search

ergochat / ergo

A modern IRC server (daemon/ircd) written in Go.
https://ergo.chat/
MIT License
2.28k stars 181 forks source link

Allow UBAN ADDing realnames/gecos #1724

Open Mikaela opened 3 years ago

Mikaela commented 3 years ago

matrix-appservice-irc generally doesn't allow users to change realnames/gecos so thus the only way for operator to ban abusive users/homeservers is to ban by realname/gecos.

slingamn commented 3 years ago

This seems like a "moderate on the other side of the bridge" problem? As in, if an operator or a bot has the ability to issue these bans on the Ergo side, they would be able to do it more effectively on the Matrix side?

Mikaela commented 3 years ago

Unlike RELAYMSG, the bridge spawns ghost users on IRC side kind of pretending to be a bouncer and the bridge may not be always be ran by the same people as Ergo. This is the case in our network that is migrating to Ergo and also Libera.Chat.

slingamn commented 3 years ago

I'm thinking it would be interesting to develop a vendor extension that would allow "puppeting" bridges (like matrix-appservice-irc and go-discord-irc) to send an identifier for the user during registration, which Ergo could then hash into a unique cloak (using the account cloaking algorithm).

The bridge would send something like: BRIDGEID matrix user@domain.com or BRIDGEID discord <id_number>.

prdes commented 3 years ago

So go-discord-irc uses WEBIRC. BRIDGEID seems to be a similar concept? It (go-discord-irc) creates an ipv6 address out of the <id_number> that doesn't/cannot clash with public ones and sends it with the rest of the usual WEBIRC parameters.

slingamn commented 3 years ago

From discussion, we think go-discord-irc's algorithm:

https://github.com/qaisjp/go-discord-irc/blob/922e41f095d62a1e2dc10cf5fff38f3c4162bd2a/bridge/utils.go#L25

doesn't work with Ergo because it produces ipv6 addresses that are all in the same /64, so in the default Ergo configuration they receive an identical cloak.

Mikaela commented 3 years ago

I'm thinking it would be interesting to develop a vendor extension that would allow "puppeting" bridges (like matrix-appservice-irc and go-discord-irc) to send an identifier for the user during registration, which Ergo could then hash into a unique cloak (using the account cloaking algorithm).

The bridge would send something like: BRIDGEID matrix user@domain.com or BRIDGEID discord <id_number>.

@Half-Shot thoughts?

poVoq commented 3 years ago

Biboumi (a xmpp to irc gateway) does implement webirc and thus allows xmpp server level bans without banning the gateway itself. At least on the more federated xmpp network that is usually sufficient to block abuse.

Mikaela commented 3 years ago

I think BRIDGEID could possibly also be useful for public shells for those who aren't just going to move to local and mobile clients

Mikaela commented 2 years ago

I hit this again recently and was also asking on #ergo how to get rid of a undesired Matrix bot. First I ended up UBANning all Matrix and XMPP users on the network and then just on specific channel when that was pointed out to me.