– IRC News

All about Internet Relay Chat

Efnet faces major attack on New Year’s Eve [Update 2]

IRC servers with code based on old Ratbox 2.0 code are vulnerable to a bug in the code that handles user authentication. It was found and published at 7 pm GMT by IRC member Fudge when he messed around with the protocol TS6. Charybdis developer nenolod was informed about the issue in the development channel #charybdis. Shortly after that him and other members agreed on that the bug was “pretty serious”.

A working example of how an IRC server could be brought down via this bug was published in the channel. Some person, or a group people, began to misuse the information they presumably got from the channel in order to bring down Efnet. At 10:45 pm GMT, many servers have been patched and restarted, but there are still ten servers, including [Update: is down due to unrelated maintenance according to EFnet], missing, according to the automatically updated network map on To bring a server down, the attacker does not need any special privileges. All they would need to do is to send one line consisting of less than 15 characters.

A new version of Charybdis was released around 22.00 pm later this same evening. Patch files for both Ratbox and Charybdis have been sent to many IRC administrators, so that they can secure their servers against this exploit as soon as possible.

Some of the affected channels include #irchelp, a channel that now has a new date of creation:
-!- Channel #irchelp created Mon Dec 31 22:32:01 2012

It is likely that the operators of #chanfix will get a dramatically increased work load during the next couple of hours. They have prepared well by setting the topic of the channel:
Yes we know EFnet just took a mickey. Plz state the channel with the problem and wait…

There are rumours around claiming Hybrid is also affected, but they have not been confirmed [Update 2: According to the IRCd-Hybrid team, it is not affected by the vulnerability]. As the number of IRC servers forked from Ratbox, with exploitable code, is relatively high it is highly likely that servers on many networks will go up and down for the next few days.

Freenode was one of the first networks to patch themselves, occuring only minutes after the seriousness of the issue had been established. Thanks to staff member tomaw all relevant servers could be secured before any harm was done.

IRC servers which have been confirmed by their developers as patched against this vulnerability are:

  • ShadowIRCd 6.3.3
  • Charybdis 3.4.2
  • Ratbox 3.0.8

Article to be updated when more information is available…


Link to the original advisory:

Freenode is still growing

In the past five years, many networks have seen their user count decrease. Very few networks are bigger today than they were during The Great Times (2004-2005). One of the networks that actually have grown, and that in a tremendous speed, is Freenode.

As a network, Freenode is quite unique. It relies on hosting companies, universities and other organizations to support them with servers and bandwidth. In return they don’t get any special privileges on the network, although a few of the sponsors are members of staff. The network primary targets people who want to discuss free and open source software (FOSS) and it was among the pioneering networks when it comes to using namespaces for distinguishing between different channel types.

Freenode’s Head of Staff, christel, says they’re constantly trying to make sure the network will not suffer from the continuously increasing user count. One way of doing this is by actively working with the round-robin (DNS rotation). That’s an efficient way of controlling how many users a server will take, without having a negative or visible impact on the users.

In January 2010, the Hyperion ircd was taken down in favour for ircd-seven; an IRCd that had been carefully chosen and designed to make sure it could handle the growth. One of the problems that Freenode has experienced while growing is that “more users are finding Freenode without necessarily being familiar with our philosophy or purpose, and as such don’t really fit within the scope of us providing services for free and open source projects and other peer-directed projects”, christel says.

Despite, or perhaps thanks to, this, Freenode is still growing today. In August 2007, they reached 40 000 simultaneously connected users. Only about a year after, that number had grown to 50 000. In 2009 the user count increased to 70 000 and in 2011 it was on 70 000. Right now there are 73 000 users connected and a peak of 79 600.

This suggests that Freenode is still one of the few fast-growing IRC networks, but it doesn’t grow in the same speed as it did a few years ago. has measured user and channel statistics about Freenode since 1999, and the curves in the graphs show and reflect the constant growth. According to their figures, Freenode is, together with OFTC, the only three of the major networks that are growing and have been doing so for quite a lot time. Both EFnet and IRCnet are facing a decline in users.

Quakenet, Undernet and Rizon have all faced a decrease in users the past five years, but they’re all slowly recovering now. It might just be temporarily and it’s just very recently that they (re)started, but they are growing.


Perhaps IRC is on its way back to glory, or maybe it’s just the calm before the storm?

KVIrc recommends updates for freenode users

The KVIrc team has issued an update of their IRC client although it’s technically still at RC2.

The update is recommended for all users of the freenode IRC network that experience problems with “Excess Flood” disconnects from the network, mostly due to autojoining a large number of channels where the client automatically issues a series of commands (/WHO, gets channelmodes and lists of bans as well as ban and invite exemptions) – neither of those events have been rate-limited in the past.

Also, users of the psyBNC and ZNC bouncers (possibly others too) that experienced a bug with the client – searching for CAPABILITIES would hang the connection – can look forward to a fix for that in the new snapshots.

If you want to use a version from their SVN repository, you’re urged to use at least revision 3940 if you’re experiencing said “Excess Floods” and if you want to use features like quiet bans and authentication via SASL (which have been introduced lately on freenode) you should install at least revision 3959.

To retrieve KVIrc from SVN use this command:

svn co

To get an already compiled version, take a look at their snapshot directories for your OS on their FTP.

freenode migration to ircd-seven successfully completed

Just as announced, the migration away from the aged hyperion IRCd to the new ircd-seven started at 7:30am UTC – here’s a short summary of the events:

5 minutes early, christel of freenode staff announced via Global that she’s preparing the move:

-christel- [Global Notice] Good morning all! As you are aware we’re about to start the migration over to ircd-seven shortly, I am about to take a snapshot of the services database and copy across topics and channelmodes (bans, invexes etc). This means that any changes you make to channel modes or services after this point (on hyperion) will be lost. We’ll be a bit noisy as the migration goes on and will global to keep you updated. Thanks for your patience

Shortly after that she announced that a few servers will not immediately return into the main round-robin because they need upgrades:

-christel- [Server Notice] Hi, for users on calvino we would encourage you to make sure that your client is set to reconnect to main rotation ( as this server will not be immediately available after migration. Thank you!

-christel- [Global Notice] Hi all, services and channel states have now been migrated over to the new production network. We’re migrating utility bots/pseudoservers as we speak and we’re nearly ready for users. Users connected to calvino, crichton, kubrick, leguin and verne may wish to make sure they are re-connecting to as these servers will not be immediately linked on newnet as they are pending upgrades first. Thank you!

Just little over an hour later, christel posted an update via Global, declaring the switchover complete:

-christel- [Global Notice] Hi all, The migration is complete! newnet is up and running and you may now manually connect to, ports stay the same, however SSL listens on ports 7000 and 7070 if you wish to connect via SSL. We’ll be taking down hyperion servers momentarily and we shall see you on the other side! Thank you!

-christel- [Global Notice] The migration is complete and went smoothly, thank you for your patience while we transferred state from hyperion to seven, thank you to seven and charybdis developers for making ircd-seven happen and than you to freenodes infrastructure team for all getting dug in! Website FAQ is updated, as is our blog. You may wish to familiarise yourself with changes. Thanks!

The loophole that allowed users of the Firefox webbrowser to connect to the network via Javascript and spam channels has been fixed and a feature to block channel-wide CTCPs has been implemented in the new IRCd which is a major improvement and should keep the spammers at bay.

Another much-anticipated feature of the new IRCd is client- and server-side SSL which is now available on ports 7000 and 7070 network-wide. A possibly not complete list of new features and changes the new IRCd introduces can be found here, here and here.

Congratulations to the freenode staff team for the smooth migration!

freenodes ircd-seven is in the final testing stage

ircd-seven, the IRCd that is going to replace the aged hyperion IRCd currently in use on freenode, is in the final stages of testing.

After being in the public testing phase for over one year, it seems it is finally ready to go into production use on the network.

In an announcement, freenode staff write that after “extensive testing by users and staff, we are now preparing for the switch-over which is taking place at the end of this month” and that they’d like to thank “those of you who have helped test, those who have botted the testnet and in particular those who have helped us find and iron out bugs”.

Those who make use of bots on freenode are advised to “take these last couple of weeks to make sure that they work with the new ircd, so as to not experience disappointment on switch-over for the production network”.

Closing the announcement they write that if “all going well, the switch-over is scheduled for Saturday January 30th 2010″.