I've advised on IRC that it's possible to set /mode <nick> +g to prevent receiving PMs.

I don't know if it's possible to set that as a default umode in ratbox - a quick glance at the ircd.conf doesn't look promising - under the general{ } block there's a setting for default_invisible = no; which in more modern IRCds was replaced with default_umodes = "+i";.

After a brief look through the code, a quick and dirty fix might be something like this:

diff --git a/src/s_user.c b/src/s_user.c
--- a/src/s_user.c	(revision 2c1ff783148489f12020f80e98fd8ce61f72a2f2)
+++ b/src/s_user.c	(date 1688504742350)
@@ -518,6 +518,8 @@
 		Count.invisi++;
 	}
 
+	source_p->umodes |= UMODE_CALLERID;
+
 	s_assert(!IsClient(source_p));
 	del_unknown_ip(source_p);
 	dlinkMoveNode(&source_p->localClient->tnode, &unknown_list, &lclient_list);

This is of course, completely untested.

I think ideally, we should be disabling private messages on irc.wikimedia.org, or at least, setting +g by default.

+g is alright as it stops the spam from getting through, but I'm still getting notifications for message attempts. Private messages should just be disabled entirely.

@SLyngshede-WMF I disagree with the "Low" priority; there is a lot of unsolicited private messages going, which is annoying even with +g set (as "XYZ is trying to contact you" notification is sent regardless). Here is a log from today (after I set +g):

floofle (~triicest@anonymous.user) is messaging you, and you have umode +g.
00:58 proepg (~vaanest@anonymous.user) is messaging you, and you have umode +g.
03:01 zuodb (~freudf@anonymous.user) is messaging you, and you have umode +g.
03:26 wriaged (~pruuzb@anonymous.user) is messaging you, and you have umode +g.
03:40 frourb (~peuzing@anonymous.user) is messaging you, and you have umode +g.
03:48 fluabn (~sneits@anonymous.user) is messaging you, and you have umode +g.
04:01 wruurk (~praisa@anonymous.user) is messaging you, and you have umode +g.
04:33 klaapd (~stoatp@anonymous.user) is messaging you, and you have umode +g.
04:50 waumly (~froeted@anonymous.user) is messaging you, and you have umode +g.
05:39 ruiringer (~greulz@anonymous.user) is messaging you, and you have umode +g.
06:30 skaems (~piovest@anonymous.user) is messaging you, and you have umode +g.
06:42 praitly (~tiucest@anonymous.user) is messaging you, and you have umode +g.
06:53 braamle (~ciutp@anonymous.user) is messaging you, and you have umode +g.
07:27 shiolm (~beecian@anonymous.user) is messaging you, and you have umode +g.
09:54 quiokd (~doolest@anonymous.user) is messaging you, and you have umode +g.
10:42 ruokled (~cruapd@anonymous.user) is messaging you, and you have umode +g.
10:45 feugd (~snaelg@anonymous.user) is messaging you, and you have umode +g.

This is 17 messages in 10 hours, nearly 2 messages per hour on average, which is fairly annoying.

Actually... I just figured I can do /ignore *@anonymous.user, which should sufficiently resolve this on the client side. But still, this represents a lot of spam messages.

I'm hoping to look tonight into whether I have the skills to sensibly patch-out PMs entirely, but I don't want to claim the task until I've got a clearer idea. I'm probably going to take the approach of just making callerid stricter, as the work to disable PMs is pretty much there with callerid.

I also don't know how this is built/packaged/etc - I see there's a standalone patch file in the repo which I assume is applied prior to the deb being built?

@MoritzMuehlenhoff did you rebuild the irc-ratbox deb for the Bullseye hosts?

In T341097#8989998, @stwalkerster wrote:

I also don't know how this is built/packaged/etc - I see there's a standalone patch file in the repo which I assume is applied prior to the deb being built?

Likely the best option would be to use Quilt with the Debian packaging (in the debian patch). Basically that means adding a diff file in debian/patches and adding the name of that to debian/patches/series (the quilt command automates this), and after that the Debian build tools will automatically apply it during the build.

In T341097#8990036, @SLyngshede-WMF wrote:

@MoritzMuehlenhoff did you rebuild the irc-ratbox deb for the Bullseye hosts?

For the WIP bullseye setup, the package hasn't been rebuilt yet (the old deb was copied over since the only dependency is libc6 anyway).

Its a much wider scope of works above compared to the simple quick fix, but have we ever looked at alternative ircds lately? From vague memories a few years ago, Inspircd can do everything our custom patches did as part its core functions and module setup so wouldn't need to (re)build packages to make changes and jsut action everything via its config files

In T341097#8991983, @Peachey88 wrote:

Its a much wider scope of works above compared to the simple quick fix, but have we ever looked at alternative ircds lately?

See https://phabricator.wikimedia.org/T134271 which was the closed as a duplicate of https://phabricator.wikimedia.org/T232483 which was then closed as a duplicate of https://phabricator.wikimedia.org/T234234

I've been having... fun... getting ratbox to compile on my Ubuntu focal desktop for testing. I've had to do some changes to includes/memory.h just to get it to compile which I'm not too happy about, along with setting the __NO_INLINE__ define.

At the moment, I've got it running with my changes, but I'm currently struggling with the m_oper.so module which means I can't test that sending messages to the channel (or even creating channels) will still function. I can confirm that changes to effectively disable PMs (mostly by hijacking the callerid umode) do work.

This is what I've got so far:

This patch does several things:

• Enables the callerid usermode by default (mode +g)
• Removes notification of incoming messages blocked by callerid (the RPL_UMODEGMSG numeric)
• Sends the ERR_CANNOTSENDTOCHAN numeric (rendered as "Cannot send to channel") instead of the ERR_TARGUMODEG and RPL_TARGNOTIFY numerics
• Removes checking of /accept lists to override callerid

On the subject of different IRCds, that thought had also crossed my mind though I was looking more at Solanum (which is a... great-grandchild(?) of ratbox), so it's configuration and structure is largely similar. The prevention of PMs entirely I'm not sure is possible in Solanum natively, but it's certainly possible to default umode +g, and default cmode +m would handle the read-only channels. Creation of channels can be prevented with the m_createoperonly module too. I'd wager it's probably less effort to migrate to Solanum than it is to InspIRCd.

For context there have been already a larger effort in the past towards moving the irc server to a newer and re-written server that serve only the required purpose of streaming changes, that would also fix the specific issue of this task among many other advantages and improvements. That work was led by @faidon and it could be resumed to be completed/productionized, assuming it gets prioritized in our quarterly planning.

Personally I'd rather put effort in moving to the new one that fixing the existing one.

The spammers have now moved on from promoting that one IRC network to posting links and ASCII art depicting lemon party and goatse (if you're lucky enough to not know what those are… just don't google them. Really. Don't.).

So some kind of solution to this sooner rather than later would be nice. Doesn't have to be perfect.

In T341097#8995420, @jhsoby wrote:

The spammers have now moved on from promoting that one IRC network to posting links and ASCII art depicting lemon party and goatse (if you're lucky enough to not know what those are… just don't google them. Really. Don't.).

So some kind of solution to this sooner rather than later would be nice. Doesn't have to be perfect.

Indeed and like Urbanecm, I disagree with the Low priority as I am getting up to 5 unsolicited messages per hour on the Wikimedia IRC server. I've just ran the ignore command so that should stop all the annoying notifications coming through, but not all users know this ignore command exists, or the +g umode.