- Target change system: this defeats spambots which hop from channel to channel spamming a set message. Additionally, the target change system can also defeat the spambots which attempt to private message many users.
- DNSBL (blacklist) scanning is now performed by the IRCd, so flood drones that are using blacklisted proxies will now not have any chance of joining channels before they are removed from the network.
- The join throttle channel mode can prevent large numbers of drones from join-flooding a channel.
- The CTCP blocking channel mode can eliminate CTCP exploits and CTCP spam sent to channels.
Services account name stored in IRCd
The services account name for logged-in users is stored in the IRCd and is shown in the WHOIS output. This also allows us to restart services without forcing everyone to re-identify.
The extended ban system
The EXTBAN system allows channel operators to set bans, invite exemptions, quiets, etc. based on the registered services account name, which other channels the user has joined, whether they have access to other specified channels, amongst other parameters. See the Charybdis documentation about extbans for more information.
|+C||Block CTCP: All CTCPs (except for ACTION, which is /me) are blocked.|
|+c||No color. All color codes in messages are stripped. This is different as it allows color-stripped messages through instead of blocking them.|
|+z||Op moderated: messages that would normally be blocked by +m, +b, and +q are instead sent to the channel operators only.|
|+F||Free target: Any channel may forward users to this channel.|
|+Q||Disable forward: Channels may not forward users to this channel.|
|+P||Permanent: This channel is permanent; it will not be automatically destroyed when it is empty. Only IRC operators can set this channel mode.|
|+L||Large ban list: Extends the size of the channel's ban, invite, and quiet lists. Only IRC operators can set this channel mode.|
|+f <#channel2>||Forward. Forwards users who cannot join because of +i, +j, +l or +r modes set on the channel. Whoever cannot join the channel with the forward set on it, gets pushed into the forwarding channel (e.g #channel2)|
|+j <count:time>||Join throttle: Limits the number of clients that may join in a period of time. e.g "+j 3:10": 3 users can join in 10 seconds, any additional users will be unable to join until the 10 second count has elapsed.|
|+q <hostmask>||Quiet: Silence a user without banning them or voicing everyone else and setting +m. The behavior of +q is slightly different than +m: users affected by a +q are also unable to change nick.|
|+n||No external messages. Only channel members may talk in the channel.|
|+t||Ops Topic. Only opped (+o) users may set the topic.|
|+s||Secret. Channel will not be shown in /whois and /list etc.|
|+p||Private. Disables /knock to the channel.|
|+m||Moderated. Only opped/voiced users may talk in channel.|
|+i||Invite only. Users need to be /invite'd or match a +I to join the channel|
|+r||NickServ Registered users only. Only users identified to services may join|
|+g||Free invite. Everyone may invite users. Significantly weakens +i control.|
|+k <key>||Key. Requires users to issue /join #channel KEY to join.|
|+l <limit>||Impose a maximum number of LIMIT people in the channel.|
|+v <nickname>||Voice. Allows a user to talk in a +m channel. Noted by +nick.|
|+o <nickname>||Op. Allows a user full control over the channel.|
|+b <hostmask[$#channel]>||Ban. Prevents a user from entering the channel, and from sending or changing nick if they are on it, based on a nick!ident@host match. If a target channel is specified, any joins under the hostmask will be forwarded to the target channel.|
|+e <hostmask>||Exempt. Allows a user to join a channel and send to it even if they are banned (+b) or quieted (+q), based on a nick!ident@host match.|
|+I <hostmask>||Invite Exempt. Allows a user to join a +i channel without an invite, based on a nick!user@host match.|
|+T||Block notices. Any notices sent to the channel will be blocked.|
|+Q||Prevents you from being forwarded to another channel|
|+R||Registered user callerID: Prevents people that are not registered with services from messaging you.|
|+i||Designates this client 'invisible'|
|+g||"caller id" mode only allow accept clients to message you|
|+w||Can see oper and server wallops.|
|+o||Designates this client is an IRC Operator.|
|+D||Deaf - ignores all channel messages.|
|+Z||Identifies you as being connected via SSL (cannot be set or unset)|
Extended bans (ban conditionals) allow different checks than the usual nick!user@host or nick!user@ip match to determine whether someone should be banned, quieted, exempted or invited.
Extended bans are of the form $[~]<type>[:<data>]. The <type> is one character (case insensitive) and determines the type of match. Most types allow or require an extra field <data>. If the tilde (~) is present, the result of the comparison will be negated, unless the ban is invalid in which case it will never match. Invalid bans are ones where <data> is missing but required or where <data> is otherwise invalid as noted below.
Unless noted below, all types can be used with +b, +q, +e and +I.
|$a||Matches all logged in users|
|$a:<mask>||Matches users logged in with a services account name matching the mask (* and ? wildcards)|
|$c:<chan>||Matches users who are on the given channel; this is only valid if the channel exists and is not +s or +p. (The ops of the channel the ban is on cannot necessarily see whether the user is in the target channel, so it should not influence whether they can join either.)|
|$o||Matches opers (most useful with +I)|
|$r:<mask>||Matches users with a realname (gecos) matching the mask (* and ? wildcards); this can only be used with +b and +q|
|$s:<mask>||matches users connected to a server matching the mask (* and ? wildcards); this can only be used with +b and +q|
|$j:<chan>||matches users who are or are not banned from a specified channel|
|$x:<mask>||Bans all users with matching nick!user@host#gecos|
|$z||Matches all SSL users|
The Ident Protocol, specified in RFC 1413, is an Internet protocol that helps identify the user of a particular TCP connection. Due to the increasing number of users connecting from shared shell hosting accounts, we have decided to enable this feature on EsperNet.
Upon connecting to EsperNet, the ircd will attempt to connect to an Ident server on the connecting host. If available, it will query the Ident server for the owner of the IRC connection, this information will then be used as the User portion of the hostmask. If the ircd cannot obtain Ident information, it will instead use the supplied username (supplied by the IRC client) prefixed with the tilde character '~'. For example, our fictional user 'Esper' who is running an Ident server will have the following hostmask:
The same user, but without the Ident server:
This makes it possible to selectively target individual users of a shared shell account, provided that the shell provider has an Ident server running (which they normally will have); as the Ident response cannot normally be altered by the user.
It is important to note that the addition of the ~ prefix affects the way channel bans are set. Esperfirstname.lastname@example.org and Esperemail@example.com are two different hostmasks.