Fighting spam on freenode

Sunday 5 August 2018

The Freenode IRC network (and I guess others) are under an aggressive spam attack these days. I’ve learned a lot more about Freenode modes in order to help defend against the spam. This is my understanding of the tools and techniques. Corrections welcomed!

IRC is a great way to connect with other people, but it is arcane and poorly documented. How IRC networks are configured and maintained is not standardized. The details here are for Freenode. I have no idea how much of this applies to other networks.

When a user connects to Freenode, they can use a registered nick (nickname), or an unregistered one. Registering is also called “identifying with services,” meaning you have presented your password to the IRC service. Here’s how to register your nick if you haven’t yet: Nickname Registration. The spam bot constantly changes nicks, but doesn’t use registered nicks, so the defense is all based on preventing what unregistered nicks can do.

The main concept for configuring IRC is “modes”. These are single-letter flags that can be applied to users and channels. The modes are different for each: User Modes, and Channel Modes.

The modes you can set depend on whether you are a channel operator, or just a regular user.

For regular users: the spam bot will send you private messages unless you give yourself the +R mode, which means that only registered nicks can send you private messages. To apply this to yourself, use this command in your IRC client (replace “your_nick” with your nick):

# Stop unregistered nicks from PMing me
/mode your_nick +R
# What are my current modes?
/mode your_nick

For channel operators: you have a few options for how to defend your channel. I think the first option is the best.

  • You can allow unregistered nicks to join, but prevent them from speaking with +q. This flag takes an argument which is the pattern of user to quiet. “$~a” means anyone who is unregistered:
  • # Unregistered nicks will be quieted in #your_channel
    /mode #your_channel +q $~a
    # See the list of quieted user patterns
    /mode #your_channel +q
  • If you use +q, but have unregistered bots that you want to be able to talk in your channel, you can exempt them with +e:
  • # Your bot will be able to talk
    /mode #your_channel +e $a:your_bot_nick
    # See the list of exempted user patterns
    /mode #your_channel +e
  • You can completely prevent unregistered nicks from joining your channel with +r:
  • # Only registered nicks can join #your_channel
    /mode #your_channel +r
    # See the list of channel modes
    /mode #your_channel
  • If for whatever reason you cannot stop unregistered nicks from talking in your channel, then you will get spam messages. You can still help defend by inviting freenode’s Sigyn bot into your channel. The bot kills spammers when they send their first message. Invite it like this:
  • # Invite the freenode spam fighting bot
    /invite Sigyn #your_channel

Comments

[gravatar]
Julien 11:50 PM on 5 Aug 2018

On #python-fr we tested various techniques:

Day 1 we tested the +r mode (block unidentified) which looks a lot like +q $~a, and soon we added a +f #python-fr-unregistered to warmly welcome unregistered users. It works well but still not very welcoming.

Day 2 we tested a +mz mode (+m is moderated: Only voiced can speak, +z is "reduced moderation" : Ops can see unvoiced people speak), with a bot to auto-voice humans after a short period of no-spamming (typical human behavior), and a bot to kick spammers using blacklists. This combination works really well: Humans are all voiced automaically and speak freely, they don't see spammers as they send spam and be kicked BEFORE being voiced. It just take the "kick bot" to be op to see the spammers.

Day 3 we kept +mz mode, but dropped our auto-kick bot and invited Sigyn. Sigyn is better than a channel-local bot : when Sigyn kills, it's for the whole network, not just the channel, so by using Sigyn one contribute to the whole blacklisting of spammers.

We like the +mz plus Sigyn option: it make spam completly invisible to users and it make us contribute to the blacklist!

[gravatar]
Andrew 5:35 AM on 6 Aug 2018

thanks, i just searched for "freenode spam personal message" and this was the top result. hopefully that's all i needed

Add a comment:

Ignore this:
Leave this empty:
Name is required. Either email or web are required. Email won't be displayed and I won't spam you. Your web site won't be indexed by search engines.
Don't put anything here:
Leave this empty:
URLs auto-link and some tags are allowed: <a><b><i><p><br><pre>.