Manual for ircd

This setting can only be used to impose a shorter length. The default is and the maximum is Specifies the number of channels a single user may be in at any one time. IRCOps are exempt from this restriction. Specifies the prefix characters for services "in channel commands". This will be especially noticeable if you use a strict setting like ascii , but may also happen for some channels if you use utf8.

This problem will disappear once all of your servers are on UnrealIRCd 5. The alternative is to run with a setting of any during the transition, and then once everything is on UnrealIRCd 5, switch over to utf8. However, it is easy to forget about that last step. By default this only shows the nick of the person who set the topic. If you set this option to nick-user-host then it will show the nick! This is a very common thing to do. This is a little help against D DoS attacks because evil people now no longer can easily see the 'weak points'.

If present the presence of an identd server will be checked and the returned value will be used for the username. If this value is omitted no such check is made. If present notices showing "ident request", "hostname lookup", etc. Don't do any resolving DNS lookups on users that connect. This can be useful if many of your users don't have a host, to speed up connecting. Note that this also means you cannot have host-based allow blocks. This makes it very easy to accidentally ban everyone on your network, so use with great care!

Note that this makes SASL and various other features unavailable or harder for clients to use. Specifies the name of the network on which this server is run.

This value should be exactly the same on all servers on a network. The default IPv6 clone detection mask. See allow::ipv6-clone-mask. The default value for this setting is Specifies the name of the server that the services bots are connected to.

See also Services. Sets the name of the server on which the stats bot is located. If stats are not run this value may be left out.

Sets the name of the server to which SASL authenticate messages should be sent. This sets the method to use when cloaking a user. The default is host which will use hostname-based cloaking and fallback to IP-based if no host is available.

This results in a XX. IP cloaked host which provides more anonymity. UnrealIRCd has a feature called Cloaking. ALL servers on the same network must use the same keys and they must be kept secret. Each key consists of characters, the characters should contain a mixture of: lowercase a-z , uppercase A-Z and digits. This is usually three or four letters representing the network name. Linked servers must have the same hidden-host prefix for channel bans to function properly.

Specifies the filename where the server's SSL certificate is located. The default is server. Specifies the filename where the server's SSL private key is located.

Specifies the filename where the certificates of the trusted CAs are located. The default is curl-ca-bundle. Prefix the protocol with a - minus sign to remove it. See TLS Ciphers and protocols for more information and suggestions on a good setting.

Specifies which ciphers to be allowed for TLSv1. Specifies which ciphersuites to allow for TLSv1. See TLS Ciphers and protocols for more information.

Forces clients that do not have a certificate to be denied. This would be an unusual setting to enable. This option does not provide any security. A user can simply generate a client certificate and use it to connect, no verification is done.

It is used for set::outdated-tls-policy. The default setting is "TLSv1. This is, however, an extremely uncommon configuration. An action of allow will allow the operation. The warn action will make the server send a warning notice. To decide which protocol and ciphers are considered outdated, the set::tls::outdated-protocols and set::tls::outdated-ciphers settings are used.

The default is 30 which is a safe value for everyone. Be careful if drastically lower this. DNS lookups, ident lookups and the handshake may take more time than you may think in some cases. You can probably set this to a value like 20 if you like. However, if you set this setting too low then you risk locking everyone out when for example your DNS server is a little slow eg: under attack.

The maximum time for SASL to take place. The default is 15 seconds. Otherwise, a misbehaving server could lead to people no longer being able to connect. Example: default-bantime 90d. The default is no default unsettime. The default setting is 75 seconds. You can specify an alternative time in seconds eg: , or by timespec eg: 2m. This feature does not take into account users reconnecting to another server in the network if a server dies or is restarted, as is frequently seen in the case of DNS RR.

But at least it partially mitigates the server reboot effect. The downside of this setting is that if a server is restarted in the middle of a drone attack , then when it is booted up again, drones would be able to bypass limits for the specified amount of time. If set to yes or '1' it replies 'invite only' to any normal users that try to join the virus-help-channel. This can be single target or comma separated list..

Ex: except " help, spamreport". See also Spamfilter Slow Spamfilter Detection. If so, do not allow the nickchange. Default is yes. When a client connects, send a "ping cookie" consisting of a random string that the client should respond with. All clients should cope with this and do so without bothering the user. Ping cookies are a security measure.

It also helps against TCP spoofing on very old operating systems. This limits the number of targets in a command. These imposed protocol limits apply to everyone, including opers. This allows you to specify which channels should be hidden from list. Right now it only supports one option: deny-channel. UnrealIRCd limits the number of connections per IP that are in an "unknown" state, that is: connections that are in a handshake.

This is a security setting and it defaults to 3. Only in very rare circumstances this may need to be adjusted. For example if you have hundreds of users coming from the same IP. You can change this to have bans placed on user ip. This can be useful if you have some unusual amount of trust in idents ;. This can be very useful if you have blacklist blocks , so DNSBL checking can finish before allowing the user in. You could set it slightly higher if your DNSBL checking is slow but for most people the default should be perfectly fine.

Values of 10 or more are not permitted. This allows you to change the messages that are sent to a user when their connection is rejected. This shows the defaults:. The message is only sent to the affected user and is not seen by other users or IRCOps. In both of these configuration items ::kline and ::gline the following variables are available:.

The antimixedutf8 module will detect and stop spam containing of characters of mixed "scripts", where for example some characters are in Latin script and other characters are in Cyrillic script. The reputation module provides reputation scores of users. This score can then be used by various modules to counter abuse.

In this example we refer to a secret block called reputationdb :. The tkldb module saves all TKLs kline, gline, spamfilter, etc to a database file so these are preserved accross server restarts. In this example we refer to a secret block called tkldb :. These are all stored in a database file so these are preserved accross server restarts.

In this example we refer to a secret block called channeldb :. The set::connthrottle settings are documented at the Connthrottle page. Configure settings related to Channel history. Note that these are separate things: only a few lines of history are shown on-join, many more lines can be fetched via the HISTORY command and possibly other commands in the future. This means channel history is preserved across IRCd restarts.

To enable this you need to create a Secret block like this:. This has an effect on ALL channels, not just the one that imposed the restrictions eg: the QUIT reason loses color or is censored for all. We feel this is the best tradeoff and this is the default setting of no. You can also set this setting to yes. The channel s with the changed comment see the user PARTing, and on all other channels that do not have the restrictions eg: are -S and -G they will see the user QUITting with the original message.

When someone accidentally types irc. Note that this is mostly a gimmick rather than something terribly useful. For this to work, the IRC server needs to listen on ports and 80 more information about that here!

The IRCd may add automatic bans, for example due to a blacklist hit , a spamfilter hit , or because of antirandom or antimixedutf8. When it does, on what should the ban be placed:. That will start the ircd. Test it by connecting to your server.

Installing the cronjobs needed Cron is the system scheduled jobs manager. We generally run 3 jobs to help maintain the ircd. To edit the cron list, login with the account on which you want the scheduled jobs to run under, and run:. This script is include in the source nefarious2 was created when cloning the git repository to your server. I all goes well you can verify that the script is functional by running the following command:.

If you would like to learn more about iauth please visit our GitHub Wiki. Quick Links. Search Forums. Show Threads. Show Posts. The ircd is a server in that its function is to "serve" the client program irc 1 with messages and commands. The configuration format of logs is designed to be easily pluggable, and is inspired by the logging config provided by InspIRCd.

Passwords for both PASS and oper logins are stored using bcrypt. To generate encrypted strings for use in the config, use the genpasswd subcommand as such:. With this, you receive a blob of text which you can plug into your configuration file.

Ergo relies heavily on user accounts to enable its distinctive features such as allowing multiple clients per nickname. Once you have done so, you should enable SASL in your clients , ensuring that you will be automatically logged into your account on each connection.

This will prevent problems claiming your registered nickname. After this, your channel will remember the fact that you're the owner, the topic, and any modes set on it! Skip to content. Star 1. MIT License. Branches Tags. Could not load branches. Could not load tags. Latest commit. Git stats 4, commits.