IRC-Junkie.org – IRC News

All about Internet Relay Chat

Atheme / InspIRCd m_invisible brouhaha

Those who closely follow either projects development will have noticed a few “odd” looking commits to their sourcecode in the past few days.

The commits all concerned InspIRCds m_invisible module which provides similar functionality as the old mode +I in UnrealIRCd 3.1.x.

Quoting the InspIRCd wiki page about m_invisible the module

adds support for quiet (invisible) opers. A quiet oper is invisible to normal users on channels. This can be used for surveillence of botnet channels, statistics bots, etc. Note that other opers CAN see invisible opers; +Q only hides the oper from non-opers.

The brawl emerged when Atheme developer nenolod commited a few changes to the services packages that would make such a join visible to channel members by announcing that “Channel security has been compromised” because an invisible user has joined.

This commit was followed up by danieldg of the InspIRCd developer team who moved the module out of the main – and therefore by default included – modules into the seperate “inspircd-extras” repository, but only in the 2.0 beta and 2.1 pre-alpha branches.

The initial commits to Atheme have since been reverted but there now are checks for m_invisible being loaded and the services package now refuses to link if it spots the module being present.

The module, referred to as “morally unacceptable” and “not … ethical” by nenolod, has legitimate uses such as “private networks inside offices, with special uses, those do need logging and accountability, most of them even disable private messages entirely” said developer Brain when asked about his views of this whole situation. They wrote it because “users asked for the module” and his opinion is that it “should be kept, and we’re keeping it, in third party”.

Brain says to him “it’s all about choice, the choice to run the modules or not to, we aren’t going to tell people whats right and wrong” and that “people are sensible enough and educated enough to decide for themselves”.

What’s your opinion about this? Do you use m_invisible on your network? And if so, do you tell your users that such a module is loaded? Guns don’t kill, people do?

  Copyright secured by Digiprove

ShadowIRCd 6.0.0 released

ShadowIRCd, a project that died off in 2004, has been revived and is now based on the charybdis IRCd.

The IRCd, formerly based on IRCd-Hybrid, brings a whole lot of features and enhancements that can be considered useful for opers and users alike.

New features include lots of user & channel modes like the implementation of usermode +C (blocks CTCPs) and +G which prevents users from messaging you “unless you’re both on at least one channel together”. Usermode +V prevents users from getting invites from others, to which coder jdhore says that “as far as I’m aware no other IRCd has”.

Useful channelmodes like +T which prevents notices to channels, +G stops messages with more than 50% caps in them and chanmode +K which blocks repeated messages to channels “regardless of who they’re from”.

Opers will like features such as being able to see the users modes in a /whois as well as secret channels the user is in without having to resort to a /spywhois. Oper-override has been modified and needs a special usermode set on ShadowIRCd. Once the oper sets himself +p he’ll be able to use the override but it’ll unset itself after a configurable amount of time.

All in all this looks like a very promising IRCd which according to coder jdhore, doesn’t “try to compete with other established IRCds” but that they’re trying to “make what we find to be the absolute best IRCd possible”.

The changelog can be found here and the homepage of the project is here.

Are you going to consider using this IRCd on your network and if not – why?

InspIRCd 2.0 beta 4 released

The InspIRCd team brings us another fresh release of the upcoming generation of their IRCd – InspIRCd 2.0 beta4.

The features and enhancements that are introduced with the new branch are huge and tops those available in the 1.2 stable branch in every aspect.

And just as in the stable version, every feature, every mode and every module can either be enabled or disabled – customize your IRCd the way you want it.

The features the team ponders to implement are listed on their Roadmap page in their Wiki – a list with already programmed features can be found here.

If you want to try the upcoming generation of the IRCd, you can grab the current beta here – the changelog is available here.

UnrealIRCd team releases patch against Firefox XPS Attack

In a posting on the UnrealIRCd project website, coder Syzop announced a module that can help mitigate and completely stop the so-called “Firefox XPS Attack” (NSFW link).

The attack, which exploits the fact that malicious JavaScript can send arbitrary data to a wide range of ports, gained publicity when it was used against the freenode network over a period of a few weeks.

Even though the Mozilla project has a blocklist of ports that are specifically not allowed to be communicated to, the port commonly used by IRC networks (6667) was not on those lists.

The attack – which ironically doesn’t affect Safari, Internet Explorer or Firefox with the NoScript extension – only works if the targeted IRC server does not use anti-spoofing measures before proceeding to the login phase.

UnrealIRCd generally is immune to the threat when it was compiled with the NOSPOOF feature which is enabled by default for the Windows builds but an option that defaults to “no” on Linux (“Do you want to enable the server anti-spoof protection?” – the first question on ./Config).

With the module you can now instantly K/G/Z:Line such connections and therefore prevent them from filling up connection slots which might cause a DoS situation before they eventually time out. For maximum efficiency it is recommended you use both the module and the NOSPOOF option, however one works fine without the other.

To test whether your IRCd is vulnerable or the implemented measures against the attack are effective you can find the code that has been used against freenode here.

Thanks for the tip go to katsklaw!

charybdis IRCd 3.2.0 released

The charybdis IRCd, an IRCd that “started as an evolution from ircd-ratbox”, is now available as version 3.2.0.

The new release has loads of feature enhancements and bugfixes, some of which have been backported from ircd-seven – a fork of charybdis that is used on the freenode network.

The actual changelog is way too long to post in full, however networks already running the IRCd probably will benefit from the fixes found in this release since there have been some unspecified “crash issues” fixed.

The download can be obtained from here or checked out from their mercurial repository here.