IRC-Junkie.org – IRC News

All about Internet Relay Chat

DALnet releases Bahamut IRCd 1.8.6

After more than 2 years of silence the DALnet Coding Team released a new version of Bahamut, an IRCd mainly used on DAL.net.

First being released as version 1.8.5 there was a bugfix-release shortly thereafter as a bug has been found in channelmode +c which sometimes not only prevented control-characters as bold and underlined being sent but also stripped legitimate messages that contained certain arabic and hebrew characters.

We took the time to ask Epiphani – the Coding Teams Team-Leader – a few question about his IRCd and the history of it:

- The last release, 1.8.4, was over 2 years ago – why did it take so long for 1.8.5 (and now 1.8.6) to be released?

It’s mostly been two reasons:

1. We didn’t really have a lot of minor things we wanted to work on.

Bahamut has been stable and effective for several years, and while there is enhancements that we’d like to implement, those enhancements are more major changes than they are small updates.

We did have a few fixes come through the pipe, such as security fixes and minor other fixes (such as updated x64 support), and we decided to roll them into a patch release.

2. Life gets in the way of open source development sometimes.

At present, the team is mostly idle as life has started eating most of their time. I’ve had a few changes in my life recently that have allowed me to put more time into Bahamut once again, so I’m hoping we can revive some development.

We’ve also changed some of our processes (including a move from subversion to git) so we’re hoping to get more involvement from the community in the future.

- The list of changes introduced with this release does look small compared to the ones introduced with 1.8.4 – what, in your opinion, are the most important ones?

Mostly the security updates.

For example, we removed zlib from the distribution and made it an external dependency, due to security updates from the zlib people – we didn’t want to have to release every time zlib has an issue.

There were also a few fixes for “IP leaks” where hub IPs could be shown to normal users in certain edge cases.

- Are there any changes that are noticeable on the user side of things?

Nope, not in this release.

- When did the development on Bahamut start and why?

I believe the project kicked off sometime in late 1998, with the first public release in 1999. I can’t really remember, that was a good while ago.  :)

The Bahamut project came about due to some of the performance concerns around the former DALnet ircd, Dreamforge.

Back in 1999 DALnet was growing very fast, and the hardware we were running on wasn’t terribly fast.

We needed to be able to support over 6000 clients on a 250Mhz machine, and Dreamforge simply didn’t perform to those levels. Once we rolled out Bahamut, we started seeing much better performance.

I believe somewhere in 2001 we hit our record with around 45,000 clients on a single 900Mhz AMD Duron machine with 512 megs of ram.

- Is there anything you’d like to mention?

We’re always looking for contributors to Bahamut.

We have a wishlist of features, including ipv6 and other such things, that anyone is welcome to code up and provide patches for to the dalnet-src [at] dal.net mailing list.

We are mostly interested in people with the initiative to bounce ideas around on the mailing lists and go off and code!

The complete list of changes between 1.8.4 and 1.8.6 is below:

- Fixes for x64 – this is a combination of Kobi’s work and my own.
- Fixed m_part() and m_quit() to ignore part/quit reasons from squelched users.
- Fixed compiler errors with gcc4.
- Changed a debug message that could leak servers’ IPs to ADMIN_LEV. Thanks key!
- Fix configure tests for zlib removal.
- This patch is intended to mark SVSHOLDs as SBAN_SVSHOLD to stop them from being removed by a kill -HUP
- Fix several small issues where IPs would be displayed when they shouldnt be, from Kobi (kobi [at] dal.net)
- Do not display uplink of ulined servers, from Kobi (kobi [at] dal.net)
- Fix slight errors in m_who argument parsing, from kobi (kobi [at] dal.net)
- Do not display warnings about juped servers attempting to commit, from Kobi (kobi [at] dal.net).
- Fixed m_invite to honor umode +R and silence restrictions.
- Two small rwho fixes to option parsing, from Kobi (kobi [at] dal.net)
- Add hooks for several events
- Remove zlib from the distribution – rely on the library provided by the system.
- Fix msg_has_ctrls() so it doesn’t block non-control characters.

Bahamut IRCd can be downloaded from here.

Thanks go to Epiphani for the short interview and the wants-to-stay-anonymous tipster for the tip! :)

Bahamut support website cracked

“This website is temporary down because the idiot admin (i.e. me) didn’t update phpBB to a non exploitable version” webmaster Doc stated on the Bahamut-community.org website.

Bahamut-community.org is a website with got started to help users with this popular IRCd, and to relieve the support channel #bahamut on DALnet from FAQ’s.

The website is based on the popular phpBB forum software, which recently saw an important update due to a serious exploit. Webmaster Doc stated in a  reaction to IRC-Junkie: “I had been warned about it soon after it came out by several people, however I’ve recently just got a job and a new girlfriend, so I’ve had very little time for the internet :. I guess this has taught me a lesson.”

PhpBB developer psoTFX had this to say on the phpBB forum about users who still have not updated: “This is a reminder to all users to upgrade as soon as possible to 2.0.11. Remember, the issue leading to this release was extremely serious. It gave rise to the possibility for persons to “install” scripts, delete files and otherwise access your system.”

The exploit used on Bahamut-community.org had overwritten all .php and .htm files. “Thankfully nothing was lost”, Doc explained. “As with all websites on my server the database is backed up once a day and kept for five days, as are web files. I have chosen not to just simply restore the phpbb scripts as they would be exploitable.”

The website is back online. Thanks to DesertFox for bringing this to my attention!