Ban Guide

Version 1.2.5


Last revised by h () on 2018-11-20

Originally written by Aysmonte on 1997-03-03

Please direct any comments or feedback about this document (only! no help requests!) to docs@dal.net. If you need help on issues not covered in this document, please see the information at http://help.dal.net.

Introduction

A channel ban is a restriction for an IRC user preventing them from joining a channel, based on their address and/or nickname. It should be noted that bans are not case sensitive and are indiscriminate. That is, you could quite easily ban innocent people from your channel while attempting to keep someone out.

Remember, that to be able to set a ban on a channel, you have to be a channel operator on that channel (denoted by an "@" next to your nickname on that channel's member list). Only channel operators can add or remove channel bans.

If you are a channel operator it will be important to understand how bans work and when and why they will be implemented. I'll be breaking this down into simple steps for you to follow and general backgrounds on each item to help you understand why and how this all works. I might suggest you go through this document a few times to familiarise yourself, not only with the terminology, but also to make sure you have understood and retained all the information. As in everything there are always other ways to do things, but I'll cover the basics which work on the majority of IRC clients.

It should also be noted that while this document was written with channel bans in mind, all the techniques apply to channel AKicks (autokicks) as well. AKicks are simply a more permanent version of bans. Only the SOps and the founder of a channel have the ability to add an AKick to the ChanServ AKick list. This is covered at the end of the document.

Contents

1 · What is a Channel Ban and When To Use One?

A ban is a channel mode that is set to prevent clients with certain IRC identifiers (username, hostname, nickname) from joining that channel. If they are already on the channel, it prevents them from speaking (similar to if the channel is +m but they are not +o or +v) or changing their nickname. This feature is known as +bquiet.

Bans are channel specific, that is, a ban will only exist in the channel specified in the ban command line. All bans will disappear from a channel if that channel becomes empty. Channel bans can only be set and removed by channel operators. AutoKicks are the exception to the rule and are implemented by ChanServ whenever a user matching the ban attempts to join the channel in question. Whether there is anyone in the channel or not is irrelevant.

When should you use a ban? Well that is entirely up to you as a channel operator. Generally a ban would be placed on a user joining a channel who was constantly causing trouble. That is, flooding the channel or being rude. This doesn't mean that is the only time a ban will be placed. You may be banned from a channel due to an offensive nickname, or another reason. Setting bans is at the full discretion of the channel operator.

It should be noted that a channel operator has the right to ban anyone they wish, for any reason they wish. As a channel operator, they are in effect the owner of the channel. Think of it as a house. If you happen to be the owner, you retain the right to remove someone for any reason you wish, perhaps only because you dislike them.

Some channels may have a set of rules used to determine when to place a ban. When you achieve operator status in a channel consult with the founder of that channel to see if they have a set of rules, if you don't already know, which outline instances or activities when bans will be placed on users.

2 · What Information Is Needed To Place A Ban?

In order to set a ban, you must know the address of the user that is going to be prevented from joining the channel or silenced. To find out this information, use the WHOIS command.

In the case where the user has changed nicks, you can use the WHOWAS command. This command can only be used immediately after someone has changed nicks or has quit the network. The server is unable to remember the address of a user indefinitely after they have changed nicks or quit, so you have about a minute to perform the WHOWAS command in order for it to be effective.

I'll use the nickname of Nick in all of the following examples. Now to perform the WHOIS command on "Nick", you would type:

/whois NICK

at any command line within your IRC client. Depending on what client you are using, or what scripts and filters you are running, it will give you output looking something like the following:

*** Aysmonte is AMO@cs1p1.ipswich.gil.com.au Aysmonte@dal.net
*** on channels: @#gryphons
*** on irc via server cin.il.us.dal.net

As you can see, there is a lot of information given us, including: the user's address, channels the user is currently on, IRC server being used, and other details such as if the user is away and such (not shown here, see Appendix A). The information that we are really interested in appears in the first line:

*** Aysmonte is AMO@cs1p1.ipswich.gil.com.au Aysmonte@dal.net

Breaking the address down to the following parts:

nickname!userid@ISP.domain.country

The ISP.domain.country section is also referred to as the host name or domain.

Of course you will see some weird addresses from time to time, but essentially it is always in the above format, with the domain and/or country being last and the rest of the information after the @ being part of the information about the ISP and the computer used. You can ban on any of nickname, userid and domain depending on how stern or lax you wish the ban to be enforced. This will be covered in more detail later in this document.

The '!' is a separator to separate the nickname from the userid field. The userid and nickname can also be the same. The '@' symbol is another separator. The '@' separates the userid field from the remaining address (Hostname).

I'll give examples of bans following, ranging from a very specific ban to the most general site-wide bans. It is up to you to determine the ban needed for the particular instance and to also maintain any ban lists you feel should always be in place. The majority of bans that you will need to place will likely be temporary bans and could be removed after a short time.

As mentioned above, there is also the possibility that the host in question is a VHost. VHost stands for virtual host and is a vanity address, most of the time, created especially for going onto IRC.

Therefore, you may see an output that would be quite bizarre such as:

*** Nick is god@dancing.with.wolves.in.moonlight.net Hey hey!
*** on channels: @#faqsfordalnet
*** on irc via server shiva.va.us.dal.net

In the case of VHosts, you should keep in mind that there is more than likely a few other similar, or totally different hosts. Shell Account Providers make dozens of these hosts available to their users. In cases such as these, one should take careful note of the ident. If a ban is evaded, then it might be worth a try to only set a ban on the userid of the person in question. Further instructions will be given below.

3 · How To Place Bans

In all of the ban examples given I'll use <#channel> to indicate the channel name of where the ban should be place. Make sure you specify the right channel in the mode command and not <#channel>.

Note: Some clients have specific commands for banning. The MODE command used here works with all clients. You should view your IRC program's (client's) help documentation about bans/banning to find out how to use the client-specific ban commands, if any.

To ban a certain nickname ONLY you would use the following command:

/MODE #channel +b Nick

or in full

/MODE #channel +b Nick!*@*

An example of a ban using a real channel name and nickname would be like this:

/MODE #Gryphons +b Aysmonte!*@*

Both of these commands will result in the same ban mask. If you are unfamiliar with the usage of the /MODE command, see Appendix A for more information on this command.

This tells all the IRC servers in the IRC network that anyone using the nickname of Nick should not be allowed to join the channel. It should also be noted that bans do not kick users off of a channel. On DALnet, it will prevent them from changing their nickname and/or sending any text to the channel, but they will remain on channel, and receive all channel text until an operator kicks them or they leave the channel.

This ban is rarely used, as the banned user can simply change nicknames to get past it. (Technically this is ban evasion on the part of the user, but due to the laxness of the ban not many people would be willing to call it real ban evasion.) However, it does have it's advantages in preventing offensive nicknames from being used. (For example, banning *sex*!*@* in a family channel.)

The asterisks, "*", in the above command are known as wildcards. Wildcards are used to represent zero or more characters in that position, that is it matches any number of any characters in that position, even none at all. Another wildcard is "?". The question mark "?" is used to specify only one character in that position and is generally rarely useful. Some of you may be used to using wildcards in directory searches for files and as such they perform similarly. You'll also note the "!" is still used as the separator in the ban syntax.

Examples of wildcards for IRC are:

ni?e = nice, nine, nixe, nife ...... *.gil.com.au = ipswich.gil.com.au, cs1p1.ipswich.gil.com.au, anyvarietywith.gil.com.au

? = One Character In This Position

* = Any String In This Position

Now, this example ban is pretty pointless, due to being very specific on a field that is easy to change. A "wider" (a ban that covers more possible variations of addresses, eg AMO@cs1p1.ipswich.gil.com.au is specific (narrow) whereas AMO@*.gil.com.au is more general (wider)) and a little better ban would be the following:

/MODE #channel +b *!User@ISP.domain.country

Breaking this ban down, we are saying ban everyone with any nickname and whose userid is User or user (bans are not case-sensitive), with a hostname of ISP.domain.country. This is a little harder to evade but all evasion entails is to log off the IRC network, change your userid and log back on and avoid the ban. Again it will stop the Nick from rejoining your channel immediately but will only stop them for a few seconds, assuming the user will want to evade your ban.

For users who are in the habit of using a variety of VHosts to evade bans, you can try to stop them by banning their userid (ident) only:

/MODE #channel +b *!userid@*

With the whois output example that we had at the beginning of this manual (Nick is god@dancing.with.wolves.in.moonlight.net), the actual command would look like this:

/MODE #channel +b *!god@*

If, however, repeated ident bans are unsuccessful, you should consider placing a ban on the entire IP block. You will have to keep in mind that this will usually keep out all the users from the company who is providing the VHost.

The first thing to do is to find the IP block that this VHost is part of:

/DNS hostname

Let's try this with the practical example of using the command on the domain dancing.with.wolves.in.moonlight.net. You would probably get something ressembling the following:

Looking up dancing.with.wolves.in.moonlight.net ..
Resolved dancing.with.wolves.in.moonlight.net to 222.666.999.555

We have now established that the host of dancing.with.wolves.in.moonlight.net has an IP address of 222.666.999.555. This means that all the other VHosts of the company are likely to be under 222.666.999.something (provided that it's not a huge company). In order to a ban on IP block, you would type:

/MODE #channel +b *!*@222.666.999.*

Should you still have problems with this user then it would be high time to contact someone in an official help channel such as #Help. IRC Operators can be found in #OperHelp.

With more 'normal' situations, a much better ban to place, especially if this is to be a temporary ban, would be the following:

/MODE #channel +b *!*@ISP.domain.country

I should note here that not all users can change their user name but it is a good assumption to make these days as more and more people connect using clients allowing them to do this modification.

The "*!*" tells the server to not allow any nickname or userid from the specified Host/Domain to join your channel.

With experience you will note that the ISP section of an address changes for people using PPP or SLIP dial in accounts. There will be a static part referring to the ISP, however there is also usually an extra part catering for these users. We will break down the ISP part of the address now to become:

nick!userid@PPP.ISP.DOMAIN.COUNTRY

The PPP is assigned to a user when they log onto their ISP, usually via dialing in on a modem, for the duration of that call/connection.

To stop a person more efficiently from joining your channel you ban them as per the following:

/MODE #channel +b *!*@*.ISP.domain.country

This, as you can see, would be saying that you want to ban all nicknames, userid's and PPP's from a particular ISP. This is probably the safest and most widely used, form of ban you could do to a troublesome user. Basically no one from that ISP will be able to join your channel. However, they may have a second account with a totally different ISP which they could log onto and then avoid your ban. This would be counted as ban evasion which isn't permitted on DALnet. Seek out an IRCop if/when this happens. The above example of people changing VHosts in order to get around a ban is another example of ban evasion.

Of course another ban you could consider for a temporary ban is a very wide Domain or Country ban. This would be used as a quick fix to get rid of a troublemaker while figuring out a proper ban to place on that user. It could take the following forms:

/MODE #channel +b *!*@*.domain.country
/MODE #channel +b *!*@*.country

These are very wide however, and you would be "catching" a lot of people in this ban who don't deserve to be banned from your channel. On this note it would be a good time to mention that once you have a ban in place you can't place another ban that covers that range. So if you place a ban on *!*@*.ISP.DOMAIN.COUNTRY you can't then ban: *!*@*.DOMAIN.COUNTRY (wider ban) or *!NickID@PPP.ISP.DOMAIN.COUNTRY (narrower / more specific ban).

What does this mean to you? Well if you have banned a userid and nickname (*!*@PPP.ISP.DOMAIN.COUNTRY) from entering your channel then you would have to remove this ban before making it for the whole ISP (*!*@*.ISP.DOMAIN.COUNTRY) or some other similar ban.

It is a good idea to periodically check your ban lists for maintenance. While doing so you may find 2 bans in place that are similar but not quite the same. We shall use the following addresses for our bans in this example:

Nick1!userid1@NewISP.NewDomain.COUNTRY

Nick2!userid2@OldISP.OldDomain.COUNTRY

Now let us say the ban was on nickname and userid making them

*!*@NewISP.NewDomain.COUNTRY

*!*@OldISP.OldDomain.COUNTRY

So to make things more efficient and your ban list more manageable you could ban

*!*@*ISP.*Domain.COUNTRY

to cover both of them.

Why keep as few long term bans as possible? Basically, shorter lists are always easier to manage and reset if needed. You should also note that DALnet only allows a maximum of 200 bans for a channel at any one time.

Another thing you could do with similar bans is use a screw ban. A screw ban basically uses the wildcard "?". Screw bans aren't very useful, and they are very rarely used in practice. For example you have two ISP's with a similar name:

*!*@New1ISP.Domain.COUNTRY

*!*@New2ISP.Domain.COUNTRY

For a ban here you would put a ban on:

/MODE #channel +b *!*@New?ISP.Domain.COUNTRY

Note that the "?" only works for ONE character, so if it were trying to block more then one character you would have to use a "*". Other variations are possible of all these bans. The wildcards can be mixed up and swapped around from front of a word to middle to end. You can even use the wildcards for the country field. Take to following two addresses:

Nick1!userid1@ISP.DOMAIN.net

Nick2!userid2@ISP.DOMAIN.com

You could place a ban such as:

/MODE #channel +b *!*@ISP.Domain.*

to cover all nicknames, userid and country fields. Again this ban isn't too useful. Technically it could come up sometime, however I doubt you would ever have the need to place such a ban. Bans are versatile and only as efficient as you let them be, they take some experience to get used to but after a while at looking at people's addresses you should soon get a feel for how to ban effectively. Don't fret if you don't know what is a good for some particular case, just try out something and see if it will work. For some people placing bans is a nightmare, but so long as you have a general understanding you should be able to look after a channel till a more experienced operator comes along to help you. If you have a friend on IRC then you may ask for their assistance in placing bans on them and experimenting. For a quick check list as a guide to banning see the "Quick Ban Guide", section 7 later in this document.

There are other configurations of bans that I could go into such as:

/MODE #channel +b *!*user@*.isp.net

but there is no real need to go through them ALL with you. With experience you'll feel out what type of ban you will need to place as the need arises. Watching others and asking them why they have placed a ban a certain way can also lead to understanding on your part. Also take note of your punctuation when banning for *!*user@*isp.net is totally different to *!*user@*.isp.net (note addition of period/dot), so it is advisable to be very pedantic when doing your bans or you will find some unpredictable results.

At times you will see users with an IP address, that is they have numbers instead of words for their address (hostname)! This is common enough, so don't worry. We just have to modify our thinking when it comes to making an effective ban for such users. Let me point out that they may not always have IP numbers for addresses due to various reasons.

It should be noted that for each and every hostname there is an associated IP address (as demonstrated with our VHost examples). If you ban someone while they are using their IP address then they will still be prevented from rejoining the channel even if their hostname resolves the next time - provided, of course, that the IP address hasn't changed. Usually the lack of a resolved address is due to lag between their ISP and the IRC server they connected to when they joined DALnet. This results in the IRC server not being able to get a response from the "name lookup" in time, so it uses their IP address instead.

See Appendix A for an example of output from a /WHOIS done on a user with an IP address.

As you can see instead of a "text" hostname there is now a set of four numbers. For some users this will be constant but for others it will change. The part that will do the changing generally is the last digit (though this isn't always the case, but common enough that there's no need to expect anything else). It should be noted that if they or you have a static (unchanging) hostname then your IP will always be the same as well. So unlike before where we would use a wildcard to ban the first part of the host, we would in these cases remove the last digit and place a wildcard in there such as:

/MODE #channel +b *!*user@254.253.252.*

You can also add a timed ban where the ban you placed will be removed automatically after a number of seconds specified. For example, if I want to ban the nick Aysmonte for 20 seconds on #fleetstreet, I will type:

/ban -u20 #fleetstreet Aysmonte*!*@*

There's also a command for you to ban kick a user simultaneously rather than typing 2 commands. For example, if I want to ban kick Aysmonte, I will type:

/ban -k #fleetstreet Aysmonte reason

This will place a ban on his IP address/host and kick Aysmonte from the channel.

4 · Removal and Modification Of Ban Lists

Removing bans is relatively simple compared to setting one. Firstly you have know which ban mask you wish to remove from your channel. This can be achieved in most applications by using the command:

/MODE #channel b

Other clients, for example mIRC, all you would do is double click in the channel text area to retrieve a list of channel bans.

Once you have a list of bans on your channel, find which ban mask you wish to delete then simply type:

/MODE #channel -b banmask

You should note that if your channel no longer exists, i.e. all the users leave the channel then your current ban list will no longer exist and will have to be recreated once you "re-create" the channel (join it). DALnet gets around this in a fashion by using ChanServ's AKICK command, but this is only available for registered channels.

It should be noted that if you have a wide ban (eg. *!*@*.com.au) and you wish to place a narrower ban (eg. *!*@cs1p1.ipswich.gil.com.au ) on someone (not that they would be on the channel in the first place). Remove the wide ban before placing the narrow ban.

5 · Simplyfying bans

Sometimes, you want to keep out specific nicknames that are used by spambots that come in with a standard name with numbers at the end of their nick. You want to set a nick ban than having to add 100 bans to your banlist. Let's take a look at the following example:

5 users from different IPs/hosts come in to #fleetstreet with the nicks Andrea521, Andrea522, Andrea523, Andrea524 and Andrea525. Instead of adding 5 bans on their hosts, you can simplify the ban by adding a nick ban by using wildcards as discussed previously. So you will type the following command:

/mode #fleetstreet +b Andrea???!*@*

which will keep all of them out. The problem is, if they use less or more than 3 characters after that nick, this will render the ban ineffective. Therefore, you will need to set a wider ban to keep them out completely. So the following ban mask will be set:

/mode #fleetstreet +b Andrea*!*@*

which will keep anyone with the nick Andrea regardless of any number of characters behind it out of the channel. However, if you have a friend who may be affected by the ban eg. Andrea_Simon, you will then need to place an exception mask. You may refer to section 8 to know more on how to place an exception.

6 · Other Associated DALnet Services

DALnet uses ChanServ to look after registered channels. This maintains a ban list of sorts. Basically, when you add an AKICK on a host mask, ChanServ checks users as they join your registered channel. When a user with a host mask in ChanServ's AKICK list joins your channel, it kicks the user from your channel and places a ban on that mask to stop them from rejoining.

To add an AKICK to a channel, firstly the channel must be registered, secondly you need to have a SOP (or the founder) to place the ban. A SOP is a channel SuperOp, for more information use the command /ChanServ help SOP.

Note: Some clients may not allow you use the /ChanServ. If this is the case then try using /msg ChanServ@services.dal.net instead.

The command to add an AKICK is:

/ChanServ AKICK #channel ADD nickname or host mask

More information on this command can be obtained at http://www.dal.net/services or from ChanServ's help system:

/ChanServ Help AKICK

AKICKs stay until they are removed, so it is important to maintain the AKICK list and remove any old entries.

7 · Quick Ban Guide

  1. Decide if the ban is temporary or long term.

  2. Get the user's information using the /WHOIS command or /WHOWAS command

  3. If the ban is temporary then place a narrow ban such as nickname!*@* or *!userid@*

  4. If the ban is to be long term, set a wider AKICK such as *!*@*.host

  5. Review your ban to make sure it is efficient and not stopping too many users from joining your channel.

  6. If a temporary ban, remember to remove it after a predetermined time, say 10 minutes.

8 · Exception Mode (+e)

The +e or exception mode has been introduced when Bahamut 1.8.* was released. The function of this mode is to allow someone who is affected by a ban which was not intended for him/her to join the channel. For example, if I place a ban on the mask *!*@219.94.* on #fleetstreet but I'd like to allow my friend Ting whose mask is Ting!kluv@219.94.25.63 into the channel, I would place an exception by typing:

/mode #channelname +e Ting!*@219.94.*

which will allow Ting to join the channel. The exception mode is also useful especially when you want to ban a specific host/domain/ISP but wish to allow specific people to join. For more information on the exception mode, you can read the modes document at this link http://docs.dal.net/docs/modes.html#2.3.

Appendix A · Relevant IRC Commands

A.1 /mode Command

/MODE #channel +b *!*userid@ISP.domain.country

To break this command down:

/MODE

this tells the server you are issuing a modification to a channel or user mode.

<#channel>

informs the server that you are changing the mode of the named channel. In this case the mode change will be a ban to be enforced.

+b

informs the server what type of mode change to perform (in this case 'b' for ban) and a + to add that mode.

*!*userid@ISP.domain.country

is the ban mask. The mask that the server will stop from joining your channel.

A full description of all the available channel and user modes is available at http://docs.dal.net/docs/modes.html.

A.2 /whois Command

ircII Example of /whois output

*** Aysmonte is AMO@cs1p1.ipswich.gil.com.au Aysmonte@dal.net
*** on channels: @#gryphons
*** on irc via server cin.il.us.dal.net
*** Away:"Reading email /MSG me to chat"
*** Aysmonte is an IRC Operator
*** Aysmonte has been idle 3 minutes

The fourth, fifth and sixth lines may or may not be present. They depend on what server you are on and also what personal modes the user has set.

The first line of this WHOIS output refers to the user's address, which includes the user's id (AMO), the user's host (cs1p1.ipswich.gil.com.au), and the user's real/irc name (GCOS) line (Aysmonte@dal.net).

The second line informs of what channels the user is on that are not secret. The channel name follows the #, if a @ is present before the channel name this indicates that the user has operator status on that channel.

The third line tells of which server the user is logged onto IRC.

The fourth line is an away message to inform users if that person is currently away from the keyboard, or not following IRC and what reason has been given for their "absence".

The fifth line informs us that the user is an IRC Operator. On DALnet this can look different depending on which server you are on, but generally you will see the words IRC Operator or IRCop somewhere in the line.

The sixth line gives an idle time of how long since the user has been active. If you do a /WHOIS on someone and you are on the same server then you will see their idle time, if you are on a different server then it won't be passed to you unless you specifically request it using /WHOIS nickname nickname (that is specifying the nickname twice).

Other examples of the WHOIS command:

*** Aysmonte is AMO@203.1.72.142 Aysmonte@dal.net
*** on channels: @#gryphons
*** on irc via server cin.il.us.dal.net
*** Away:"Reading email /MSG me to chat"
*** Aysmonte is an IRC Operator
*** Aysmonte has been idle 3 minutes

Appendix B · Terminology

IRC Client

IRC program that lets you connect to an IRC server but also, a user on IRC. This need not be a "real" live user at a terminal but could also be an automated program, often called a bot.

Domain

A classification (signified by a single word or abbreviation) to which a computer in a network belongs. The names of successive domains are used in forming a unique name by which the computer is known to the network.

IP Address

A unique set of digits identifying a computer connected to a network and used by the communications programs. (For example 123.123.12.1). Human users can use the more friendly domainised names. IP stands for Internet Protocol.

ISP

Internet Service Provider. A company that provides an intermediate link between a computer or network and the Internet.

Ping

A simple network service which will report on whether a particular node on the network is alive, and on the current reliability of the line to that node. There are several types of pings in use for different reasons.

PPP

Point-to-Point Protocol. Used to establish a TCP/IP connection between two "points", typically over serial link such as two modems and a phone line.

SLIP

Serial-Line IP. An alternative (older) protocol for establishing a TCP/IP connection over a serial link.

Telnet

A program on a computer which enables you to connect from that computer to another one on the Internet, and operate it remotely.