Software-based VHosts - Yes or No?

zeke · Idler Joined: 04 Oct 2003 Posts: 325

I'm not looking to start a flame-war, just want a list of pro's and con's, or if anyone really cares. Not too long ago I disabled HostServ on a network. It was increasing the usercount (albeit by 1..), was being underused, and to a point just abused.

Today, a request was made by a user to have a vhost set for staff.his-site.com, that it would look to be more professional if it could be done.

We briefly discussed the above, but I'm looking for brief opinions. How should a typical network, acting as professionally as possible, handle vHost requests, and how should this be implemented?

So I have a quick set of responses: Yes to any request at all, Yes to any reasonable request, No, not at all, or other.

I'd appreciate an extended answer whereby an explanation is given for the response. Thanks!

ButtaKnife · none Joined: 26 Apr 2005 Posts: 38

Yes to any reasonable request.

For a further explanation, I can at least tell you how we handle them, and then you can take that with a grain of salt. Smile

When a user comes to us requesting a fakehost, we will give it to them as long as it follows our rules. Our rules are simple. The fakehost cannot reference anyone else without their permission, contain vulgar content, and if it's a domain name, the user has to prove ownership or permission to use the domain name (such as posting a note on that website).

As long as the rules are followed, we give them the fakehost. We also require that fakehosts aren't used for ban evasion, but that's a common sense rule.

]Daniel · Idler Joined: 05 Jan 2006 Posts: 317 Location: Boise, ID

What IRCd are you using, some ircd's allow spoofs like hybrid.

stephen4x · Posted: Sep 22, 2008 3:58pm Post subject:

I don't really consider it to be a big deal. As long as the host isn't "stupid" eg. *.fbi;*.gov or attacking a particular person. We don't allow any with ournetwork.com in them, as they could appear to be staff or such. With so many bnc's for like $2 now, server side vhosts dont seem as popular nowadays (just my experience). I often see as little as 1 or 2 requests in a month these days! When I started out I remember having to wait a LONG time to even ask for one, nowadays people ask on day 1, but then .. people also ask for o:lines from the get go too! Sign of the times I'm afraid. Razz

Jobe · Posted: Sep 22, 2008 4:01pm Post subject:

Well when it comes to HostServ, it's not easy to abuse until you add a method that allows the users to change their OWN vHost's.

Anope for example ships with the hs_request module which builds in a vHost requests system into HostServ which staff then have to activate before the user gets that vHost.

Other options include IRCd side vHost's using IRCd specific config options such as UnrealIRCd's vhost blocks.

katsklaw · Guru Joined: 28 Jun 2004 Posts: 1122

Other than the already mentioned reasons, another con to vHosts is that they can be turned on and off by the user in nearly all cases via a usermode, most commonly umode +x. This in a sense gives anyone with a vHost the ability to evade bans, even if it's just once. But evade none the less.

nenolod · Idler Joined: 23 Jan 2004 Posts: 335 Location: A box!

katsklaw: In charybdis, the vhost is static for the entire session.

As for vHost policy I suggest something like:

* if it looks like a valid domain: check if the user owns it or is otherwise authorised to use that domain
* if it does not, then it's ok as long as it's not offensive or lame (subjective obviously)
* no IP vHosts for obvious reasons

greg27 · Lurker Joined: 07 Oct 2006 Posts: 178 Location: Australia

my net uses the same rules as nenolod/buttaknife. we also have a sort of black list setup - if we see anyone or get reports of anyone abusing their vhost (eg. for evasion) then that user is added to the blacklist and they can no longer get vhosts.

yes to any reasonable request from me.

if you're really worried about evasion, you can (in unrealircd at least, not sure about others!) disable the user ability to set/unset umode x.

mouselike · Idler Joined: 09 Dec 2003 Posts: 271

I am goinmg with yes on this one, purely because i do believe the ircd configs are packed enough with the server/network configuration without individual user configuration of vhosts's.

imho it also makes it easier for any servoce admin or host setter to remove their vhost rather than not have ssh access to the server their ircd is supplying theim the vhost and not be able to remove it until that server admin is available.

On another scale server set vhost's can be very useful lke ircu's AC +x hidden host sytem, but can be used for ban avading like klaw stated and if they just disconnect/reconnect and auth/login to a new account.

It's down to own preference, me personally id use hostserv over config set vhosts.

katsklaw · Guru Joined: 28 Jun 2004 Posts: 1122

Jobe · Posted: Sep 23, 2008 7:32am Post subject:

greg27 · Lurker Joined: 07 Oct 2006 Posts: 178 Location: Australia

oh yea, i didn't think of that :/