[Pidgin] #11111: CTCP reply flood

Pidgin trac at pidgin.im
Sat Jan 9 09:22:02 EST 2010 

#11111: CTCP reply flood
----------------------+-----------------------------------------------------
 Reporter:  adam1213  |        Owner:  elb
     Type:  defect    |       Status:  new
Milestone:            |    Component:  IRC
  Version:  2.6.4     |   Resolution:     
 Keywords:            |  
----------------------+-----------------------------------------------------
Description changed by adam1213:

Old description:

> There is no flood protection for CTCP replies. This allows users to send
> many ctcp requests (eg for version) which results in a flood kick and
> extra server for the IRC network.
>
> (12:00:01 PM) bot1: Received CTCP 'VERSION' (to #freenode) from bot1
> (12:00:01 PM) bot1: Received CTCP 'VERSION' (to #freenode) from bot1
> (12:00:01 PM) bot2: Received CTCP 'VERSION' (to #freenode) from bot2
> a few more version requests...
> (12:00:01 PM) user1 left the room (quit: Excess Flood).
>
> I have tested this using the default version response from pidgin and
> also tried using pidgin plugins to get a blank CTCP response with both of
> these still allowing for flood kicks due to responses.
>
> Please add flood protection and a way of configuring it (eg max per user
> / max total per connection)
>

> Thanks to a freenode staffer for helping test this.

New description:

 There is no flood protection for CTCP replies. This allows users to send
 many ctcp requests (eg for version) which results in a flood kick and
 extra server for the IRC network.

 (12:00:01 PM) bot1: Received CTCP 'VERSION' (to #freenode) from bot1
 (12:00:01 PM) bot1: Received CTCP 'VERSION' (to #freenode) from bot1
 (12:00:01 PM) bot2: Received CTCP 'VERSION' (to #freenode) from bot2
 a few more version requests...
 (12:00:01 PM) user1 left the room (quit: Excess Flood).

 I have tested this using the default version response from pidgin and also
 tried using pidgin plugins to get a blank CTCP response with both of these
 still allowing for flood kicks due to responses.

 Please add flood protection and a way of configuring it such as:
 - max per user / max total per connection)
 - do not respond to room ctcp requests (only respond to requests
 specifically to you rather than the entire room)
 - only respond to users logged in
 - disable CTCP replies completely


 - Some IRC networks allow for a user mode which disables CTCP however it
 also prevents receiving messages with "/me" in some cases)

 Thanks to a freenode staffer for helping test this.

--

-- 
Ticket URL: <http://developer.pidgin.im/ticket/11111#comment:1>
Pidgin <http://pidgin.im>
Pidgin

More information about the Tracker mailing list