IRC-Junkie.org – IRC News

All about Internet Relay Chat

InspIRCd Updates & New Website

After quite a prolonged downtime, the InspIRCd website and Wiki is back up again, although not under its original domain any more but is now hosted on GitHub.

There have been new releases in all current branches as well as a new Beta release in the 2.1 branch.

Users of the 1.2 versions are strongly advised to upgrade their IRCds at least to version 1.2.9rc1 due to the recently found vulnerability and, if possible, they should update to InspIRCd 2.0.x as the 1.2 branch is nearing its end-of-life if no new maintainer is found.

People interested in maintaining the InspIRCd 1.2 branch should get in touch with the developers via their IRC channel on Chatspike.

InspIRCd 2.0.5 Vulnerability [Updated]

There has been a vulnerability reported in InspIRCd 2.0.5 and possibly other versions of the IRC daemon.

The problem lies in the buffer handling of dns.cpp, can be triggered by remote users and might result in arbitrary code execution according to the advisory.

 

There currently is a workaround in the form of a config setting, namely to set

<performance:nouserdns>

to yes.

 

There also have been pull requests on GitHub by Atheme developer nenolod which fix the underlying code, although those – as of now – haven’t been pulled in yet.

 

The fixes above have been pulled in and the official sources have been moved from Gitorious to GitHub.

 

Due to the serious nature of the vulnerability, watch the development of this closely and even though there currently are no reports of this vulnerability being exploited in the wild.

 

The advisory can be found here and one of the temporary InspIRCd websites (which is currently still down after a break-in into ChatSpike/InspIRCd servers) can be found here.

 

We’ll keep this entry updated on any new developments regarding this issue.

ChatSpike Migrates to Atheme IRC Services

ChatSpike is migrating to Atheme IRC Services (from ircservices 5 which we have been using since we started, 6 years ago)” Brain said to IRC-Junkie.

W00t explains why IRC Services no longer serves the network. “IRC services was and is a big influence on the IRC landscape, to me. It was one of the first packages to be OSS’d, it was actively developed over a long timeframe, and incorporated user feedback. It supported a wide range of IRC daemons, and was also one of the earliest packages to get modules support”

Its age was showing in the flexibility however, w00t, who is also a developer of Atheme IRC services explains: “some features have taken us hundreds of lines of code to write, including database handling and other horrific and repetitive code. Atheme has a more streamlined design that lets us tackle this in a RAD style, meaning new toys take a lot less time to get from the ideas stage to the point where our users can play with them.”

Additionally the maintainer of IRCservices Andy Church will be leaving the project soon making future updates too unsure for Chatspike’s needs.

Another reason to switch to Atheme is its better integration with the networks IRCd, InspIRCd. “In atheme [...] we can add and customize things specifically *for* ChatSpike a few light years quicker than we could in the past, new commands, new website integration features, anything becomes feasible instead of a pain in the ass.”

IRC Defender Back Under Development

“After a long period of downtime, Defender is back under active development. There’s a lot of mess as far as the website goes (under construction yadda yadda) but at least there’s someone to get a hold of if things go wrong”, the IRC Defender website announced. This modular Perl based piece of software is coded to help networks with security issues such as worms, spambots and viruses.

The development was halted for quite some time. Formerly active member Brain explains: “Development for IRC defender has been slow for a couple of years now. The program basically did what we needed it to for chatspike (the network it was initially written for), and with other projects like InspIRCd keeping me busy, i was unable to put the time into the project that it needed.”

A new maintainer Thunderhacker was chosen after he asked Brain about the project, and if development could resume. He seemed enthusiastic and willing to maintain the project, so i gave him access to the project to continue it in my ‘absence’.

The new version released (1.5 RC1) has been used on Chatspike for the past few years and includes new modules such as an anti-spamming and anti-repeating module, and the obligatory bugfixes. “Not that much is new yet but with ‘fresh blood’ on the project i can imagine that very shortly lots of new things will be cropping up in IRC Defender” Brain assures us.

IRC-Junkie asked Thunderhacker about the future for IRC Defender: “One of the major plans I have is setting up an area for third party modules to be hosted for use with Defender.” He is currently also working on a bug, and when that one is solved, RC2 will be released. And finally there are plans for new modules. “Beyond 1.6 is a bit too far to predict.  A lot of things could happen in that time”, Thunderhacker explains.

Anyone needing help with IRC Defender is encouraged to visit the forum or visit the #defender channel on Chatspike.

Thanks to w00t for the tip!

Annual Celebration of Network Staff Stupidity at Chatspike

Code mixups, typo’s or any other error from time to time has an effect greater then anticipated by the staff member who performed the error.

“Human error happened and banned everyone from the network,” Chatspike staff member w00t starts to explain to IRC-Junkie. Chatspike staff member Brain typoed a hostmask and the entire network was recognized as a litmus trojan, and banned as consequence. The whole network had to be restarted in order to fix the error.“We’ve decided to make it somewhat of an annual celebration of staff stupidity,” w00t continued. “We have designated October the 28th ‘Blame Brain Day’, and it’s become a network wide holiday and celebration, It also serves as a reminder to users that just because we may have power, all opers are still human and prone to screw ups.”

The day also includes a contest where users can send in images or video’s depicting Brain making his now annually celebrated error. Amongst the prices are a virtual host, non-expiring nick and the ability to see users who /whois you. More information about the contest can be found on the Chatspike website.