IRC-Junkie.org – IRC News

All about Internet Relay Chat

Quakenet Gets a New Website


(Click for a larger image.) 

On February 8 2012 the world’s biggest network, Quakenet, got a new website. In comparison to the old, this new one is more of a Web 2.0 site with aesthetically pleasing URLs, the same design throughout all pages and a lot simpler to navigate. In the top-right corner there’s a flag which indicates the website might feature localization in the future. The translations will then be done by a team of already known people, to ensure accuracy.

The live statistics are now being updated periodically. In the old website, they were last updated on 8th of February 2005.

The Columns section has been renamed to Staff Articles. No new articles have been written, although the old ones (with the oldest dating back to February 2002) have been transferred over.

Something that’s new in this version of the site is a Privacy Policy page. It’s currently empty, but something will be written there once a law or similar that might require logging gets implemented. Currently not logs are kept, except “standard apache logs and extremely generic stats”, meeb says.

According to the (also updated) About page, the site was written in Django, a language that’s become increasingly used lately.

The left bar now shows the two latest news items, instead of a list of help topics, like it did before.

8 items in the main menu, which now are located right below the logo, have been removed. Some of them have been relocated to sub-pages and some have been removed. One of the removed ones is the Forum link, which has been dead for a few years. No forum is currently present, but there might pop one up in the future.

The logotype has been updated to a very simplistic one, made in only two colours. The primary reason for this was because the old logotype wasn’t owned by Quakenet. All content, including the new logotype, is now owned by Quakenet, as stated in the footer.

In addition to the user and channel statistics provided by Netsplit.de and SearchIRC, Quakenet now hosts a page with official statistics. It features line diagrams for both users and channels, and users can choose to look at either the last 24 hours, the last week or the last year.

One interesting feature that’s pretty unique for IRC networks’ websites is that the server list automatically calculates the distance from you to each server. Along with that, each server has its location and its current user count periodically updated.

This is not the end though. Behind the scenes there’s a long list of awesome features that may or may not be added to the site in the future, meeb says.

EGs Project for Atheme

EGs (EpicGeeks Services) is the newest Open Source Web Interface for the Atheme IRC Services Package. It was developed by Joseph Newing (synmuffin), a developer living and working on Ontario, Canada. J. Newing is currently the only developer of the EGs Project.

The requirements for running the EGs Project

EGs currently has support for the following:

  • ChanServ – Channel Info, Topic Changes, Kick/Ban/Akick A User, Channel Flags.
  • NickServ – Nick Info, Password Changes, Email Changes.
  • MemoServ – Read/Send/Receive/Forward Memos.
  • HostServ – View Available vHosts, Request New vHost.
  • OperServ – Global Messages, Akill, Set SuperAdmins, Load/Unload Modules, Rehash Services.

The EGs Project is currently in 3.1 Beta Version, Released on Feb. 24th, 2012. It works with the latest stable version of Atheme IRC Sevices as well as a few older versions. The project has Https support as well as New User Registration.

EGs is currently taking feature requests, as well as allowing features to be developed and sent to synmuffin to review and possibly added to the public version. If you think you deserve access to the git repo, please come talk to synmuffin on IRCMojo

More information can be found at the EGs Development Page

IRC Defender arbitrary code execution exploit

Yesterday, news broke that there is an arbitrary code execution exploit within the still popular IRC security service IRC Defender which is, according to the reporter, being actively exploited.

The flaw is said to be within the InspIRCd link module for which a patched version exists, but according to the original post to the IRC-Security mailinglist there are more flaws within the InspIRCd link module and also within the UnrealIRCd link module.

The original poster on the mailinglist suggests to get rid of IRC Defender immediately and to replace it with something else (have a look at Omega Security Services) and also to check for signs of recent intrusions which have taken place on or after 15th November. He also urges to look out for rogue entries in ~/.ssh/authorized_keys and look for suspicious processes.

So far, at least three networks seem to have been exploited due to this flaw – the highest profile victim so far seems to be the hack of the AnonOps network which also seems to have been possible due to that flaw – contrary to the rumored Anope 0-day.

Original post on the IRC-Security mailinglist is here (needs registration).

Thanks to alyx for the tip etc!

The patched inspircd12.pm link module can be obtained from here.

  Copyright secured by Digiprove

UnrealIRCd 3.2.9 – New stable version after 2 years

UnrealIRCd, the IRCd that still dominates the usage statistics of all IRCds, has seen another stable release and is now at version 3.2.9.

After 2 release candidates and with 212 changes and bugfixes – almost the same amount as the last three stable releases combined – among which is a “substantial amount of new features” as Syzop writes in their announcement.

He thanks everyone that made this release possible but especially mentions binki who did a “considerable amount of work to make this release possible”.

And indeed, there is a large amount of changes – for example:

  • Extended Bans (new modes introduced, ban stacking behaviour)
  • Extended Invite Exceptions / Invex
  • New Channelmode +Z which works in conjunction with +z (SSL only) and is set once every joined user is on SSL which might not be the case during netsplits/-joins
  • Remote MOTD support
  • Remote includes caching so that an old version of a remote include is loaded in case the webserver containing the include is down
  • /rehash -global – rehashes all servers at once
  • STARTTLS – connect to a “regular” port SSL encrypted
  • IPv6 clones detection support, defaults to /64

A small excerpt of the bugs that have been fixed:

  • Low connection frequencies (connfreq) no longer pose a problem due to reworking the corresponding code
  • IPv6 related fixes
  • an obscure crash bug that only occured rarely on outgoing connects

Work on UnrealIRCd 3.3 already has begun and is, according to development plans, the replacement for the often retried and ultimately failed rewrite which was to be released as UnrealIRCd 4.

The release announcement can be found here and the full changelog for changes since UnrealIRCd 3.2.8.1 is here (you need to scroll all the way down).

  Copyright secured by Digiprove

Mibbit has been compromised

On August 14 a cracker group claiming to be “hackers” named HTP broke into Mibbit, the popular web chat client for IRC. According to their temporarily “rescue” blog the break-in only affected their IRC network, their primary blog and their Wiki. NickServ passwords in clear text were released later the same day by the HTP, as well as personal information regarding several staff members. Both their IRC O-line passwords as well as their NickServ passwords, home addresses and phone numbers were published to the public via a range of file hosting services, and Pastebin.

Something perhaps even more concerning is that the group has revealed not only channel logs, but logs of private messages. It appears like Mibbit has been logging what people have said in PM to each other over their network. According to official statements, this was only a test. Some people have heard that Mibbit has been logging all messages going through their systems. Mibbit has never logged anything, unless a user wants to enable logging. The leaked message logs were captured by a staff member, and not by Mibbit’s system, according to official statements. While this is fully legal, the level of ethicality has been questioned.

The web IRC client that can be used to connect to almost any other network, which is what made them famous, has not been affected. It is operating normally.

All NickServ passwords were stored in plain text, and that raised a concern for those who are interested and engaged in enforcing security. According to staff member pottsi password hashing was not done because that would “means sendpass and getpass would not work”. Another staff member, Joshua, claimed that password hashing was not done because it was too much work to convert all passwords. This has however proven to be incorrect, at least if they used a plain copy of Anope. In Anope’s module database, there is a module called enc_switchover. It’s fairly easy to migrate from one encryption method, or none, to another, using that module. In addition to that, the Anope module ns_resetpass will allow users to reset their passwords despite encryption taking place.

Many people, especially IRC administrators, are now questioning Mibbit’s reliability and some are considering to block access from the web service, just like one of the largest networks, freenode, did a couple of years ago. This is mainly due to the question whether they log messages there too, which would go against many networks’ policies.

The Mibbit team is now working very hard to bring all services back up again. At the time of writing, ChanServ and NickServ on their network is down and staff members are forced to use /samode if they need to get op. They advice everyone who had a NickServ account registered in April or earlier, this year, to change password.

  Copyright secured by Digiprove