feat: DCC stripping in both directions to prevent IP leaks
Block all non-ACTION CTCP/DCC from client-to-server (outbound) and add security logging when inbound CTCP/DCC is stripped. Hard boundary with no config toggle -- DCC exposes the client's real IP which defeats the stealth proxy architecture. Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
This commit is contained in:
user
@@ -187,6 +187,12 @@ notify_proxy = false # use SOCKS5 for notifications
|
||||
|
||||
Only fires when no clients are attached.
|
||||
|
||||
## Security
|
||||
|
||||
- DCC/CTCP stripped both directions (prevents IP leaks). ACTION preserved.
|
||||
- All server connections routed through SOCKS5 proxy.
|
||||
- Stealth connect: random nick/user/realname on every connection.
|
||||
|
||||
## Hot Reload
|
||||
|
||||
```bash
|
||||
|
||||
Reference in New Issue
Block a user