New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
filter module: ability for opers to see matched lines to refine filtering #2048
Comments
I've been thinking about adding zero width joiners and other zero-width unicode characters to the list of characters that the
The current snomask system doesn't support varying messages by who they are sent to but this could be a good compromise once we resolve that.
The problem with this is that user modes can be set on connect and by opers with |
Context: filtering the recent/current spamwave
Problem: filtering e.g. non-printing characters like '2060 Zero Width Joiner' prevents opers from seeing the message that triggered the filter making it impossible to refine the rules.
Detail: one of the first filters I currently use filters lines containing non-printing characters as the current spammer uses them to make matching the spammed string harder. This filter only 'block's to not 'zline' (or apply any other severe action against) legitimate users innocently copy-pasting something containing such a character.
The line this filter blocks may contain other content (like a URL or any other string) that would be a more specific match for filtering the spam with a more specific filter rule. Not seeing the original line prevents admins from taking more severe action (like a 'zline') against the spammer.
I’m not sure what would be the best solution here, that would also account for:
but I have a few ideas:
But, TBH, I don’t see much of a value in trying to prevent server operators from covertly snooping on private conversations where the server controls who sees what. The intention is definitely noble but in the end the admins can just circumvent this by adjusting the code or loading some module they wrote to still see everything. Users implicitly trust the network when they do this. So IMHO it’s more important for opers to be able to see these messages for combating a spamwave. I think the first idea above might be a good compromise or not even violate the intention of the quoted text above.
The text was updated successfully, but these errors were encountered: