*shameless bump* ^ Look into IRC user/host masking, it's a great tool that IRC server ops and mods use to manage bans and other things. Here's a quick rundown:
With every message that a user sends, its full identity is sent. This is the part at the beginning of the message, and it looks like this:
:nonemu!adam@shinobi.nonemu.ninja
It consists of 3 parts:
- The "nickname," which is after a : . This is what most clients display as your name when you join a channel and is guaranteed by the server to be unique at any given point in time. However, it may change during a session.
- The "username," which is after a ! . This is another string provided by the user when it sends USER at the beginning of initialization. Some bots won't let you change it easily - mine uses the username of the system user that ran the command. This can _not_ change after you have connected, but is not guaranteed to be unique between simultaneous users.
- The "hostname," which is after a @ . This is a string assigned to the user by the server which is based on the IP address / reverse DNS hostname of the machine connecting to the server. Some servers attempt to conceal the hostnames of their clients by "host masking," which is an unrelated term that just means hashing or otherwise cryptographically obfuscating their hostname and sending that string in place of their actual hostname. Either way, it functions as a reliable method of identifying users, as it is guaranteed to be consistent as long as the user does not change their originating IP.
How to apply this? The IRC protocol allows you to place wildcards in the mask, like *!*@98.25.36.192 will match with all users whose hostname is 98.25.36.192 (ie, that is where they connected from). You can also combine wildcards with text, for example: *!*@*.cn will match hostnames ending in .cn (Chinese TLD). This is a fantastic way to identify users, at least for whitelisting, because it's very difficult for someone to spoof your IP unless you give them access to a machine with that IP. If you want to see an implementation, here's mine for Samurai. I substituted regular expression phrases for the wildcards so I could use Java's built-in regex utilities. It works well for me; though I could probably find a few bugs like unescaped characters now.
With every message that a user sends, its full identity is sent. This is the part at the beginning of the message, and it looks like this:
:nonemu!adam@shinobi.nonemu.ninja
It consists of 3 parts:
- The "nickname," which is after a : . This is what most clients display as your name when you join a channel and is guaranteed by the server to be unique at any given point in time. However, it may change during a session.
- The "username," which is after a ! . This is another string provided by the user when it sends USER at the beginning of initialization. Some bots won't let you change it easily - mine uses the username of the system user that ran the command. This can _not_ change after you have connected, but is not guaranteed to be unique between simultaneous users.
- The "hostname," which is after a @ . This is a string assigned to the user by the server which is based on the IP address / reverse DNS hostname of the machine connecting to the server. Some servers attempt to conceal the hostnames of their clients by "host masking," which is an unrelated term that just means hashing or otherwise cryptographically obfuscating their hostname and sending that string in place of their actual hostname. Either way, it functions as a reliable method of identifying users, as it is guaranteed to be consistent as long as the user does not change their originating IP.
How to apply this? The IRC protocol allows you to place wildcards in the mask, like *!*@98.25.36.192 will match with all users whose hostname is 98.25.36.192 (ie, that is where they connected from). You can also combine wildcards with text, for example: *!*@*.cn will match hostnames ending in .cn (Chinese TLD). This is a fantastic way to identify users, at least for whitelisting, because it's very difficult for someone to spoof your IP unless you give them access to a machine with that IP. If you want to see an implementation, here's mine for Samurai. I substituted regular expression phrases for the wildcards so I could use Java's built-in regex utilities. It works well for me; though I could probably find a few bugs like unescaped characters now.
I'M BAAAAAAACK!