[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

SPAM bug: patchlevel 2.9.2p1

To: ircd-users@xxxxxxxxxxx
Subject: SPAM bug: patchlevel 2.9.2p1
From: Volker Paulsen <Volker.Paulsen@xxxxxx>
Date: Tue, 18 Mar 1997 13:59:37 +0100 (MET)
Reply-to: paulsen@xxxxxx (Volker Paulsen)

Moin,

as we all recognized ppl started heavily to abuse scripts to
send multicast message spams. 

This is possible due a bug introduced in 2.9.2: the old flood control
mechanism was removed and the new penalty system never applied any
penalty score to messages.

The following diff addresses this problem, and brings ircd 2.9.2 to
patchlevel 2.9.2p1. It has been tested by Kaefer and hershey against
all known spam scripts. Please upgrade asap.

The diff is also accessible via:
	http://orgwis.gmd.de/~paulsen/irc292.SPAM.diff

--Volker
Yegg@IRC


--- irc2.9.2/include/patchlevel.h.old	Sat Mar 15 15:58:59 1997
+++ irc2.9.2/include/patchlevel.h	Sat Mar 15 17:07:50 1997
@@ -17,5 +17,5 @@
  */
 
 #ifndef	PATCHLEVEL
-#define PATCHLEVEL "0209020000"		/* for server identification */
+#define PATCHLEVEL "0209020001"		/* for server identification */
 #endif
--- irc2.9.2/include/numeric.h.old	Sun Mar 16 15:02:22 1997
+++ irc2.9.2/include/numeric.h	Sun Mar 16 15:08:56 1997
@@ -137,6 +137,7 @@
 #define ERR_TOOMANYTARGETS   407
 #define ERR_NOSUCHSERVICE    408
 #define	ERR_NOORIGIN         409
+#define	ERR_TOOMANYDESTS     410
 
 #define ERR_NORECIPIENT      411
 #define ERR_NOTEXTTOSEND     412
--- irc2.9.2/ircd/s_err.c.old	Fri Mar 14 17:05:57 1997
+++ irc2.9.2/ircd/s_err.c	Sun Mar 16 15:24:33 1997
@@ -55,7 +55,8 @@
 		"%s :Duplicate recipients. No message delivered",
 /* 408 */	ERR_NOSUCHSERVICE, "%s :No such service",
 /* 409 */	ERR_NOORIGIN, ":No origin specified",
-		0, (char *)NULL,
+/* 410 */	ERR_TOOMANYDESTS,
+		"%s :Too many recipients. No message delivered",
 /* 411 */	ERR_NORECIPIENT, ":No recipient given (%s)",
 /* 412 */	ERR_NOTEXTTOSEND, ":No text to send",
 /* 413 */	ERR_NOTOPLEVEL, "%s :No toplevel domain specified",
--- irc2.9.2/ircd/s_user.c.old	Thu Mar 13 23:45:19 1997
+++ irc2.9.2/ircd/s_user.c	Sun Mar 16 15:22:29 1997
@@ -956,7 +956,7 @@
 	Reg	char	*s;
 	aChannel *chptr;
 	char	*nick, *server, *p, *cmd, *host;
-	int	count = 0;
+	int	count = 0, nickcnt = 0;
 
 	cmd = notice ? MSG_NOTICE : MSG_PRIVATE;
 
@@ -975,8 +975,22 @@
 	if (MyConnect(sptr))
 		parv[1] = canonize(parv[1]);
 	for (p = NULL, nick = strtoken(&p, parv[1], ","); nick;
-	     nick = strtoken(&p, NULL, ","))
+	     nick = strtoken(&p, NULL, ","), nickcnt++)
 	    {
+
+		/*
+		** restrict destination list to MAXMSGDESTS recipients to
+		** solve SPAM problem --Yegg
+		*/
+#define		MAXMSGDESTS 5
+		if (nickcnt >= MAXMSGDESTS) {
+		    if (!notice)
+			sendto_one(sptr, err_str(
+				   ERR_TOOMANYDESTS,
+				   parv[0]), nick);
+		    continue;
+		}
+
 		/*
 		** nickname addressed?
 		*/
@@ -1112,7 +1126,7 @@
 		    }
 		sendto_one(sptr, err_str(ERR_NOSUCHNICK, parv[0]), nick);
 	    }
-    return 0;
+    return nickcnt;
 }
 
 /*

Prev by Date: Re: ircd FAQ
Next by Date: 2.9.3 beta10 available
Previous by thread: Re: ircd FAQ
Next by thread: 2.9.3 beta10 available
Index(es):
- Date
- Thread