IRSSI IRC Client on a transparent black background overlaying FresRSS

G-lined by Undernet? Welcome to the world of 2020

David Rutland
David Rutland Internet

We’re old school here at Linux Impact. We entered our teen years in the 90s, and we have a love of retro-futuristic tech and software. If you could imagine it looking at home in Hackers or The Matrix or Blade Runner, the chances are good that we sporadically run it on our home system. Because, believe it or not, the old protocols still work, and if we developed a particular way of doing things back in the 90s and it still works today, we’re still going to be doing it.

A prime example is IRC - Internet Relay Chat - which is an application layer protocol that facilitates communication in the form of text on a client/server networking model.

We’ve been accessing IRC through a variety of clients since back in 1995 when we were running aMIRC on our much-loved Amiga 1200, later moving onto mIRC on Windows, Icechat, and a few others. Currently we’re running IRSSI - a terminal based client, on Linux.

Among other things, we use it to nab reading materials from our favourite book warez channel on the undernet server, having followed its migration from EFNET a decade or so back. More than 20 years, and we’ve never had a problem.

A few nights ago, attempting to connect to undernet, we were greeted with this message:

AUTO [0] (redacted) Infected with a virus or trojan, please clean your system. (P268). Closing Link: [redacted] by Miami.FL.US.Undernet.Org (G-lined)

Infected? My system is clean.

G-lined? What the hell is that?

A quick search revealed that to be G-lined is to receive a global ban based on our IP address. FOREVER.

Oh shit.

Banning a specific IP address from a service is weird and, like IRC itself, somewhat outdated. Most residential addresses have dynamic IPs assigned by their service provider, so for most individuals the ban would expire as soon as they were assigned a new IP by their ISP.

Handy hint - rebooting your router will usually promt your ISP to give you a new IP address.

Banning an IP will also block everyone using that IP - it doesn’t target an individual, it targets a network and every device connected to that network. Blocking a single IP could block an entire business, or a university, or a hospital. Yeah. That sucks.

We fired off an email to abuse@undernet.org:

> Hi there, > I’m being continually booted from undernet servers with the message: > /AUTO [0] (redacted) Infected with a virus or trojan, please clean your > system. (P268). > Closing Link: redacted by Miami.FL.US.Undernet.Org (G-lined)/ > My system is fine & I’m not infected with anything. I connected through irssi > without problem a few minutes before switching to hexchat. What’s the problem?

The response was swift and, presumably, automated:

Hi

Match found: (Glined 50m24s ago) P[268] (tulip) G-Lined BV— redacted42069 ~redacted@static-redacted.vodafonexdsl.co.uk redacted | realname

This client was found connecting to the Undernet IRC network. If this is you, I suggest you change your nick/user/realname infos to look less like a drone.

If this wasn’t you, then a computer connected to your internet connection is most likely infected with a virus.

I am whitelisting your ip for 24 hours. If the client listed above was you and you don’t change your nick/user/realname info, you’re going to get g-lined again

Regards

-Abuse

Okay, we definitely don’t have a virus, but something is making us look like a drone. Cool - what could have caused that? Could it be that because all of our usual nicks had been taken, we reverted to the level of a 14 year old and appended "42069" to the end of our nick?

Does Undernet autoban juvenile naming conventions? Who set that rule up?

So, my nick needed to match my supposed real name and my email address. Yeah, that’s not going to happen. Most IRC clients don’t even give users the ability to set a supposed real name, and the email address I put in on the rare occasions I bother is d@d.com.

It’s a hangup from the long gone days when IRC was mostly run on university networks and its users were students and academics with .edu addresses.

We’re not planning to verify ourselves to an antique.

As of now, we’re still g-lined, and as we have a static IP at home that’s not likely to change soon. We have a few ideas for a way around it though - and they’re so antique it’s almost embarrassing. We’re not going to share them here.