PHP Protective Service Prospective Rules
Posted: Mon Dec 01, 2003 3:43 pm
Hi readers,
For those who rember, i've taken the task of creating a fully TS compliant PHP server. I'm at a stage where I can start developing the security module in hope to address some problems we've recieved on our 4-server network. Due to being a PHP-only coder, I can't modify any other services such as OperServ, BOPM, etc etc so i've decided to port all the useful features that we use from the services into a script that i'm able to edit and change.
I'm really asking apon anyone who has had any problems running a IRCD/Channel if they could submit possible cures to everyday situations faced by running a popular server, such as clones, floods, drones, etc.
I will then hope to include this into the script, and release as a project.
So far, basic brainstorming has given me the following ideas (sorry for the form its written in...)
1) Check for x name changes in x seconds by x users
2) Check for multiple repeats in main channels. +mi -v *
3) Check for x connects in x seconds
4) Check for similar (by percentage?) USER params and/or idents
5) Check for similar hosts (see 6)
6) Scan well known proxy ports or predefined ports
7) Create custom sendq's and maxsendq's for main channels and inforce. (see 7b)
7b) If flood < sendqmax BUT > sendq KB else kill/kline
8) Hold current USERHOST list in DB every 10 mins. On activation, kill all not matching hosts (see 8b)
8b) Once "USERLIST" activated, kill all connecting clients untill flood has been delt with.
9) Kill users that are in more than x channels (NOT OPERS!)
10) Check for x JOINS/PARTS in x seconds
11) Kill users matchin pattern (*!????@*)
Some of these may seem drastic, but I emphasise that this is a local server, for local people (;)) and if anything, it will come in use to whoever uses it (be it for a single-IRCd "network").
If anything, just reply with how great I look in these shoes... or comment on any of the above rules :)
-Damien
For those who rember, i've taken the task of creating a fully TS compliant PHP server. I'm at a stage where I can start developing the security module in hope to address some problems we've recieved on our 4-server network. Due to being a PHP-only coder, I can't modify any other services such as OperServ, BOPM, etc etc so i've decided to port all the useful features that we use from the services into a script that i'm able to edit and change.
I'm really asking apon anyone who has had any problems running a IRCD/Channel if they could submit possible cures to everyday situations faced by running a popular server, such as clones, floods, drones, etc.
I will then hope to include this into the script, and release as a project.
So far, basic brainstorming has given me the following ideas (sorry for the form its written in...)
1) Check for x name changes in x seconds by x users
2) Check for multiple repeats in main channels. +mi -v *
3) Check for x connects in x seconds
4) Check for similar (by percentage?) USER params and/or idents
5) Check for similar hosts (see 6)
6) Scan well known proxy ports or predefined ports
7) Create custom sendq's and maxsendq's for main channels and inforce. (see 7b)
7b) If flood < sendqmax BUT > sendq KB else kill/kline
8) Hold current USERHOST list in DB every 10 mins. On activation, kill all not matching hosts (see 8b)
8b) Once "USERLIST" activated, kill all connecting clients untill flood has been delt with.
9) Kill users that are in more than x channels (NOT OPERS!)
10) Check for x JOINS/PARTS in x seconds
11) Kill users matchin pattern (*!????@*)
Some of these may seem drastic, but I emphasise that this is a local server, for local people (;)) and if anything, it will come in use to whoever uses it (be it for a single-IRCd "network").
If anything, just reply with how great I look in these shoes... or comment on any of the above rules :)
-Damien