► How to moderate your channel

 

Both the server and services provides many useful tools for you to look after your own chatroom,

which includes but not limited to:

  • Kick and/or ban a trouble maker either temporarily or permanently
  • Grant others moderator status
  • Restrict your chatroom to only those who are connecting via your website
  • Lock the chatroom with a key
  • Various channel protection mechanisms
Channel Operators

Moderators of a particular chatroom, also known as a channel operator, ChanOp or simply Op have the ability to modify various settings of the channel they hold such status in. Users who hold ChanOps status have the "@" symbol in front of their nickname. ChanOp status comes in three different access levels:

  1. Auto Operator, also known as AutoOp or simply AOp
  2. Super Operator, also known as SuperOp or simply SOp
  3. Manager, or most commonly referred to as the MGR

For most purposes, channel founders are considered to be on the same access level as the channel manager. A channel manager can do anything a channel founder can do with the exception of:

  • Drop the registration of the channel
  • Transfer the foundership of the channel to another user or themself
Other Access Holders

While ChanOps are access holders who have control over channel settings and other users of the channel, there exists two more access levels. Status holders of these two levels are granted certain privileges to the channel but these privileges are designed to benefit the holder and does not allow them to exercise control over other users of the channel. These two access levels are:

  1. Voice Operator, also known as VoiceOp or simply VOp
  2. User Operator, also known as UserOp or simply UOp

VOps, denoted by the "+" symbol in front of their nickname, holds the following privileges:

  • The ability to join the channel even if there is a channel ban that matches them
  • The ability to join the channel even if the channel is set to keyed/invite only or the channel occupany limit has been reached
  • Can talk in the channel even if the channel has the moderation mode set (+m)
  • Can change nickname while on the channel even if the prohibit nickname change mode has been set (+d)
  • Properties such as REJOINTRACK, USERMSGSPERSEC, JOINMUTE, etc. will not affect the user

UOps, denoted by the "-" symbol in front of their nickname, holds less privileges than VOps, but includes the following:

  • The ability to join the channel even if there is a channel ban that matches them
  • The ability to join the channel even if the channel is set to keyed/invite only or the channel occupany limit has been reached
  • Can change nickname while on the channel even if the prohibit nickname change mode has been set (+d)

Note that the terms UOp, VOp, AOp, SOp, and MGR are only used when a user has a registered nickname and exists in the Access Control List (ACL) of the channel. These ACLs are managed by services and will be automatically granted by services when the user joins the room provided they have supplied positive identification to services prior to joining the channel. Therefore, they are considered permanent access since they remain until removed by a user with higher access levels.

Temporary Access Holders

Users can be granted temporary access in the forms of:

  1. Operator, denoted by the "@" symbol and mode +o
  2. Voice, denoted by the "+" symbol and mode +v
  3. User, denoted by the "-" symbol and mode +u

The differences between temporary and permanent access are:

  • Users do not need a registered nickname to hold temporary access
  • Access status is not persistent - once the user leaves the channel, access will not be automatically regained upon rejoin
  • Temporary access does not grant users the same privileges as equivalent permanently access holders, such as those privileges granted via services
  • In rooms were the OpGuard setting is enabled, temporary operator status cannot be granted
OpGuard

This is a setting that prevents users who do not currently hold AOp, SOp, or MGR from obtaining Op (+o) status in a channel. If an attempt is made to set them +o, ChanServ will automatically set them -o. This setting is turned ON by default when a channel is registered, and can prevent untrusted users from obtaining the operator status. This setting can be toggled as follows:

  • /PROP <#channel> OPGUARD ON - turn OpGuard on, only users who are AOp or above can be set +o
  • /PROP <#channel> OPGUARD OFF - turn OpGuard off, absolutely anyone can be set +o by another operator
Kicks and Bans

The ability to deal with problem users from your chatroom is a vital feature. Kicking a user out of a channel is basically booting them out of the chatroom, but they may rejoin. While banning a user will bar them from joining the channel. If a user is already in the channel and is banned but not kicked, that user will be unable to talk unless they are opped or voiced. For a permanent way to kick/ban a user, please refer to the AutoKick (also known as AKICK) feature in the commands section.

Host Masking

UnitedChat provides a feature called host masking - which hashes (hides) parts of the user's hostname or IP address to protect the user's privacy and eliminates the possibility of exposing the user to Denial of Serivce attacks. Understanding how host masking works is useful in making bans, and even more important when making AKICKs. While normal channel bans (cmode +b) will work with host masks, AKICKs do not, therefore it is essential for one to be able to identify the masked portion of a hostname or IP address.

For hostnames, the masked portion is always the first portion of the hostname, i.e. the portion

before the first "."

 

Example 1, assuming a user with the following:

Hostname: c71-106-45-104.hsd1.ca.comcast.net

This user could appear as something like:

nickname!ident@=Kjh56-683-58-495.hsd1.ca.comcast.net

For IP addresses, the masked portion is always the last portion of the hostname, i.e. the portion

after the last "."

Example 2, assuming a user with the following:

IP address: 61.105.80.12

This user could appear as something like:

nickname!ident@61.105.80.Yu68=

When making bans and AKICKs, one must more or less specify a valid user mask. A valid user mask consists of three fields:

  1. Nickname
  2. Ident
  3. Hostmask

The user mask must be in the format of: nickname!ident@hostmask, with "!" and "@" acting as separators.

When making AKICKs, remember that you cannot include the masked portion. If you do not know the unmasked portion (usually you will not), then you will have to replace the masked portion with wildcards. There are two types of wildcards:

  1. ? - replaced any single character
  2. * - replaces any amount of characters in that field

When making bans, it is important to consider whether your ban is effective in trying to keep out your intended target - i.e. if you made a nickname!*@* ban, it would be fairly trivial for one to change their nickname thus evading the ban. However, it you ban can entire Internet Service Provider (ISP), you must also consider the ramifications of keeping innocent users out.

In addition, almost all IRC clients lets you set ban masks based on nicknames thus saving you the trouble of typing out the entire user mask, for more information on this, refer to your IRC client's manual pages or you can join the chat and ask us.

 

 

Channel Protection Properties

 

Properties, or simply referred to as props, are a set of settings that applies to the channel object. Some properties are read-only, while others can be modified as well. This section will detail some useful properties that can be used to protect against floods and other undesired activities by users.

 

USERSPERIP defines how many users from the same IP address can be in the channel at the same time. This property is extremely useful in preventing clone loading. However, one must take into account this may affect users who are connected from Internet cafes and other places that deploy Network Address Translation (NAT) or is behind a CGI proxy such as CGI::IRC or mibbit. Access holders of the channel can override this property.

Command: /prop #<channel> usersperip <limit>
Example: /prop #services usersperip 3

 

JOINSPERSEC lets you specify how many users can join the channel within one second. It is particularly useful in preventing massive join floods. However keep in mind that this property is not synchronized between servers - if you have JOINSPERSEC set to five and someone loads ten clones on each server on the network, you will get up to five joins per second on each server. Even though this is the case, this property is rather effective. If someone decides to load clones and specifying them to connect to the DNS pool, it is most likely all the clones will end up on the same server because depending on their IRC client/operating system/network settings, a DNS lookup will be performed once, and then the lookup result is cached.

Command: /prop #<channel> joinspersec <limit>
Example: /prop #services joinspersec 5

 

JOINMUTE is a setting that if set, prohibits users who have newly joined the channel from being able to speak immediately. This is extremely useful in cases where your channel gets a lot of spam bots that joins, spams, and then immediately parts. It is also useful in some cases where it can give channel operators enough time to react and boot out a user before they are allowed to speak.

Command: /prop #<channel> joinmute <seconds>
Example: /prop #services joinmute 3

 

PMREPTRACK is a property that tracks repetitions of messages sent. Once the specified threshold is reached, that certain message will no longer be able to be sent.

Command: /uprop pmreptrack <repetition limit>
Example: /uprop pmreptrack 3

 

USERMSGSPERSEC lets you specify how many lines a user may send to the channel within one second. It can easily prevent text floods.

Command: /prop #<channel> usermsgspersec <limit>
Example: /prop #services usermsgspersec 2

 

REJOINTRACK can disallow a quick rejoin after the user has just parted the channel. It is very effective against join/part floods. If a user tries to rejoin too quickly, they will receive this message: "Cannot join channel: You recently parted this channel; please wait before rejoining"

Command: /prop #<channel> rejointrack <seconds>
Example: /prop #services rejointrack 5