e6a345f08341dacd68830ae5157e9fe8ba9567e9
Author: acidvegas <acid.vegas@acid.vegas>
Date: Sat, 30 Sep 2023 20:41:45 -0400

Hidden service changes

Diffstat:
Mdoc/conf/except.conf | 21+++++++++++++++++----
Mdoc/conf/unrealircd.remote.conf | 12++++++++++--
Ddoc/conf/unrealircd.tor.conf | 210-------------------------------------------------------------------------------

3 files changed, 27 insertions(+), 216 deletions(-)

diff --git a/doc/conf/except.conf b/doc/conf/except.conf
@@ -6,13 +6,26 @@ except ban {
 	type { all; }
 }
 
+# Tor Hidden Service
+except ban {
+	mask { ip 127.0.0.2; }
+	type { blacklist; connect-flood; maxperip; handshake-data-flood; }
+}
+
 # Local
 except ban {
 	mask {
-		ip { 127.0.0.1; ::1; }
-		#ip { 0.0.0.0; }
-		ip { 37.187.119.203; 51.75.161.177; 135.125.132.246; 151.80.60.156; }
-		ip { 2001:41d0:801:2000::1099; 2001:41d0:302:2200::43c; 2001:41d0:701:1100::5772; }
+		ip { 127.0.0.1; ::1;  }
+		ip { 198.251.80.56;   } # blackhole
+		ip { 149.202.251.251; } # blackflag
+		ip { 54.36.102.218;   } # contra
+		ip { 45.61.188.116;   } # darpa
+		ip { 51.89.151.158;   } # gator
+		ip { 198.98.52.138;   } # nutty
+		ip { 45.153.48.83;    } # scram
+		ip { 107.174.158.185; } # shrimp
+		ip { 65.75.209.67;    } # war
+		ip { 139.144.202.79;  } # wildwest
 	}
 	type { all; }
 }

diff --git a/doc/conf/unrealircd.remote.conf b/doc/conf/unrealircd.remote.conf
@@ -22,18 +22,26 @@ alias os { target operserv; type services; }
 class clients { pingfreq 120; maxclients  100; sendq  25M; recvq 32k; }
 class known   { pingfreq 120; maxclients  250; sendq  50M; recvq 32k; }
 class local   { pingfreq 300; maxclients 1000; sendq  50M; options { nofakelag; } }
-class servers { pingfreq 120; maxclients   10; sendq 100M; connfreq 15;           }
+class tor     { pingfreq 300; maxclients  100; sendq  25M; }
+class servers { pingfreq 120; maxclients   10; sendq 100M; connfreq 15; }
 
 allow { mask *;                              class clients; maxperip 2;    global-maxperip 2; }
 allow { mask { security-group known-users; } class known;   maxperip 3;    global-maxperip 3; }
 allow { mask { 127.0.0.1; ::1;             } class local;   maxperip 1000; global-maxperip 1000; password "simpsonsfan"; }
+allow { mask { 127.0.0.2;                  } class tor;     maxperip 100;  global-maxperip 100; }
 
 listen { ip *; port 6660–6669; options { clientsonly;      } }
 listen { ip *; port 7000;      options { clientsonly;      } }
 listen { ip *; port REDACTED;  options { serversonly; tls; } }
+#listen {
+#	file "/etc/tor/unrealircd/tor_ircd.socket";
+#	mode 0777;
+#	spoof-ip 127.0.0.2;
+#	options { tls; }
+#}
 
 #require authentication {
-#	mask { ip *; }
+#	mask { *@127.0.0.2; }
 #	reason "$VOID";
 #}
 

diff --git a/doc/conf/unrealircd.tor.conf b/doc/conf/unrealircd.tor.conf
@@ -1,209 +0,0 @@
-@define $VOID "8,4   E N T E R   T H E   V O I D   ";
-
-admin {
-	"4Administrator: Brandon Brown      14(aka MRCHATS)  6branbran89@supernets.org";
-	"    4Moderator: Bristopher Manning 14(aka delorean) 6simpsonsfan95@supernets.org";
-	"        4Sales: Branthony Bronson  14(aka pyrex)    6showercaphandgun@supernets.org";
-	"";
-	"Feel free to chat with us in #5000 for network help & support!";
-}
-
-alias botserv { type services; }
-alias bs { target botserv; type services; }
-alias chanserv { type services; }
-alias cs { target chanserv; type services; }
-alias hostserv { type services; }
-alias hs { target hostserv; type services; }
-alias nickserv { type services; }
-alias ns { target nickserv; type services; }
-alias operserv { type services; }
-alias os { target operserv; type services; }
-
-class clients { pingfreq 120; maxclients  100; sendq  1M; options { nofakelag; } }
-class servers { pingfreq 120; maxclients   10; sendq 50M; connfreq 15;           }
-
-allow { mask { ip 0.0.0.0; class clients; maxperip 100; global-maxperip 100; }
-
-listen { ip *; port REDACTED;  options { serversonly; tls; } }
-listen { file "/etc/tor/unrealircd/tor_ircd.socket"; mode 0777; spoof-ip 127.0.0.2; options { tls; } }
-
-#require authentication {
-#	mask { ip 0.0.0.0; }
-#	reason "$VOID";
-#};
-
-deny channel { channel "#help";     reason "This channel has moved to #superbowl"; redirect "#superbowl"; }
-deny channel { channel "#mensa";    reason "This channel has been closed";         redirect "#superbowl"; }
-deny channel { channel "#pumpcoin"; reason "This channel has moved to #exchange";  redirect "#exchange";  }
-
-link irc.supernets.org {
-	incoming { mask REDACTED; }
-	outgoing {
-		bind-ip *;
-		hostname REDACTED;
-		port REDACTED;
-		options { tls; autoconnect; }
-	}
-	password "REDACTED" { spkifp; }
-	class servers;
-}
-
-log {
-	source { error; fatal; warn; }
-	destination { file "ircd.log" { maxsize 5M; } }
-}
-
-log {
-	source { antimixedutf8; antirandom; connthrottle; flood; htm; kill; listen; link; oper; sacmds; }
-	destination { channel "#syslog"; }
-}
-
-tld { mask *@*; motd remote.motd; rules remote.motd; options { remote; } }
-
-ulines { services.supernets.org; }
-
-set {
-	kline-address "enterthevoid@supernets.org"; # replace with onion address
-	gline-address "enterthevoid@supernets.org"; # replace with onion address
-	modes-on-connect "+iIpTx";
-	modes-on-oper "+Hq";
-	snomask-on-oper "+o";
-	modes-on-join "+ns";
-	level-on-join "op";
-	restrict-usermodes "ips";
-	restrict-channelmodes "nLpPs";
-	restrict-commands {
-		channel-message { except { connect-time 15;  identified yes; } }
-		channel-notice  { except { connect-time 60;  identified yes; } }
-		invite          { except { connect-time 300; identified yes; } }
-		join            { except { connect-time 15;  identified yes; } }
-		list            { except { connect-time 30;  identified yes; } }
-		private-message { except { connect-time 300; identified yes; } }
-		private-notice  { except { connect-time 300; identified yes; } }
-	}
-	auto-join "#tor";
-	who-limit 0;
-	nick-length 20;
-	maxchannelsperuser 10;
-	channel-command-prefix "`!@$.";
-	topic-setter nick;
-	ban-setter nick;
-	options { hide-ulines; flat-map; identd-check; }
-	network-name "SuperNETs";
-	default-server "irc.supernets.org";
-	services-server "services.supernets.org";
-	sasl-server "services.supernets.org";
-	help-channel "#superbowl";
-	cloak-method ip;
-	cloak-keys {
-		"REDACTED";
-		"REDACTED";
-		"REDACTED";
-	}
-	cloak-prefix "ONION";
-	#tls {
-	#	options { fail-if-no-clientcert; }
-	#}
-	outdated-tls-policy {
-		user warn;
-		oper deny;
-		server deny;
-		user-message "4WARNING: You are using an outdated TLS protocol or cipher";
-		oper-message "Network operators must be using an up-to-date TLS protocol & cipher";
-	}
-	anti-flood {
-		channel {
-			profile defcon { flood-mode "[10j#R5,500m#M5,10n#N5,10k#K5]:15"; }
-			boot-delay 75;
-			split-delay 75;
-		}
-		everyone {
-			away-flood   3:300;
-			invite-flood 3:300;
-			knock-flood  3:300;
-			handshake-data-flood {
-				amount 4k;
-				ban-action gzline;
-				ban-time 1h;
-			}
-		}
-		known-users {
-			connect-flood 10:300;
-			join-flood    10:300;
-			nick-flood    10:300;
-			max-concurrent-conversations { users 5; new-user-every 60s; }
-			lag-penalty 10; # update?
-			lag-penalty-bytes 0;
-		}
-		unknown-users {
-			connect-flood 3:300;
-			join-flood    3:300;
-			nick-flood    3:300;
-			max-concurrent-conversations { users 2; new-user-every 120s; }
-			lag-penalty 1000;
-			lag-penalty-bytes 90;
-		}
-	}
-	default-bantime 30d;
-	modef-default-unsettime 5;
-	spamfilter {
-		ban-time 30d;
-		ban-reason "$VOID";
-		utf8 yes;
-		except "#anythinggoes";
-	}
-	max-targets-per-command { kick 1; part 1; privmsg 1; }
-	hide-ban-reason yes;
-	reject-message {
-		gline                "$VOID";
-		kline                "$VOID";
-		password-mismatch    "$VOID";
-		server-full          "$VOID";
-		too-many-connections "$VOID";
-		unauthorized         "$VOID";
-	}
-	antimixedutf8 {
-		score 8;
-		ban-action block;
-		ban-reason "$VOID";
-	}
-	connthrottle {
-		except        { reputation-score 100; identified yes; webirc yes; }
-		new-users     { local-throttle 20:60; global-throttle 30:60;      }
-		disabled-when { reputation-gathering 1w; start-delay 3m;          }
-		reason "$VOID";
-	}
-	history {
-		channel {
-			playback-on-join { lines 1000; time 1d; }
-			max-storage-per-channel {
-				registered   { lines 1000; time 1d; } 
-				unregistered { lines 100;  time 1h; } 
-			}
-		}
-	}
-	manual-ban-target ip;
-	hide-idle-time { policy always; }
-	whois-details {
-		channels        { everyone none; self full; oper full; }
-		reputation      { everyone full;                       }
-		server          { everyone none; self full; oper full; }
-		swhois          { everyone full;                       }
-	}
-}
-
-set unknown-users {
-	static-quit "EMO-QUIT";
-	static-part "EMO-PART";
-}
-
-hideserver {
-	disable-map yes;
-	disable-links yes;
-	map-deny-message "$VOID";
-	links-deny-message "$VOID";
-}
-
-security-group known-users {
-	identified yes;
-}
-\ No newline at end of file