Opened 9 years ago

Last modified 9 years ago

#11111 new defect

CTCP reply flood

Reported by: adam1213 Owned by: elb
Milestone: Component: IRC
Version: 2.6.4 Keywords:

Description (last modified by adam1213)

There is no flood protection for CTCP replies. This allows users to send many ctcp requests (eg for version) which results in a flood kick and extra server for the IRC network.

(12:00:01 PM) bot1: Received CTCP 'VERSION' (to #freenode) from bot1 (12:00:01 PM) bot1: Received CTCP 'VERSION' (to #freenode) from bot1 (12:00:01 PM) bot2: Received CTCP 'VERSION' (to #freenode) from bot2 a few more version requests... (12:00:01 PM) user1 left the room (quit: Excess Flood).

I have tested this using the default version response from pidgin and also tried using pidgin plugins to get a blank CTCP response with both of these still allowing for flood kicks due to responses.

Please add flood protection and a way of configuring it such as:

  • max per user / max total per connection)
  • do not respond to room ctcp requests (only respond to requests specifically to you rather than the entire room)
  • only respond to users logged in
  • disable CTCP replies completely
  • Some IRC networks allow for a user mode which disables CTCP however it also prevents receiving messages with "/me" in some cases)

Thanks to a freenode staffer for helping test this.

Change History (3)

comment:1 Changed 9 years ago by adam1213

  • Description modified (diff)

comment:2 Changed 9 years ago by stringSyntax

I agree this needs to be fixed. Makes it hard to auto join rooms.

comment:3 Changed 9 years ago by nick1220

I am a novice user and am having problems with this message "received ctcp version from" Is there an easy way for novice users (me) to disable it? The problem:

Every time I start or resume my computer I get a chat pop up with my saved, buddy IRC channel and a message from the same user: "received ctcp version from..."

Expected case: I can save an IRC channel in my buddies list and get a pop up only when there's a new message or I double-click on it.

Note: See TracTickets for help on using tickets.
All information, including names and email addresses, entered onto this website or sent to mailing lists affiliated with this website will be public. Do not post confidential information, especially passwords!