From f9bbeaa6ca17d9980f3d84f2b8a8b4edddb1509f Mon Sep 17 00:00:00 2001 From: Bram Matthys Date: Sun, 28 Apr 2019 12:12:53 +0200 Subject: [PATCH] [nopost] Send these harmless kill messages to the junk snomask. Nowadays these are pretty much never proxy attacks. Only scanners and crawlers trying HTTP commands on IRC connections.. which isn't even that weird anymore since people tend to open up port 443 for SSL/TLS IRC to bypass firewall restrictions. --- src/modules/m_nopost.c | 10 ++++------ 1 file changed, 4 insertions(+), 6 deletions(-) diff --git a/src/modules/m_nopost.c b/src/modules/m_nopost.c index b25ac629f..bcdf389d3 100644 --- a/src/modules/m_nopost.c +++ b/src/modules/m_nopost.c @@ -83,7 +83,7 @@ static void init_config(void) { memset(&cfg, 0, sizeof(cfg)); /* Default values */ - cfg.ban_reason = strdup("HTTP command from IRC connection (ATTACK?)"); + cfg.ban_reason = strdup("HTTP command from IRC connection"); cfg.ban_action = BAN_ACT_KILL; cfg.ban_time = 60 * 60 * 4; } @@ -216,14 +216,12 @@ CMD_FUNC(m_nopost) { if (MyConnect(sptr) && !is_except_host(sptr)) { - /* We send a message to the ircops if the action is KILL, because otherwise - * you won't even notice it. This is not necessary for *LINE/SHUN/etc as - * ircops see them being added. + /* BAN_ACT_KILL requires special handling because otherwise it would + * not be seen at all. */ if (cfg.ban_action == BAN_ACT_KILL) { - sendto_realops("[m_nopost] Killed connection from %s", GetIP(sptr)); - ircd_log(LOG_CLIENT, "[m_nopost] Killed connection from %s", GetIP(sptr)); + sendto_snomask(SNO_JUNK, "[m_nopost] Killed HTTP connection from %s", GetIP(sptr)); } return place_host_ban(sptr, cfg.ban_action, cfg.ban_reason, cfg.ban_time); }