Managing Annoyances on IRC

Version 1.0.3


Last revised by PJKevin () on 2004-03-25

Originally written by Kzoo () and LadyDana () on 2001-01-24

Please direct any comments or feedback about this document (only! no help requests!) to docs@dal.net. If you need help on issues not covered in this document, please see the information at http://help.dal.net.

Introduction

Anyone who spends any time on IRC will eventually be bothered by some users who may not behave in a pleasant or respectful manner. The purpose of this document is to help you manage these annoying users so they are not quite so bothersome. Remember, you have several commands at your disposal which can be very effective. There are also other things you can do to help rid DALnet of these inconsiderate users. Some, but not all, annoyances may be reported to an IRC Operator.

Please see the document at http://docs.dal.net/docs/findoper.html to learn how to contact an oper. This document contains information on the following topics.

Contents

1 · The Commands at Your Disposal

There are two powerful commands many users have on DALnet. The first one is for users of mIRC, which is

/ignore nick 3.

If you wish to ignore a user with the nick of HotChique, you would type

/ignore HotChique 3.

This command will ignore a particular user@host, no matter which nick they happen to be using at the time. It's like your own private ban. As long as the annoying user does not change their hostmask, you will no longer be bothered. You can also use the /ignore feature of mIRC in several other ways. Ask in #mIRC or type /help ignore in your status screen.

To remove an ignore, the command is

/ignore -r nick.

The /ignore command will stay within the mIRC client preferences until it is removed.

The other command is /silence, followed by some parameters. The first is the most specific and the last is the broadest which will affect many people other than just the one annoying user. You can find the user@host of the annoying user by typing:

/whois nick

For example, if HotChique is bothering you and you want to use the /silence command, you would first type:

/whois HotChique

You would then see something that looks like:

HotChique is ~doogs@modem03.spamcity.com * Hot
HotChique is on twisted.ma.us.dal.net
End of /WHOIS list.

This information can be used in several ways, depending on how much you want to /silence. Examples of these follow, as well as what each will do.

/silence +HotChique!~doogs@modem03.spamcity.com silences the nickname HotChique with the matching address of ~doogs@modem03.spamcity.com.

/silence +*!*@modem03.spamcity.com silences anyone from this address with any nick.

/silence +*!*spamcity.com silences anyone using this ISP.

When +/- are left out, + is assumed.

A silence is removed by

/silence -whatever parameter was set.

This means, if the parameter was *!*@modem03.spamcity.com, you would type:

/silence -*!*@modem03.spamcity.com

Typing just /silence will display your silence settings. That is how you will find out what parameters were set. You can then cut and paste the parameters you want to remove or adjust. Be aware that the ignore command prevents EVERY message from other users, in channel, queries, notice, while the silence command still lets you see what the user writes in the channel but blocks all others.

The /silence command is a part of the IRCD process, so when you log off DALnet, all settings you have regarding /silence are removed. Finally, some more detailed information on this feature can be obtained at http://docs.dal.net/docs/misc.html.

Since /ignore and /silence use hosts the same way that channel bans do, you could take a look at http://docs.dal.net/docs/banguide.html to get a clearer idea of just how user addresses (also known as user hosts or user masks) work.

These commands are your first line of defense against most annoying things that happen on IRC.

2 · Dealing with Spam

Spam, or unwanted advertising, is one of the most bothersome intrusions on your IRC time. Spam takes various forms such as advertising websites or channels, or advertising a particular script. Regardless of the type of spam, most users do not care for it.

The first thing you can do if you are being repeatedly spammed by someone is to use the /ignore or /silence command. You can set these as narrowly or broadly as you wish. Just remember that if you set it too broadly, you may miss other users who have a similar user@host mask.

Many users want to report the spam to an IRC Operator. If an oper has time, they may enter the channel where the spam seems to be happening and deal with any spam which presents itself. Simply telling an IRC Operator that so-and-so is sending spam will most likely not result in much activity unless the IRC Operator has experienced the spam message themselves. It is much too easy to 'create' fake messages to report to an IRC Operator. Thus it is very important for the IRC Operator to see the real thing.

There is always a lot of advertising and inviting to channels. This is also against DALnet rules. DALnet will take action against inviters, which is another form of spam. There is also the possibility that action may be taken against the channel which was advertising or inviting, if the spammer is part of the staff for that channel.

Sometimes a spammer will message everybody who joins a channel even if they are not inside the channel. This is called relay spamming. Essentially, there's a bot inside the channel which is transmitting all the nicknames in the channel to the spamming bot outside the channel. Most of the time, both of these bots will have the same ip address. DALnet's IRCD allows you to easily search for a specific address inside a given channel. See http://docs.dal.net/docs/misc.html#5.10 for details on how to do this.

If you are tired of seeing spam about a certain channel, please preserve a copy of that spam. You can cut and paste it to notepad or some other place in which to preserve it. Just hold down the right button of your mouse and draw it across the offending message. Then you can left-click the mouse and choose COPY. Put your cursor in the place in which you want to save it, and left-click the mouse again, only choosing PASTE this time around. If you use mIRC, just highlighting the text will send it to the Windows clipboard so you can PASTE it into notepad directly.

Some people log everything. A log is like a recording of whatever has happened in a channel or in a conversation. Most IRC clients, such as mIRC or pIRCh, have a built-in feature which allows you to log everything. If you have closed the spam window (if it came as a /msg) you can still find the spam in your logs. Please join #mIRC or #pIRCh for information on how to activate that feature. If you are using an IRC client other than the two mentioned above, then try the support channel for your client. In some cases, you may have to email the author themself.

One of the most effective way to report spammers is to report it to the massads team. Due to the surge of virii that scans for email addresses on websites, the massads team only accepts online reports. You can do so by filling out the form at http://www.dal.net/admin/contactmassad.php3. Be sure to include the logs, and the /whois of the spammer/ advertiser/ inviter.

Your information may look something like this:

Time: 11:28 AM
Timezone: US Eastern Standard
Date: May 13, 2000

Join #TeenPleasurePalace and you will get ops!

HotChique is ~doogs@modem03.spamcity.com * Hot
HotChique is on twisted.ma.us.dal.net
End of /WHOIS list.

Explanation: One of the ops in the channel was the spammer ... here is his /whois. It matches the spammer's host.

BullyOp is ~op@modem03.spamcity.com * Hmm
BullyOp is on @#TeenPleasurePalace
BullyOp is on avana.ga.us.dal.net
End of /WHOIS list.

What happens to that information? It is first assigned to a member of the MassAds Team. This person checks to see if the spammer is on the ops list, or is founder, of the channel being spammed. So if you can provide this information then their job will be much easier. If the spammer is indeed an op, some action may be taken against that channel. If there is a pattern of spam from a certain channel, it may be closed.

If the spam involves advertising scripts, these scripts may be banned from DALnet for being a nuisance.

If the spam involves websites or other interests, the ISP of the person who is doing the spamming is often removed from DALnet for a while. Repeated spamming will result in a more permanent ban, and the offender's ISP being notified as well as the host of the website which was advertised. Most Internet Service Providers do not want their services used for advertising and some web-hosting services may be in for an unpleasant surprise if they check the content of some of the advertised sites.

In summary: It's best to /ignore or /silence an annoying spammer. If you feel you want to get an IRC Operator involved, tell him/her where the spamming is happening. Most IRC Operators will not deal with 'second hand' spam. Your best line of defense is to log the spam, get the /whois of the spammer, and provide the information in the form at http://www.dal.net/admin/contactmassad.php3. You will not see an immediate response, but this will give the DALnet massads team an opportunity to investigate and take action.

For more information about DALnet's advertising policy, please see http://kline.dal.net/massads/mup.htm.

3 · Personal Security and Harassment

Some not-nice users like to stalk and harass users, just to see if they can scare them or get personal information from them. The first thing that you must be aware of is to NEVER GIVE ANY PERSONAL INFORMATION TO ANYONE ON IRC unless you have known them for a long time and trust them completely. Giving personal information on IRC can be very dangerous and can lead to all sorts of unpleasant consequences. The news is full of stories about people who have done this and what has happened as a result. While these situations are not as commonplace as one is lead to believe, they are not all that rare either. DALnet is not responsible for the information which passes between users. You must use your own good judgement. Remember, your personal safety is your responsibility.

Don't keep personal information on your computer where someone may have access to it. Do not tell people in which town you live, the school you may go to, your activities at school, your telephone number, or any other identifying information. If you do this, you may leave yourself open to something unpleasant. Of course, if you have known someone for a long time on IRC and trust them with such information, it is up to you whether you want to share it or not.

There are several good channels which can help you with securing your computer. Please take the time to visit #NoHack or #Windows95. The latter channel handles problems with all versions of Windows and should be considered as a general technical help channel.

If you are being stalked or harassed by a user, you should keep logs of this activity. You also need to know the /whois of the user. Stalking and harassing is against the Acceptable Use Policy of most Internet Service Providers. When you have this information, put it into an email to abuse@their.isp. An example would be if you were being harassed by someone with the usermask of nasty@PP22.supernet.net. You would send your mail, with the timestamped logs and an indication of your time zone, to abuse@supernet.net. If you don't get a response right away, be persistant.

If you feel that the harassment is extreme, you are free to contact your local law enforcement agency with the logs and information. Law enforcement has ways of finding out who these people are and dealing with them. DALnet does not have these resources at their disposal. If you would like some help with this process, please contact CyberAngels at http://www.cyberangels.org. Their email support address is . This team of volunteers is dedicated to helping users handle these kinds of problems and have had extensive training and experience.

It is very difficult for an IRC Operator to intervene in a harassment situation. Again, it's too easy to fake logs and messages. Some IRC Operators may choose to discuss this with the offending user, but as a general rule, dealing with harassment is up to the user. Your best approach is to log the harassment as above. If it is just an annoyance, the /ignore or /silence commands may do the trick.

4 · "Nukes" and other Denial of Service Attacks

Many users feel that this is a part of IRC when it really happens outside of any DALnet servers. DALnet cannot be responsible for these activities. It is the responsibility of the user to protect themselves against these attacks, and to have the necessary software to get information on the nuker. IRC Operators will not track down and remove nukers since, once again, logs can be faked very easily.

For information on what the US and Canadian Governments have to say about Denial of Service Attacks, please visit http://www.nohack.net

What can a user do then? Information about protecting yourself against nukes can be found at http://www.irchelp.org/irchelp/nuke/stealth.html. However, you should keep in mind that programs that only monitor ports (such as NukeNabber) do not actually protect a user from being nuked. It does collect the information necessary to report the nuker to his or her ISP. Where DALnet can not check the accuracy of these logs, the Internet Service Providers can. These attacks are against most Acceptable Use Policies of most ISPs, and you need to take the information from NukeNabber in order to report the attack. This information includes a traceroute which gives the ISP the track the nuke took from the nuker's computer to yours. There are other programs available which will do the same thing. Ask your friends what they use.

Some users like to use a firewall which can prevent bad things from reaching their computers. One which is shareware can be found at http://www.zonelabs.com. There are others such as ConSeal Firewall which may be purchased at http://www.consealfirewall.com. Even more are available through a web search. Again, ask around to see what most people use.

More information than you probably will ever need about DoS attacks can be found at http://www.denialinfo.com.

5 · Clones and Flooding

Flooding is the rapid repetition of words, symbols, ctcp commands or other contacts designed to overpower a user and force a disconnection. This is called 'flooding someone off'. Not only is this very annoying, but it also interferes with the workings of DALnet servers.

Clones are multiple connections to DALnet, often using specialized software to accomplish this. Clones are often used as tools with which to flood.

Cases of flooding and cloning should be reported to an IRC Operator immediately because these interfere with DALnet operations. You can find an IRC Operator and report the channel in which this is happening. The IRC operator will then join the channel and deal with any clones and/or flooders.

If you are an op, setting the command /mode #channel +R (which permits only registered and identified nicks to join) often disables clones, since the randomly chosen nicks are not registered. You can also moderate the channel with /mode #channel +ml 2 (which moderates the channel so that only ops and voices may be seen, and sets the limit to 2 which will prevent any more clones from joining the channel). You can then take a breath and get the necessary information about the cloner/flooder.

Some channels may have these modes MLOCK'd so that you cannot use them. In those cases, it would be a good idea to talk to channel founder about changing the modelock and to get a good flood protection script. Some scripts are available at http://www.scriptheaven.net. Also, further information on modes and consequently modelocks, can be found at http://docs.dal.net/docs/modes.html.

If you are not an OP and you are using mIRC, you can attempt to use /ignore nick 2, which may or may not prevent clones from flooding you. If the flooding is done by just one user, it should work. If the clones come to you in message windows, please type /close -m, which will close all the query/message windows that you have open.

6 · Virus and Other Bad Stuff

You may encounter a user who is attempting to send you files which are really viruses and trojans. Some of these files may be called Movie.avi.pif, Pretty Park, DMSetup, Links.vbs and others. There are also some malicious devices such as 'backdoors' which will permit others to access your computer. Whatever they are, and whatever they are called, they can and will damage your computer.

The only way you can prevent the transmission of these files is to always keep your DCC get preferences set to ignore. In this way you must turn on your DCC get in order to receive a file. Never accept and run any files from anyone you do not know.

If you think you are infected please quit all channels you happen to be in. This is to prevent the spreading of the virus. Go immediately to #NoHack, the DALnet channel where virus help can be received. Give this advice to anyone you know who is spreading a virus. If the individual chooses not to go, please find an IRC Operator and tell him/her in which channel this person is spreading the virus.

DALnet has established a prevention system called DCCALLOW which essentially blocks files with extensions that viruses commonly use. Most people do not know that they are sending viruses. If you can, contact them and get them to join #nohack or to scan their computer for viruses. It is not necessary to report these users to IRCops though. Further information on DCCALLOW is available at http://docs.dal.net/docs/misc.html.

For a lot of great information and some good links concerning viruses, please visit http://www.nohack.net. http://docs.dal.net/docs/exploits.html may also contain some advice that is useful to you.

7 · Summary

Learn and use the /ignore and /silence commands.

Report spam and invites to http://www.dal.net/admin/contactmassad.php3 with the appropriate logs.

It is your responsibility to maintain your own personal security. Do not share personal information about yourself to others on IRC unless they have earned your trust.

Report harassment or stalking to the stalker's Internet Service Provider or to your local law enforcement agencies. CyberAngels (http://www.cyberangels.org) can be helpful with the really scary stuff.

Get a firewall to protect yourself against Denial of Service (DoS) attacks, and NukeNabber or a similar program to get the information about someone who is nuking you. Report this information to the nuker's Internet Service Provider. Be persistent if you don't get feedback in a few days.

Report clones and floods to an IRC Operator. You can use various commands to rid yourself of some of this annoyance.

If you have a virus, or know of someone else who is spreading a virus, please go to #NoHack or send someone who is spreading a virus there. To prevent getting a virus, never accept any files from anyone you do not know.

Visit the links mentioned in this document to become more fully informed.