Home Explore Help
Register Sign In
EPuters_Mirrors
/
almanack_mirror
Watch 2
Star 0
Fork 0
Files Issues 0 Pull Requests 0 Wiki
Branch: main
Branches Tags
almanack_mir...
/
wiki.d
/
Stopm.Stopm

Stopm.Stopm 28 KB
Permalink History Raw

12345678910111213141516171819202122232425262728293031323334353637383940414243444546474849505152 
  1. version=pmwiki-2.2.130 ordered=1 urlencoded=1
    2. 

  2. agent=Mozilla/5.0 (X11; OpenBSD amd64; rv:82.0) Gecko/20100101 Firefox/82.0
    3. 

  3. author=jrmu
    4. 

  4. charset=UTF-8
    5. 

  5. csum=
    6. 

  6. ctime=1601865020
    7. 

  7. host=125.224.24.163
    8. 

  8. name=Stopm.Stopm
    9. 

  9. rev=13
    10. 

  10. targets=Openbsd.Rbldns,Openbsd.Acopm
    11. 

  11. text=Statistical Open Proxy Monitor (STOPM)%0a%0a!! Motivation%0a%0aWe want a chat platform that normal people can use without reading manuals. We don't want a social network for elitists, we want a social network for normal users.%0a%0aMost networks today use clumsy ways of dealing with spam and ban evasion. They do an IP address lookup and check if the IP is present on [[openbsd/rbldns|an RBL]]. If so, they ban the user. This unfortunately ends up banning a lot of innocent users. Users behind VPNs and tor are often banned, as are users who have bad ISPs.%0a%0aHere are some examples:%0a%0a# Some networks completely ban tor or force tor users to first register using a non-tor IP (which defeats the purpose of tor)%0a# Channel operators often set public channels to +R, which forces every use to register before they can chat. Some channels outright ban tor. This prevents unregistered users from chatting, which severely reduces privacy and makes it hard for new users to join.%0a# Users with bad residential ISPs are banned by default because their ISP has a reputation for spam; the entire IP range is placed on a blacklist.%0a# If you try to connect to Freenode from a blacklisted residential ISP, you are forced to install and authenticate using SASL (confusing for new users):\\%0a[@%0a16:45 !cherryh.freenode.net *** Notice -- You need to identify via SASL to use this server%0a16:45 -!- ERROR Closing Link: 10.0.0.1 (SASL access only)%0a@]%0a# Forcing SASL authentication has caused over 95%25 of our znc users to quit using SimoSnap%0a# +l limits to prevent flooding may prevent normal users from joining if limits aren't updated%0a# +Z which bans non-SSL users will ban lots of mIRC 6.x users who lack SSL%0a%0aUnrealIRCd and InspIRCd do not solve spam problems intuitively. They use almost a hundred different flags to ban innocent users in almost a hundred different ways. IRCNow bouncers were only recently banned by some inexperienced Unreal opers. Just a few days ago, they gave us express permission to connect with an iline, then recently Z-lined our IPs by accident for being proxies.%0a%0aAccidental banning happens on a daily basis because UnrealIRCd is too confusing for average users to administer. Channel ops also struggle to be able to administer their own channels because of the needlessly complex settings.%0a%0aHere are some example flags that are highly confusing and of no use:%0a%0a[@%0aD 	chanmodes/delayjoin 	Delays someone's JOIN message until that person speaks. Chanops and higher, opers and ulines/services are exempt. 	Requires +o or higher %0aQ 	chanmodes/nokick 	No /KICK allowed. Can be used to force all chanops to use Services for kicking. Unusual, but possible. %0aV 	chanmodes/noinvite 	/INVITE is not permitted. %0a@]%0a%0a!! Introducing STOPM%0a%0aThe STatistical Open Proxy Monitor (STOPM) is IRCNow's attempt at a good spam filtering system. It is designed to work automatically and should not require admins or users to memorize an endless series of flags.%0a%0aWe believe an intelligent policy will consider a user's fingerprints holistically and assign a statistical probability to guess whether or not it might be a spam bot.%0a%0aA spam system has to be able to scale for a network with >50,000 users and determined attackers. To do this, we must build our own spam fighting system.%0a%0a"The sculptor can more easily carve a fair statue from a rough block, than from the block which has been badly shaped out by another"%0a%0a!! How STOPM works%0a%0aA spam probability score will be assigned ranging from 0.0000 (not spam) to 1.0000 (spam) based on a combination of factors:%0a%0a# Does the IP address appear on an [[openbsd/rbldns|RBL]]?%0a# Does the IP address have DNS and rDNS properly configured?%0a# Does the IP address come from a residential IP or VPN or other proxy?%0a# Is the IP address an open proxy based on port scans?%0a# Is ident enabled?%0a# Did the client use SSL?%0a# Does the irc client respond to CTCP requests?%0a# Does the client have a proper realname and username?%0a%0aWe can also combine this with http and smtp fingerprinting done by services to build a spam score that won't ban innocent users.%0a%0a!! Fork ACOPM%0a%0aWe will use [[openbsd/acopm|ACOPM]] as our base because it is a minimal open proxy monitor, which we can then customize to our needs.
    12. 

  12. time=1612096615
    13. 

  13. author:1612096615=jrmu
    14. 

  14. diff:1612096615:1612096380:=58,62c58%0a%3c We can also combine this with http and smtp fingerprinting done by services to build a spam score that won't ban innocent users.%0a%3c %0a%3c !! Fork ACOPM%0a%3c %0a%3c We will use [[openbsd/acopm|ACOPM]] as our base because it is a minimal open proxy monitor, which we can then customize to our needs.%0a\ No newline at end of file%0a---%0a> We can also combine this with http and smtp fingerprinting done by services to build a spam score that won't ban innocent users.%0a\ No newline at end of file%0a
    15. 

  15. host:1612096615=125.224.24.163
    16. 

  16. author:1612096380=jrmu
    17. 

  17. diff:1612096380:1612095754:=50,58c50,53%0a%3c # Does the IP address have DNS and rDNS properly configured?%0a%3c # Does the IP address come from a residential IP or VPN or other proxy?%0a%3c # Is the IP address an open proxy based on port scans?%0a%3c # Is ident enabled?%0a%3c # Did the client use SSL?%0a%3c # Does the irc client respond to CTCP requests?%0a%3c # Does the client have a proper realname and username?%0a%3c %0a%3c We can also combine this with http and smtp fingerprinting done by services to build a spam score that won't ban innocent users.%0a\ No newline at end of file%0a---%0a> 16:41 %3c~jrmu> based on a large combination of factors like whether SSL is enabled, %0a>               whether ident is enabled, whether rdns matches fcdns%0a> 16:41 %3c~jrmu> whether the IP is on a blacklist, whether the irc client replies to CTCP %0a>               and whois requests%0a
    18. 

  18. host:1612096380=125.224.24.163
    19. 

  19. author:1612095754=jrmu
    20. 

  20. diff:1612095754:1612095529:=35,42c35,40%0a%3c !! Introducing STOPM%0a%3c %0a%3c The STatistical Open Proxy Monitor (STOPM) is IRCNow's attempt at a good spam filtering system. It is designed to work automatically and should not require admins or users to memorize an endless series of flags.%0a%3c %0a%3c We believe an intelligent policy will consider a user's fingerprints holistically and assign a statistical probability to guess whether or not it might be a spam bot.%0a%3c %0a%3c A spam system has to be able to scale for a network with >50,000 users and determined attackers. To do this, we must build our own spam fighting system.%0a%3c %0a---%0a> A good spam filtering system should work automatically and should not require admins or users to memorize an endless series of flags.%0a> %0a> An intelligent policy will consider a user's fingerprints holistically and assign a statistical probability to guess whether or not it might be a spam bot.%0a> %0a> A spam system has to be able to scale for a network with >50,000 users and determined attackers. To do this, we should build our own spam fighting system.%0a> %0a45,49c43,45%0a%3c !! How STOPM works%0a%3c %0a%3c A spam probability score will be assigned ranging from 0.0000 (not spam) to 1.0000 (spam) based on a combination of factors:%0a%3c %0a%3c # Does the IP address appear on an [[openbsd/rbldns|RBL]]?%0a---%0a> %0a> %0a> 16:41 %3c~jrmu> but basically the idea is to assign a spam probability score%0a
    21. 

  21. host:1612095754=125.224.24.163
    22. 

  22. author:1612095529=jrmu
    23. 

  23. diff:1612095529:1612095148:=5,6d4%0a%3c We want a chat platform that normal people can use without reading manuals. We don't want a social network for elitists, we want a social network for normal users.%0a%3c %0a11,12c9,10%0a%3c # Some networks completely ban tor or force tor users to first register using a non-tor IP (which defeats the purpose of tor)%0a%3c # Channel operators often set public channels to +R, which forces every use to register before they can chat. Some channels outright ban tor. This prevents unregistered users from chatting, which severely reduces privacy and makes it hard for new users to join.%0a---%0a> # Freenode forces tor users to first register using a non-tor IP (which defeats the purpose of tor)%0a> # Freenode channel operators set most public channels as +R, which forces every use to register before they can chat. Some channels outright ban tor. This prevents unregistered users from chatting, which severely reduces privacy and makes it hard for new users to join.%0a23,28c21,24%0a%3c UnrealIRCd and InspIRCd do not solve spam problems intuitively. They use almost a hundred different flags to ban innocent users in almost a hundred different ways. IRCNow bouncers were only recently banned by some inexperienced Unreal opers. Just a few days ago, they gave us express permission to connect with an iline, then recently Z-lined our IPs by accident for being proxies.%0a%3c %0a%3c Accidental banning happens on a daily basis because UnrealIRCd is too confusing for average users to administer. Channel ops also struggle to be able to administer their own channels because of the needlessly complex settings.%0a%3c %0a%3c Here are some example flags that are highly confusing and of no use:%0a%3c %0a---%0a> UnrealIRCd and InspIRCd do not solve spam problems intuitively. They use almost a hundred different flags to ban innocent users in almost a hundred different ways. IRCNow was only recently banned by some inexperienced Unreal opers. Just a few days ago, they gave us express permission to connect with an iline, then recently Z-lined our IPs by accident for being proxies. This happens on a daily basis because UnrealIRCd is too confusing to administer. Channel ops also struggled to be able to administer their own channels because of the needlessly complex settings.%0a> %0a> Here are some confusing settings:%0a> %0a35,41c31,49%0a%3c A good spam filtering system should work automatically and should not require admins or users to memorize an endless series of flags.%0a%3c %0a%3c An intelligent policy will consider a user's fingerprints holistically and assign a statistical probability to guess whether or not it might be a spam bot.%0a%3c %0a%3c A spam system has to be able to scale for a network with >50,000 users and determined attackers. To do this, we should build our own spam fighting system.%0a%3c %0a%3c "The sculptor can more easily carve a fair statue from a rough block, than from the block which has been badly shaped out by another"%0a---%0a> A good spam filtering system should work automatically and should not require either admins or users to memorize an endless series of flags.%0a> %0a> A more intelligent policy is to consider a user's fingerprints holistically and assign a statistical probability that he might be a spammer.%0a> %0a> We want a chat platform that normal people can use without reading manuals. We don't want a social network for elitist nerds, we want a social network for the users.%0a> %0a> 17:00 %3c~jrmu> they basically had to force every channel to +R%0a> 17:00 %3c~jrmu> that costs freenode a lot of users%0a> 17:00 %3c~jrmu> the blacklisting by ip model is just not that great, in my opinion%0a> 17:01 %3c~jrmu> it's not necessarily freenode's fault but when you have a big network %0a>               with >50,000 users and determined attackers%0a> 17:01 %3c~jrmu> you need a more intelligent approach to spam%0a> 17:01 %3c~jrmu> something probabilistic%0a> 17:08 %3c~jrmu> our network right now if I had to be honest with you%0a> 17:08 %3c~jrmu> is much more primitive than other networks%0a> 17:08 %3c~jrmu> because almost everything will be coded from new%0a> 17:09 %3c~jrmu> My philosophy is ``the sculptor can more easily carve a fair statue from %0a>               a rough block, than from the block which has been badly shaped out by %0a>               another''%0a
    24. 

  24. host:1612095529=125.224.24.163
    25. 

  25. author:1612095148=jrmu
    26. 

  26. diff:1612095148:1612093842:=9,12c9,11%0a%3c # Freenode forces tor users to first register using a non-tor IP (which defeats the purpose of tor)%0a%3c # Freenode channel operators set most public channels as +R, which forces every use to register before they can chat. Some channels outright ban tor. This prevents unregistered users from chatting, which severely reduces privacy and makes it hard for new users to join.%0a%3c # Users with bad residential ISPs are banned by default because their ISP has a reputation for spam; the entire IP range is placed on a blacklist.%0a%3c # If you try to connect to Freenode from a blacklisted residential ISP, you are forced to install and authenticate using SASL (confusing for new users):\\%0a---%0a> # Freenode, for example, forces tor users to first register using a non-tor IP (which defeats the purpose of tor)%0a> # Users with bad residential ISPs are banned by default because their ISP has a reputation for spam; the entire IP range is placed on a blacklist. If you try to connect to Freenode from such a residential ISP, you are forced to install and authenticate using SASL:%0a> %0a17,25c16,18%0a%3c # Forcing SASL authentication has caused over 95%25 of our znc users to quit using SimoSnap%0a%3c # +l limits to prevent flooding may prevent normal users from joining if limits aren't updated%0a%3c # +Z which bans non-SSL users will ban lots of mIRC 6.x users who lack SSL%0a%3c %0a%3c UnrealIRCd and InspIRCd do not solve spam problems intuitively. They use almost a hundred different flags to ban innocent users in almost a hundred different ways. IRCNow was only recently banned by some inexperienced Unreal opers. Just a few days ago, they gave us express permission to connect with an iline, then recently Z-lined our IPs by accident for being proxies. This happens on a daily basis because UnrealIRCd is too confusing to administer. Channel ops also struggled to be able to administer their own channels because of the needlessly complex settings.%0a%3c %0a%3c Here are some confusing settings:%0a%3c %0a%3c [@%0a---%0a> %0a> UnrealIRCd and InspIRCd do not solve spam problems intuitively. They use almost a hundred different flags to ban innocent users in almost a hundred different ways. IRCNow was only recently banned by inexperienced Unreal opers who, after giving us express permission to connect with an iline, the following day banned our IPs by accident for being proxies. From personal experience, channel ops have struggled to be able to administer their own channels because of the needlessly complex settings.%0a> %0a29,32c22,33%0a%3c @]%0a%3c %0a%3c A good spam filtering system should work automatically and should not require either admins or users to memorize an endless series of flags.%0a%3c %0a---%0a> %0a> %0a> Most measures to deal with abuse on IRC ban too many innocent users.%0a> %0a> %0a> 16:53 %3c~jrmu> and the blacklist overrode the iline%0a> %0a>  all of which required sysadmins to be geniuses at memorization%0a> 16:52 %3c~jrmu> it didn't feel automatic at all, and required users to memorize a bunch %0a>               of commands%0a> %0a>  %0a36a38,41%0a> 16:55 %3c~jrmu> we have to do something more automatic%0a> 16:57 %3c~jrmu> my plan was more of a long-term project of fixing IRC to make it simpler%0a> 17:00 %3c~jrmu> the other thing you can take a look at BugzBunnyQussale is%0a> 17:00 %3c~jrmu> look at how bad the spam moderation is on freenode%0a
    27. 

  27. host:1612095148=125.224.24.163
    28. 

  28. author:1612093842=jrmu
    29. 

  29. diff:1612093842:1612093758:=35,37c35,42%0a%3c %0a%3c We want a chat platform that normal people can use without reading manuals. We don't want a social network for elitist nerds, we want a social network for the users.%0a%3c %0a---%0a> 16:54 %3c~jrmu> even for usrs%0a> 16:54 %3c~jrmu> even for users%0a> 16:54 %3c~jrmu> it's too confusing%0a> 16:54 %3c~jrmu> it depends what your goal is%0a> 16:54 %3c~jrmu> if you want to make a chat platform that requires nerds read manuals to %0a>               use%0a> 16:54 %3c~jrmu> then inspircd and unreal are fine%0a> 16:55 %3c~jrmu> if you want to make a chat platform that normal people can use%0a
    30. 

  30. host:1612093842=125.224.24.163
    31. 

  31. author:1612093758=jrmu
    32. 

  32. diff:1612093758:1612093183:=5,12c5,6%0a%3c Most networks today use clumsy ways of dealing with spam and ban evasion. They do an IP address lookup and check if the IP is present on [[openbsd/rbldns|an RBL]]. If so, they ban the user. This unfortunately ends up banning a lot of innocent users. Users behind VPNs and tor are often banned, as are users who have bad ISPs.%0a%3c %0a%3c Here are some examples:%0a%3c %0a%3c # Freenode, for example, forces tor users to first register using a non-tor IP (which defeats the purpose of tor)%0a%3c # Users with bad residential ISPs are banned by default because their ISP has a reputation for spam; the entire IP range is placed on a blacklist. If you try to connect to Freenode from such a residential ISP, you are forced to install and authenticate using SASL:%0a%3c %0a%3c [@%0a---%0a> Most networks today use a very simple and clumsy way of banning users. They do an IP address lookup and see if it's in an RBL, and if so they ban the user. This unfortunately ends up banning a lot of innocent users. Users behind VPNs and tor are often banned, as are users who have bad ISPs. For example, some residential ISPs are notorious for harboring spammers. As a result, the entire IP range has been blacklisted. If you try to connect to Freenode from a residential ISP, you are forced to install and authenticate using SASL:%0a> %0a14,16c8,11%0a%3c 16:45 -!- ERROR Closing Link: 10.0.0.1 (SASL access only)%0a%3c @]%0a%3c %0a---%0a> 16:45 -!- ERROR Closing Link: 10.0.0.1.net (SASL access only)%0a> %0a> Some networks outright just ban the IP. So IP blacklists can be too draconian at times. Entire countries can be banned by blacklists simply because an ISP does not work hard to stop spammers and abusers. Too many innocent users will be banned by using existing IRC methods.%0a> %0a18,24d12%0a%3c %0a%3c D 	chanmodes/delayjoin 	Delays someone's JOIN message until that person speaks. Chanops and higher, opers and ulines/services are exempt. 	Requires +o or higher %0a%3c Q 	chanmodes/nokick 	No /KICK allowed. Can be used to force all chanops to use Services for kicking. Unusual, but possible. %0a%3c V 	chanmodes/noinvite 	/INVITE is not permitted. %0a%3c %0a%3c %0a%3c Most measures to deal with abuse on IRC ban too many innocent users.%0a
    33. 

  33. host:1612093758=125.224.24.163
    34. 

  34. author:1612093183=jrmu
    35. 

  35. diff:1612093183:1612092760:=12,17c12,16%0a%3c UnrealIRCd and InspIRCd do not solve spam problems intuitively. They use almost a hundred different flags to ban innocent users in almost a hundred different ways. IRCNow was only recently banned by inexperienced Unreal opers who, after giving us express permission to connect with an iline, the following day banned our IPs by accident for being proxies. From personal experience, channel ops have struggled to be able to administer their own channels because of the needlessly complex settings.%0a%3c %0a%3c %0a%3c 16:53 %3c~jrmu> and the blacklist overrode the iline%0a%3c %0a%3c  all of which required sysadmins to be geniuses at memorization%0a---%0a> 16:51 %3c~jrmu> the main reason I chose this was because I saw unreal and inspircd%0a> 16:51 %3c~jrmu> and I was very very very upset with how they did it%0a> 16:51 %3c~jrmu> they had almost a hundred flags and almost a hundred different ways to %0a>               ban innocent users%0a> 16:52 %3c~jrmu> all of which required sysadmins to be geniuses at memorization%0a19a19,26%0a> 16:52 %3c~jrmu> as we speak we get banned daily by accident by inexperienced unreal opers%0a> 16:52 %3c~jrmu> chatlatinos just banned us yesterday after giving us an iline%0a> 16:52 %3c~jrmu> they expressly gave us permission then banned us anyway%0a> 16:53 %3c~jrmu> they gave us an iline for our zncs%0a> 16:53 %3c~jrmu> and banned us by accident%0a> 16:53 %3c~jrmu> because they were trying to use all these blacklists that they didn't %0a>               understand%0a> 16:53 %3c~jrmu> and the blacklist overrode the iline%0a
    36. 

  36. host:1612093183=125.224.24.163
    37. 

  37. author:1612092760=jrmu
    38. 

  38. diff:1612092760:1612089578:=5,6c5,6%0a%3c Most networks today use a very simple and clumsy way of banning users. They do an IP address lookup and see if it's in an RBL, and if so they ban the user. This unfortunately ends up banning a lot of innocent users. Users behind VPNs and tor are often banned, as are users who have bad ISPs. For example, some residential ISPs are notorious for harboring spammers. As a result, the entire IP range has been blacklisted. If you try to connect to Freenode from a residential ISP, you are forced to install and authenticate using SASL:%0a%3c %0a---%0a> Most networks today use a very simple and clumsy way of banning users. They do an IP address lookup and see if it's in an RBL, and if so they ban the user. This unfortunately ends up banning a lot of innocent users. Users behind VPNs and tor are often banned, as are users who have bad ISPs. For example, jrmu's residential ISP is notorious for harboring spammers. As a result, the entire IP range has been blacklisted. If you try to connect to Freenode from a residential ISP, you are forced to install and authenticate using SASL:%0a> %0a10,11c10,23%0a%3c Some networks outright just ban the IP. So IP blacklists can be too draconian at times. Entire countries can be banned by blacklists simply because an ISP does not work hard to stop spammers and abusers. Too many innocent users will be banned by using existing IRC methods.%0a%3c %0a---%0a> This type of spam filtering is too%0a> %0a> 16:42 %3c~jrmu> freenode banned my entire country%0a> 16:42 %3c~jrmu> so I'm not exactly impressed with their blacklisting%0a> 16:42 %3c~jrmu> they required me to use SASL if I had a domestic IP%0a> 16:42 %3c~jrmu> it's not entirely their fault%0a> 16:42 %3c~jrmu> our country has a ton of spammers%0a> 16:43 %3c~jrmu> and the ISP didn't really do much to fix it%0a> 16:43 %3c~jrmu> that is our ISP provider%0a> 16:43 %3c~jrmu> it wasn't a hard block, it was one that forced you to use SASL to %0a>               authenticate%0a> 16:43 %3c~jrmu> but anyway that's a massive pain%0a> 16:44 %3c~jrmu> if you think about it a more wholistic probability makes more sense anyway%0a> 16:45 %3c~jrmu> I'm trying to connect to freenode right now%0a27,29d38%0a%3c %0a%3c  %0a%3c A more intelligent policy is to consider a user's fingerprints holistically and assign a statistical probability that he might be a spammer.%0a
    39. 

  39. host:1612092760=125.224.24.163
    40. 

  40. author:1612089578=jrmu
    41. 

  41. diff:1612089578:1612087819:=
    42. 

  42. host:1612089578=125.224.24.163
    43. 

  43. author:1612087819=jrmu
    44. 

  44. diff:1612087819:1612086042:=3,11d2%0a%3c !! Motivation%0a%3c %0a%3c Most networks today use a very simple and clumsy way of banning users. They do an IP address lookup and see if it's in an RBL, and if so they ban the user. This unfortunately ends up banning a lot of innocent users. Users behind VPNs and tor are often banned, as are users who have bad ISPs. For example, jrmu's residential ISP is notorious for harboring spammers. As a result, the entire IP range has been blacklisted. If you try to connect to Freenode from a residential ISP, you are forced to install and authenticate using SASL:%0a%3c %0a%3c 16:45 !cherryh.freenode.net *** Notice -- You need to identify via SASL to use this server%0a%3c 16:45 -!- ERROR Closing Link: 10.0.0.1.net (SASL access only)%0a%3c %0a%3c This type of spam filtering is too%0a%3c %0a23a15,20%0a> 16:45 %3c~jrmu> 16:45 !cherryh.freenode.net *** Notice -- You need to identify via SASL %0a>               to use this server%0a> 16:46 -!- Irssi: Pasting 2 lines to #wheel. Press Ctrl-K if you wish to do this or %0a>           Ctrl-C to cancel.%0a> 16:46 %3c~jrmu> 16:45 -!- ERROR Closing Link: 10.0.0.1.net (SASL access %0a>               only)%0a
    45. 

  45. host:1612087819=125.224.24.163
    46. 

  46. author:1612086042=jrmu
    47. 

  47. diff:1612086042:1601865020:=3,68d2%0a%3c 16:42 %3c~jrmu> freenode banned my entire country%0a%3c 16:42 %3c~jrmu> so I'm not exactly impressed with their blacklisting%0a%3c 16:42 %3c~jrmu> they required me to use SASL if I had a domestic IP%0a%3c 16:42 %3c~jrmu> it's not entirely their fault%0a%3c 16:42 %3c~jrmu> our country has a ton of spammers%0a%3c 16:43 %3c~jrmu> and the ISP didn't really do much to fix it%0a%3c 16:43 %3c~jrmu> that is our ISP provider%0a%3c 16:43 %3c~jrmu> it wasn't a hard block, it was one that forced you to use SASL to %0a%3c               authenticate%0a%3c 16:43 %3c~jrmu> but anyway that's a massive pain%0a%3c 16:44 %3c~jrmu> if you think about it a more wholistic probability makes more sense anyway%0a%3c 16:45 %3c~jrmu> I'm trying to connect to freenode right now%0a%3c 16:45 %3c~jrmu> 16:45 !cherryh.freenode.net *** Notice -- You need to identify via SASL %0a%3c               to use this server%0a%3c 16:46 -!- Irssi: Pasting 2 lines to #wheel. Press Ctrl-K if you wish to do this or %0a%3c           Ctrl-C to cancel.%0a%3c 16:46 %3c~jrmu> 16:45 -!- ERROR Closing Link: 10.0.0.1.net (SASL access %0a%3c               only)%0a%3c 16:51 %3c~jrmu> the main reason I chose this was because I saw unreal and inspircd%0a%3c 16:51 %3c~jrmu> and I was very very very upset with how they did it%0a%3c 16:51 %3c~jrmu> they had almost a hundred flags and almost a hundred different ways to %0a%3c               ban innocent users%0a%3c 16:52 %3c~jrmu> all of which required sysadmins to be geniuses at memorization%0a%3c 16:52 %3c~jrmu> it didn't feel automatic at all, and required users to memorize a bunch %0a%3c               of commands%0a%3c 16:52 %3c~jrmu> as we speak we get banned daily by accident by inexperienced unreal opers%0a%3c 16:52 %3c~jrmu> chatlatinos just banned us yesterday after giving us an iline%0a%3c 16:52 %3c~jrmu> they expressly gave us permission then banned us anyway%0a%3c 16:53 %3c~jrmu> they gave us an iline for our zncs%0a%3c 16:53 %3c~jrmu> and banned us by accident%0a%3c 16:53 %3c~jrmu> because they were trying to use all these blacklists that they didn't %0a%3c               understand%0a%3c 16:53 %3c~jrmu> and the blacklist overrode the iline%0a%3c 16:54 %3c~jrmu> even for usrs%0a%3c 16:54 %3c~jrmu> even for users%0a%3c 16:54 %3c~jrmu> it's too confusing%0a%3c 16:54 %3c~jrmu> it depends what your goal is%0a%3c 16:54 %3c~jrmu> if you want to make a chat platform that requires nerds read manuals to %0a%3c               use%0a%3c 16:54 %3c~jrmu> then inspircd and unreal are fine%0a%3c 16:55 %3c~jrmu> if you want to make a chat platform that normal people can use%0a%3c 16:55 %3c~jrmu> we have to do something more automatic%0a%3c 16:57 %3c~jrmu> my plan was more of a long-term project of fixing IRC to make it simpler%0a%3c 17:00 %3c~jrmu> the other thing you can take a look at BugzBunnyQussale is%0a%3c 17:00 %3c~jrmu> look at how bad the spam moderation is on freenode%0a%3c 17:00 %3c~jrmu> they basically had to force every channel to +R%0a%3c 17:00 %3c~jrmu> that costs freenode a lot of users%0a%3c 17:00 %3c~jrmu> the blacklisting by ip model is just not that great, in my opinion%0a%3c 17:01 %3c~jrmu> it's not necessarily freenode's fault but when you have a big network %0a%3c               with >50,000 users and determined attackers%0a%3c 17:01 %3c~jrmu> you need a more intelligent approach to spam%0a%3c 17:01 %3c~jrmu> something probabilistic%0a%3c 17:08 %3c~jrmu> our network right now if I had to be honest with you%0a%3c 17:08 %3c~jrmu> is much more primitive than other networks%0a%3c 17:08 %3c~jrmu> because almost everything will be coded from new%0a%3c 17:09 %3c~jrmu> My philosophy is ``the sculptor can more easily carve a fair statue from %0a%3c               a rough block, than from the block which has been badly shaped out by %0a%3c               another''%0a%3c %0a%3c %0a%3c %0a%3c 16:41 %3c~jrmu> but basically the idea is to assign a spam probability score%0a%3c 16:41 %3c~jrmu> based on a large combination of factors like whether SSL is enabled, %0a%3c               whether ident is enabled, whether rdns matches fcdns%0a%3c 16:41 %3c~jrmu> whether the IP is on a blacklist, whether the irc client replies to CTCP %0a%3c               and whois requests%0a
    48. 

  48. host:1612086042=125.224.24.163
    49. 

  49. author:1601865020=jrmu
    50. 

  50. diff:1601865020:1601865020:=1,2d0%0a%3c Statistical Open Proxy Monitor (STOPM)%0a%3c %0a
    51. 

  51. host:1601865020=38.81.163.143
    52. 

  52.