1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
|
/*
* InspIRCd -- Internet Relay Chat Daemon
*
* Copyright (C) 2007 Dennis Friis <peavey@inspircd.org>
* Copyright (C) 2007 Robin Burchell <robin+git@viroteck.net>
* Copyright (C) 2006-2007 Craig Edwards <craigedwards@brainbox.cc>
*
* This file is part of InspIRCd. InspIRCd is free software: you can
* redistribute it and/or modify it under the terms of the GNU General Public
* License as published by the Free Software Foundation, version 2.
*
* This program is distributed in the hope that it will be useful, but WITHOUT
* ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or FITNESS
* FOR A PARTICULAR PURPOSE. See the GNU General Public License for more
* details.
*
* You should have received a copy of the GNU General Public License
* along with this program. If not, see <http://www.gnu.org/licenses/>.
*/
#include "inspircd.h"
class ModuleSecureList : public Module
{
std::vector<std::string> allowlist;
time_t WaitTime;
public:
void init() CXX11_OVERRIDE
{
OnRehash(NULL);
Implementation eventlist[] = { I_OnRehash, I_OnPreCommand, I_On005Numeric };
ServerInstance->Modules->Attach(eventlist, this, sizeof(eventlist)/sizeof(Implementation));
}
Version GetVersion() CXX11_OVERRIDE
{
return Version("Disallows /LIST for recently connected clients to hinder spam bots", VF_VENDOR);
}
void OnRehash(User* user) CXX11_OVERRIDE
{
allowlist.clear();
ConfigTagList tags = ServerInstance->Config->ConfTags("securehost");
for (ConfigIter i = tags.first; i != tags.second; ++i)
allowlist.push_back(i->second->getString("exception"));
WaitTime = ServerInstance->Config->ConfValue("securelist")->getInt("waittime", 60);
}
/*
* OnPreCommand()
* Intercept the LIST command.
*/
ModResult OnPreCommand(std::string &command, std::vector<std::string> ¶meters, LocalUser *user, bool validated, const std::string &original_line) CXX11_OVERRIDE
{
/* If the command doesnt appear to be valid, we dont want to mess with it. */
if (!validated)
return MOD_RES_PASSTHRU;
if ((command == "LIST") && (ServerInstance->Time() < (user->signon+WaitTime)) && (!user->IsOper()))
{
/* Normally wouldnt be allowed here, are they exempt? */
for (std::vector<std::string>::iterator x = allowlist.begin(); x != allowlist.end(); x++)
if (InspIRCd::Match(user->MakeHost(), *x, ascii_case_insensitive_map))
return MOD_RES_PASSTHRU;
/* Not exempt, BOOK EM DANNO! */
user->WriteNotice("*** You cannot list within the first " + ConvToStr(WaitTime) + " seconds of connecting. Please try again later.");
/* Some crap clients (read: mIRC, various java chat applets) muck up if they don't
* receive these numerics whenever they send LIST, so give them an empty LIST to mull over.
*/
user->WriteNumeric(321, "%s Channel :Users Name",user->nick.c_str());
user->WriteNumeric(323, "%s :End of channel list.",user->nick.c_str());
return MOD_RES_DENY;
}
return MOD_RES_PASSTHRU;
}
void On005Numeric(std::map<std::string, std::string>& tokens) CXX11_OVERRIDE
{
tokens["SECURELIST"];
}
};
MODULE_INIT(ModuleSecureList)
|