Skip to content

IRC Policy

Blocked by Default

Outbound IRC traffic is blocked by default on all VMs and dedicated servers.

Blocked ports: 6660–6669 (plain), 6697 (TLS), 7000, 9999.

Applies to clients, bouncers (ZNC, soju, etc.), bots, and IRC servers. Connections are rejected with connection refused — your client gets an immediate, unambiguous error.

Why

IRC has been the lingua franca of botnet C&C and skid drama for 25 years, and it still is:

  • DDoS attacks targeting IRC users routinely saturate upstream links and trigger null-routes affecting every customer on the same /24
  • Botnet C&C patterns get our IP space onto Spamhaus DROP and similar lists, breaking outbound mail and API calls for everyone
  • Per dollar of revenue, IRC users generate the highest abuse-ticket volume of any customer category

Exceptions

We've opened in the past

  • Personal bouncer (ZNC, soju) for a single user with verified identity and clean history
  • IRC client as part of a documented operational workflow (alerting, ChatOps to a private network)
  • Connection to a specific, named IRC network with documented reason

We don't open for

  • Public IRC servers (ircd, UnrealIRCd, InspIRCd, ergo, etc.)
  • Multi-user bouncer services
  • "Freedom of speech" networks that have been kicked off other hosts
  • Anything related to channel takeovers, attack coordination, or "stresser" communities

How to Request an Exception

Open a ticket with:

  • Which network(s) you need to reach
  • Whether it's a client, a bouncer, or something else
  • Approximate connection count and uptime pattern
  • Your handle/nick on the relevant network if you've been there a while

We'll either open the specific destination or say no. We don't open the ports network-wide for individual customers.

Conditions When Opened

Rules that apply

  • Per server, not per account — opening IRC on one VM does not open it on others
  • Specific destinations onlyyour-vm-ip → specific-network-ip:port, not your-vm-ip → anywhere:6697
  • Traffic is monitored — high connection counts, flood patterns, or any DDoS targeting your IP results in immediate rule removal
  • No transfer of permissions — if a VM is rebuilt, reinstalled, or migrated to a new IP, IRC access resets to blocked
  • Account-wide abuse — if you generate abuse tickets from any other service, IRC permission is revoked first