– IRC News

All about Internet Relay Chat

Efnet faces major attack on New Year’s Eve [Update 2]

IRC servers with code based on old Ratbox 2.0 code are vulnerable to a bug in the code that handles user authentication. It was found and published at 7 pm GMT by IRC member Fudge when he messed around with the protocol TS6. Charybdis developer nenolod was informed about the issue in the development channel #charybdis. Shortly after that him and other members agreed on that the bug was “pretty serious”.

A working example of how an IRC server could be brought down via this bug was published in the channel. Some person, or a group people, began to misuse the information they presumably got from the channel in order to bring down Efnet. At 10:45 pm GMT, many servers have been patched and restarted, but there are still ten servers, including [Update: is down due to unrelated maintenance according to EFnet], missing, according to the automatically updated network map on To bring a server down, the attacker does not need any special privileges. All they would need to do is to send one line consisting of less than 15 characters.

A new version of Charybdis was released around 22.00 pm later this same evening. Patch files for both Ratbox and Charybdis have been sent to many IRC administrators, so that they can secure their servers against this exploit as soon as possible.

Some of the affected channels include #irchelp, a channel that now has a new date of creation:
-!- Channel #irchelp created Mon Dec 31 22:32:01 2012

It is likely that the operators of #chanfix will get a dramatically increased work load during the next couple of hours. They have prepared well by setting the topic of the channel:
Yes we know EFnet just took a mickey. Plz state the channel with the problem and wait…

There are rumours around claiming Hybrid is also affected, but they have not been confirmed [Update 2: According to the IRCd-Hybrid team, it is not affected by the vulnerability]. As the number of IRC servers forked from Ratbox, with exploitable code, is relatively high it is highly likely that servers on many networks will go up and down for the next few days.

Freenode was one of the first networks to patch themselves, occuring only minutes after the seriousness of the issue had been established. Thanks to staff member tomaw all relevant servers could be secured before any harm was done.

IRC servers which have been confirmed by their developers as patched against this vulnerability are:

  • ShadowIRCd 6.3.3
  • Charybdis 3.4.2
  • Ratbox 3.0.8

Article to be updated when more information is available…


Link to the original advisory:

ShadowIRCd project releases 6.1.0

The ShadowIRCd project just released version 6.1.0 of their Charybdis-based IRCd, just little over a month after the release of version 6.0.0.

The new release adds a few new features, configuration options and “massive helpfile updates”.

The developer team implemented a server-side /CYCLE (also called /HOP in some clients) command which parts and rejoins the user from the channel he specifies.

A lot of management-commands like those pertaining to modules (like MODLOAD) can now be executed remotely, remote stopping or restarting the IRCd through DIE and RESTART has been introduced as well.

Configuration options like a settable timeout for ident checking have been added, static QUIT and the removal of PART messages are now an option too. The flood protection for opers can now fully be turned off instead of just increasing the limit by 4 times like before – the changelog however warns to be “extremely careful” since this option allows to “flood channels/users”.

Another feature worth mentioning is the addition of HELPCHAN / HELPURL: When those are configured a user doing /QUOTE HELP will be pointed to the networks help channel or a website whereas he otherwise would get just the default help index.

The full changelog can be viewed here and the download can be obtained from here.

  Copyright secured by Digiprove

ShadowIRCd 6.0.0 released

ShadowIRCd, a project that died off in 2004, has been revived and is now based on the charybdis IRCd.

The IRCd, formerly based on IRCd-Hybrid, brings a whole lot of features and enhancements that can be considered useful for opers and users alike.

New features include lots of user & channel modes like the implementation of usermode +C (blocks CTCPs) and +G which prevents users from messaging you “unless you’re both on at least one channel together”. Usermode +V prevents users from getting invites from others, to which coder jdhore says that “as far as I’m aware no other IRCd has”.

Useful channelmodes like +T which prevents notices to channels, +G stops messages with more than 50% caps in them and chanmode +K which blocks repeated messages to channels “regardless of who they’re from”.

Opers will like features such as being able to see the users modes in a /whois as well as secret channels the user is in without having to resort to a /spywhois. Oper-override has been modified and needs a special usermode set on ShadowIRCd. Once the oper sets himself +p he’ll be able to use the override but it’ll unset itself after a configurable amount of time.

All in all this looks like a very promising IRCd which according to coder jdhore, doesn’t “try to compete with other established IRCds” but that they’re trying to “make what we find to be the absolute best IRCd possible”.

The changelog can be found here and the homepage of the project is here.

Are you going to consider using this IRCd on your network and if not – why?

charybdis IRCd 3.2.0 released

The charybdis IRCd, an IRCd that “started as an evolution from ircd-ratbox”, is now available as version 3.2.0.

The new release has loads of feature enhancements and bugfixes, some of which have been backported from ircd-seven – a fork of charybdis that is used on the freenode network.

The actual changelog is way too long to post in full, however networks already running the IRCd probably will benefit from the fixes found in this release since there have been some unspecified “crash issues” fixed.

The download can be obtained from here or checked out from their mercurial repository here.

freenode testing a new IRCd

freenode, the network hosting the channels for many free / opensource projects – who just recently announced that they have surpassed the 50,000 users mark – do have big news again.

Existing since 1995 as a stand-alone network, it’s gone through a few IRCds already – from ircu to dancer-ircu then dancer-hybrid and hyperion now.

Being in use since August 2005 now, hyperion could see it’s end-of-life on freenode pretty soon as this blog post, asking for users to get aboard the freenode testnet, might indicate.

ircd-seven is the name the new IRCd is called, which is based on charybdis which in turn is based on ircd-ratbox. This should prove as being a very stable codebase as ratbox is the main IRCd used on EFNet and therefore is used on a large scale for quite some time now.

Since “neither ratbox nor Charybdis implements freenode’s more unique features, such as ban-forwarding or hidden IRC operators” a small team of developers started modifying the code, consisting of only one main dev, a few upstream contributors and the occasional contribution by volunteers. Today, according to christel of freenode, the project is “fairly close to completion, it needs a few tweaks to some staff-only functionality, but most of it’s there”. Asked about an anticipated release date, christel replied that they’re “looking at early next year if everything is going after plan”.

A few of the new features already have been publicized, amongst them are SSL-support for both servers and clients where hyperion only did S2S compression and haven’t had any encryption neither for users nor servers so that’s a big leap forward to the 21st century. Also the channel ban system has been reworked and the username prefixes (i= and n=) are gone for good ;) and ~ is used to indicate a non-identd username instead as most other IRCds do too.

The way you can identify on connect also has been changed and you can now sign in to an account without having to use a nickname that is linked to it by specifying it in the form of accountname:password in the server-password field. You can also do that using SASL provided your client supports it – only irssi and Conspire do that as of now.

Being asked if there are even more features coming up or if the features in the posting are complete, christel replied “Oh, theres definitely a few more surprises in store!”.

To check out the new IRCd yourself, connect to on port 9002 for normal connections or 9003 for SSL encryption. The ircd-seven bugtracker is located here – you can also download the IRCds sourcecode there.

Thanks to TheXception for the tip & thanks to christel for the interview! :)