IRC-Junkie.org – IRC News

All about Internet Relay Chat

A Day on QuakeNet

A nice visualization of a normal day on the “largest internet relay chat Network in the world” brings us meeb of QuakeNet:

He goes on to write that the video shows “one day of activity, 24 hours, midnight to midnight in UTC, on the QuakeNet IRC network summarised into a 12 minute data visualisation” and that “each dot represents a new user connecting to the network, there are some 400 new connections per minute on average in this visualisation”.

The data which the video was rendered of has been “collected strictly anonymously at a high level” by a network service that “already stores connection data in memory” meeb emphasizes.

Talking about the technical aspects of the video, meeb explains that the “final visualisation was produced using processing” – the total amount of data processed was 14GB that took about 8 hours on a fast PC according to meeb.

The resulting 1080p video was about 8GB in size for the 12 minute visualization and re-rendering that into a h264 video took “another 5-6 hours”.

For more information, read the original post here.

And yes, now i’m curious on how such a visualization would look like for other networks :)

  Copyright secured by Digiprove

ii – A Filesystem-based IRC Client

There are many different IRC clients out there and no matter what your preferences are, you’re almost guaranteed to find one that will suit your needs.

Most clients today provide some sort of graphical user interface or come with an ASCII-based interface. And while the latter, CLI-based clients, are commonly thought to be the most basic variant of an IRC client, i was surprised to find a client that manages to be even more plain: ii or IRC IT.

ii is a “minimalist FIFO and filesystem-based IRC client”, meaning every channel, private message and other server communication is represented by a directory containing an in and an out file.

Even though its sourcecode is just under 500 lines, it supports the most basic commands like joining and parting, changing nickname and setting topics. All other commands currently not understood by ii can be written as per the RFC and will get sent directly to the server then.

Using standard Linux/Unix commandline-tools like echo, cat, tail and grep you can control IRC IT which almost behaves like a normal IRC client then.

Join a channel? Sure, just echo “/j #yourchannelname” > servernamedir/in and you’ll join that channel, creating an out file you can monitor with tail -f.

ii Channelview

ii Channelview

After a little while, your directory structure will look like this:

ii Treeview

ii Treeview

Users of the vim editor who always looked envious at the Emacs editor because of its built-in IRC client ERC – fret not: This blog-post details how to configure vim to be used as an IRC client in combination with ii.

So if you feel like trying something new, grab ii from here and after a fast and hassle-free compiler-run you’re up and running – Who knows, maybe you’ve got a favourite new IRC client?

  Copyright secured by Digiprove

KVIrc 3.x and 4.x Remote Command Execution Vulnerability

All current versions of the KVIrc IRC client contain a remotely exploitable command execution vulnerability, including builds of KVIrc 4 from subversion up to revision 4692 as well as the older 3.x versions.

The bug, triggered by inserting carriage returns (r) into DCC GET commands, can be used to execute every command the IRCd understands in the context of the user running the vulnerable client instance.

To check if your version is exploitable you can either take a look at the “About KVIrc” tab under “Help” and check the revision or execute the following command on IRC:

/echo $version

To make matters worse, whole channels can be exploited at once if they don’t have a mode set that disallows CTCPing them.

A quick workaround is to execute the following command, effectively preventing those “failed” DCC handshakes to be notified and disabling the bug:

/option boolNotifyFailedDccHandshakes 0

To see if you’ve already been exploited you can take a look in your server window and search for lines that look similar to these:

[01:27:46] Processing DCC GET PRIVMSG #kvirc :I’m owned
request from ATTACKER [ATTACKER@HOSTNAME] (DCC GETrPRIVMSG40#kvirc40:I’m40ownedr)
[01:27:46] Unable to process the above request: Unknown DCC type ‘GET PRIVMSG #KVIRC :I’M OWNED ‘, Ignoring and notifying failure

Updated builds of KVIrc are available on their homepage – some distributions also already have updated builds in their repository. If you can’t update because your distribution is not among the one with updated builds, the workaround helps to not fall prey to any possible attackers.

Original report on KVIrc bugtracker
Advisory on Secunia.com

  Copyright secured by Digiprove

mIRC 7.1 Final is out

The “mIRC Unicode project” was successful it seems and Khaled Mardam-Bey just released version 7.1 of his famous IRC client.

The project to convert mIRC to Unicode has taken almost two years of development and testing and has required tens of thousands of changes to 150,000+ lines of source code. This has been the most complex and time-consuming update to mIRC since it was created in 1995, when it started out as a non-Unicode, 16-bit, Windows 3.1 application.

When looking at the changelog, there have been made well over 180 bugfixes and feature enhancements since mIRC 6.35 so it comes as no surprise that according to Khaled “many areas of mIRC have had to be updated or re-written” but should result in it “being faster, more stable, and more compatible with the latest versions of Windows”.

Aside from being converted to Unicode, the client gained a few new features too:

mIRC now supports configuration via UPnP which automatically opens ports for DCC on compatible routers and you may put it into full distraction fullscreen mode with the F11 key, starting from Beta 6.

You can take a look at the history of changes either on our own posting here or in the changelog that is supplied with the client itself which is available from the usual location, here.

Thanks for the tip go to wayne!

Copyright secured by Digiprove

Eggdrop 1.6.20 – now with TCL 8.6 support

Eggdrop 1.6.20 has been released and marks the first release put together by the new developer  team.

Eggdrop is a mature IRC bot that has been in development since 1993 and this new release once again brings new features, lots of bugfixes and enhancements.

For starters, Eggdrop can now be compiled against TCL 8.6 and amongst “numerous minor issues and potential crashes fixed” there also have been issues with the 64-bit binaries crashing on FreeBSD and NetBSD resolved.

Interesting new features include full CIDR support for userhosts and modes b, e and l. Channel sync time has been improved by querying aforementioned modes at once and removing “redundant commands”. The charset detection on Telnet and DCC partylines now works better and according to developer thommey you should “never have to use .fixcodes” again.

The TCL event loop has been replaced and now allows events to be triggered without a delay – previous versions had a minimum delay of one second between TCL events, no matter how low the timer has been set.

Security issues resolved since 1.6.19+ctcpfix are proper checking of the .+chan command which could have changed the need-* channel settings in the past.

If you’re running 1.6.20rc2 you can keep using it as there where no changes between it and the final release, others might want to update: The updated sourcecode can be grabbed from their homepage, the full changelog is supplied in docs/Changes1.6 and a summary of the most important changes is available here.

  Copyright secured by Digiprove