I suggested some sort of spam-filter being built into the next version of Bahamut to Kobi Shmueli during our conversation last week. A problem that arose was that it would be moderating IRC, which is what DALnet is not aiming on doing. However, I was trying tothink of a new solution and came up with a list of defined phrases in a centralized location, so that all IRC servers on the network canaccess the same file, and a spam-filter module on the IRC daemon, if a user says a phrase that matches a phrase listed in the filethen it sends a global warning to all operators, or operators on the server that the user is connected to warning them of a possiblespammer. This wouldn't be considered moderating IRC, it is just giving IRC operators on the network an aid to work on combattingthe problem of spam and advertising on the network.
My original suggestion was when a user says a phrase that matches a phrase listed in the file then the user gets auto-killed off thenetwork. The problem with this would be quite a quantity of innocent users would be getting auto-killed from the network, whichat the end of the day is only creating more work than is currently needed.
However, James I like you're suggestion, it is similar (yet a bit more complex) than mine. I definitely think that a solution like eithermine or yours has to be implemented on DALnet sometime soon, spam and advertising is very high on the network, which is notunusual for such a large network like DALnet, but at the same time, something should be done to combat it, for the users.
Regards.
On 1 May 2009, at 02:03, James Hess wrote:
It would be easier but there are a lot of users who don't have a registered
nick and probably don't want one either. They just want to chat and we
shouldn't take that away from them.
-Kobi_S.

Yes, and they have friends to who they may want to talk with. Blocking
those messages by default may hurt a lot of people. I suggest making a
 +S   mode for spamfilter. Which will block messages  based on a list
of flexible criteria,  and based on the user's  "history",  i.e.
reputation of their ip address.

The problem is this reputation can't merely be stored on one server,
all servers need immediate access to it;  it needs to apply to all the
IP address' IRC sessions, and needs to persist, even if they reconnect
(otherwise spammers will /reconnect to  reset their reputation).

And exempt registered, identified users get excluded from being blocked
based on 'reputation'.   A database of IP addresses should be held on
the servers to reflect on  the "reputation"  of a  non-registered
user's  IP.

I suggest a RDBM be used here.    When a user connects, IRCD makes an
asynchronous DB request for the  IP address's "reputation"  data;
which is then cached somewhere in their user  structure  and re-synced
at random (but long)  intervals.

As long as their IRC session is still open there should be a 'session'
entry in the database, and a separate "persistent" entry.    When an
IRC session is closed, and at prescribed intervals, the "persistent"
entry is updated  and session stats are cleared.
The user's stats at any moment are the sum of all 'session' stats and
the persistent stats.




DB Performance  would need careful consideration.
Possible elements of reputation score:

x  How old is the reputation info?  (old info is meaningless)
x  How many total private /MSG  commands has the IP issued in the past 72 hours?
x  How many did they receive from users of high reputation (and
identified users), and what's the  SENT:RECEIVED ratio?   (People that
get a lot of messages are conversing, not spamming)
x  Other commands to track usage on:  private /NOTICE, /JOIN, /INVITE
x  After removal of color codes and non-printables:
 x    How many /MSGs   did the user send that contain  "http://"  in them?
 x  How many /MSGs   did the user send that contain  "//"  in them?
 x  How many /MSGs   did the user send that contain "/eval"  in them?
 x How many /MSGs   did the user send that contain "/join"  in them?
 x How many /MSGs   did the user send that contain "/server"  in them?
x  How many /MSGs did the user send that were blocked?

I suggest adding a /REPORTSPAM  <nick>
command   which increments a  "spam reported"  reputation counter
and effects their reputation score.

But if the target has not sent a private /MSG/NOTICE/INVITE in the
past 2 minutes, or
recipient had not received a private /MSG/NOTICE/INVITE from anyone
since their last
/REPORTSPAM, the reporter's reputation is penalized with a  "bad
report" count  (negating all further spam reports from the ip for 24
hours).


--
-J
_______________________________________________
DALnet-src mailing list
DALnet-src@lists.dal.net
https://lists.dal.net/mailman/listinfo/dalnet-src