Why You Should Move to Using Authentication

Published:
By ClAdmin
Category: IRC Tags: #help authorisation SASL support Technical Help

As many of you know, because you’ve either gotten caught in one yourself, have talked to others who have, or have seen the admins discussing it wherever, we use CIDR bans on Cuff-Link to help cut down on malicious activity. A CIDR ban locks the door on an entire range of IP addresses, and we use them almost exclusively for ISPs around the world who use dynamic (revolving) IP addresses and for servers (VPN, VPS, etc.).

We’re recommending that people move to our authentication servers to be preemptive. Unfortunately, with some ISPs, it’s very easy to get a new IP issued, and in the case of mobile data connections, every time a tower switches, you’re liable to get a new IP. Abusive users have, of course, figured this out, so that in addition to proxy lists and free VPN/VPS services with multitudes of IPs, caused us to increase the amount of CIDR bans we use.

There is a solution though! In order to use our authentication service, you need:

  1. A registered nickname – please note, if you do not wish to use your regular email address for this, it would be best to create a permanent address somewhere that you will have access to in the event you lose your password.

  2. A client capable of SASL Authentication – have a list of supported clients here for multiple operating systems as well as instructions on how to set things up. Please note: While it somehow remains very popular, we do not support mIRC any longer for anything. There is a note on the post about how to set it up, but we will not assist if it doesn’t work, goes awry, or you can’t figure it out. The better alternatives are HexChat] (OS X, Windows, *nix) or AdiIRC

And that’s all there is to it.

A short list of ISP types and providers that we frequently put CIDR bans in for (this list is not remotely complete, but is composed of a big chunk of the usual suspects):

  • Mobile data ISPs everywhere around the globe.
  • ISPs located in:
    • Australia
    • Eastern Europe
    • Germany
    • UK
  • Small telecommunications and satellite providers in the US and Canada – these are notoriously insecure and wind up on proxy lists.
  • Free VPN, VPS, and bouncer providers.
  • Amazon AWS.
  • Vultr (One of Cuff-Link’s owners actually uses Vultr, and must use the authorisation system to get on. She also has to use it for her mobile data. Even the admins aren’t exempt from the CIDRs!)
  • DigitalOcean
  • Linode

As an added note, it would be a good idea to get properly familiar with our Terms of Service. **[Nicknames will be suspended if you are connected from an IP over authorisation and violate the ToS, at which point you will need to use our support system to file a ticket to discuss. The easiest way to avoid this, of course, is to familiarise with the rules. As always, we cannot see things in channels we are not parked in nor can we read PMs – breaking the rules out of our direct purview comes with the risk of being reported by others.

/join #help on the chat network for more information as well!

Cheers,
Cuff-Link Admins.