Surviving A Botswarm - A User's Guide

2014-07-18 21:58 EDT

So yeah. irc.perl.org has been under a sustained bot incursion for a few days now. The network opers are actively working the problem the best we can. At the end of the day, though, with the existence of cheap instant virtual machines and the wonderful world of Tor, this sort of incident is difficult to stop completely.

(For the record, I don't view this as an attack. Near as I can tell, this is one kid getting his jollies by occasionally spamming channels. This thing is mostly automated except when he gets bored and tries to taunt me with rainbow colors. Which, incidentally, is why hereafter this person will be known as The Rainbow Warrior.)

Anyway, I don't really want to talk about bored 14 yr olds.


Let's talk instead about what you can do to survive a botswarm.

First, set your client to ignore joins, parts, quits, and maybe modes. In irssi, that command is "/ignore * JOINS PARTS QUITS MODES". I have this set in my client in most channels, particularly the quiet ones. It cuts the noise significantly.

Some clients provide a function to ignore nick changes as well. In irssi, add NICKS to that command above. I don't recommend this in normal use but right now, with bots that change nicks constantly, it might be a good idea.

Second, figure out how to make your irc client strip color codes. If you're an adult hanging out with adults, chances are you forgot you could do color in irc. It's safe to strip out and unless you're making a foray to the wonderful land of Dalnet, you'll never miss it. (I'd give you the irssi command but I don't know it yet. If you know, clue me in and I'll update this.)

Third, ignore CTCP. (Add CTCPS to the ignore command listed above.) This is 'client-to-client protocol', again something you probably forgot about. It's mostly used to negotiate DCC sessions and annoy people via the 'notice' message type.

Side note: You really should ignore DCC as well, just from a security perspective. In this day and age, it is a ridiculously bad idea to allow a direct connection to your irc client from another client on the internet. Historically, DCC was used to transmit files. You'd join #warez on dalnet, see a bot's message (in color, no doubt) and use DCC to download files from it. I have no idea why we did this instead of usenet but whatevs. This was always a bad idea. Add "DCC" to that ignore command I keep referencing to ignore this blast from the past too.

As a user, that's really all you can do, sadly. Ignore the junk as best you can. If it drives you nuts, it's ok if you walk away for a while. We understand. I'm on the response team for this shit and I often slam the laptop lid closed and walk away for a while.


Let's talk about what channel operators can do to help protect their users.

First, go read this New IRC Channel Operator's Guide from irchelp.org. Even if you're not a new operator, go read it anyway.

If you suddenly get hit by a flood of joins from people you don't know, just make the channel +im temporarily so they can't keep coming in and can't flood in the channel. Note they can still cause flooding such as by rapidly changing their nicknames. Now just kick them without bans since they cannot rejoin while you are +i, that gives you time to set proper bans after you've kicked them all out.

There are three basic defensive postures. (These can be aided by the use of control bots but do not require it.)

  • Set the channel +k. This "keys" the channel and requires the user to know a special string to join. Only give that key to people you like and if the bots get in, you know one of the people you like is a jackass.

  • Set the channel to +i. This sets the channel to "invite only". Users must be allowed in via the /invite command to access. On irc.perl.org, users can use the /knock command to request an invite. If you do this, I suggest leaving the channel -s and put this info in the topic. That way, a user can do '/list #yourchannel' and see that they need to /knock first.

  • Set the channel to +m. This moderates the channel and only people with +o (ops), +h (halfops) or +v (voice) can speak. People can join but won't be able to speak until given +v. If someone, bot or not, gets out of control, you can just -v them. It's pretty much the same as "hellbanning", to use the modern parlance. Many IRC clients can be configured to automatically give +v to people when they join. (That is typically much easier and a better idea than dealing with channel control bots.)

  • Make heavy use of halfops. The +h (halfops) user mode is one of the most underutilized feature of irc.perl.org, in my opinion. Halfops have the ability to do all the normal ops stuff. Kick people, ban people, voice people, etc. They cannot however perform those actions against anyone who is +o. It's a really nice way to create a class of users who can help police the channel but are visibly different from the channel leadership.

That's all I have for now. If you find any tips I should know about or blog about, grab me on irc.perl.org.