Hello all,
we've had another wave of spambot attachs in #cockpit last night and this morning. They keep coming every few weeks. Today's one was mild, but the previous one was quite unbearable (dozens of really offensive lines every minute). When they happen, there's no defence, as the traditional /kickban does not work against botnets with wildly different IP addresses.
Therefore I propose to do what many other Freenode channels have done years ago and restrict #cockpit to registered Freenode users. In technical terms, set channel mode +M [1].
Any objections? Is anyone in the team currently not registered with Freenode?
Thanks,
Martin
On Wed, Aug 1, 2018 at 2:03 AM Martin Pitt mpitt@redhat.com wrote:
Hello all,
we've had another wave of spambot attachs in #cockpit last night and this morning. They keep coming every few weeks. Today's one was mild, but the previous one was quite unbearable (dozens of really offensive lines every minute). When they happen, there's no defence, as the traditional /kickban does not work against botnets with wildly different IP addresses.
Therefore I propose to do what many other Freenode channels have done years ago and restrict #cockpit to registered Freenode users. In technical terms, set channel mode +M [1].
Any objections? Is anyone in the team currently not registered with Freenode?
If you go this route, please add content to the https://github.com/cockpit-project/cockpit/wiki/About page to tell people which hoops they need to jump through in order to be able to access the channel or you're going to be locking out new potential users and contributors.
Hello Stephen,
Stephen Gallagher [2018-08-01 7:56 -0400]:
If you go this route, please add content to the https://github.com/cockpit-project/cockpit/wiki/About page to tell people which hoops they need to jump through in order to be able to access the channel or you're going to be locking out new potential users and contributors.
Done, thanks for pointing out!
Pitti
Hello again,
Martin Pitt [2018-08-01 8:01 +0200]:
Therefore I propose to do what many other Freenode channels have done years ago and restrict #cockpit to registered Freenode users. In technical terms, set channel mode +M [1].
+r actually for Freenode, sorry [1].
As the spamming still keeps going on, I now made these modifications:
- #cockpit is now restricted to registered users (+r) - #cockpit now does not appear in the global channel list any more (-s) - trying to join #cockpit as an unregistered user redirects to the new ##cockpit-unregistered, whose topic says:
You need to be a registered Freenode user to join #cockpit. Please register by following the instructions at http://freenode.net/kb/answer/registration
[1] https://freenode.net/kb/answer/channelmodes
Please speak up if this causes trouble for anyone.
Thanks,
Martin
Hello again,
Martin Pitt [2018-08-01 14:29 +0200]:
- #cockpit is now restricted to registered users (+r)
I removed the flag again. The current spam wave uses authenticated users, so this doesn't help. And some people have trouble joining.
At least we now have the redirect in place, so we can quickly turn +r back on when the next spam wave happens (the previous ones were unauthenticated).
Martin
cockpit-devel@lists.fedorahosted.org