– IRC News

All about Internet Relay Chat

Efnet faces major attack on New Year’s Eve [Update 2]

IRC servers with code based on old Ratbox 2.0 code are vulnerable to a bug in the code that handles user authentication. It was found and published at 7 pm GMT by IRC member Fudge when he messed around with the protocol TS6. Charybdis developer nenolod was informed about the issue in the development channel #charybdis. Shortly after that him and other members agreed on that the bug was “pretty serious”.

A working example of how an IRC server could be brought down via this bug was published in the channel. Some person, or a group people, began to misuse the information they presumably got from the channel in order to bring down Efnet. At 10:45 pm GMT, many servers have been patched and restarted, but there are still ten servers, including [Update: is down due to unrelated maintenance according to EFnet], missing, according to the automatically updated network map on To bring a server down, the attacker does not need any special privileges. All they would need to do is to send one line consisting of less than 15 characters.

A new version of Charybdis was released around 22.00 pm later this same evening. Patch files for both Ratbox and Charybdis have been sent to many IRC administrators, so that they can secure their servers against this exploit as soon as possible.

Some of the affected channels include #irchelp, a channel that now has a new date of creation:
-!- Channel #irchelp created Mon Dec 31 22:32:01 2012

It is likely that the operators of #chanfix will get a dramatically increased work load during the next couple of hours. They have prepared well by setting the topic of the channel:
Yes we know EFnet just took a mickey. Plz state the channel with the problem and wait…

There are rumours around claiming Hybrid is also affected, but they have not been confirmed [Update 2: According to the IRCd-Hybrid team, it is not affected by the vulnerability]. As the number of IRC servers forked from Ratbox, with exploitable code, is relatively high it is highly likely that servers on many networks will go up and down for the next few days.

Freenode was one of the first networks to patch themselves, occuring only minutes after the seriousness of the issue had been established. Thanks to staff member tomaw all relevant servers could be secured before any harm was done.

IRC servers which have been confirmed by their developers as patched against this vulnerability are:

  • ShadowIRCd 6.3.3
  • Charybdis¬†3.4.2
  • Ratbox 3.0.8

Article to be updated when more information is available…


Link to the original advisory:

Hybrid releases 7.3.0

Earlier this week, Jon Lusky released a new version of ircd-hybrid. The version number has now reached 7.3.0. Among the changes you find a new Bulgarian translation, a fixed IPv6 implementation and channel modes O and S for opers-only respective SSL/TLS-only clients. Server administrators now get to choose whether they want to use SSLv3 or TLSv1 to secure connections. All spy-notice modules that previously covered reports for usage of STATS, TRACE, MOTD and ADMIN have been replaced by server-sided notices. The old LazyLinks concept has now been removed, as it was half broken. The WATCH command known from UnrealIRCd and Bahamut has been added. In addition to that, a few minor cleanups and bugs leading to crashes have been fixed.

Hybrid is used together with Ratbox (which is a fork) and CSIRCd on both EFnet and IRCsource. It has been forked many times and it’s known for its stability and quality of code.

By looking at the SVN repository it seems like the developer team behind Hybrid is working towards a 8.0 release, featuring better services support while still keeping simplicity.

  Copyright secured by Digiprove

IRCd-Hybrid derivate "esphyb" releases version 1.0.4 [Updated]

[Update] Version 1.0.5 has been released for a important fix regarding a crashbug in the /invite command!

esphyb, an IRCd forked from IRCd-Hybrid that is developed and used on EsperNet, is now available as version 1.0.4.

The features that have been introduced in their custom version include:

  • Colorless channels (+c/+C), oper-only channels (+O), identified-user channels (+R, +M)
  • Smarter CAPTURE/UNCAPTURE (aliased to HURT/HEAL)
  • Configuration-driven “services” aliases, like /NickServ and /NS
  • SVSMODE for usermodes +a and +r
  • SVSNICK for “services”-driven nick changes
  • WEBIRC support for web-to-IRC gateways like CGI:IRC and Mibbit
  • OPME and OJOIN for emergency channel management

as well as “SSL support, longer ban/exception/invite lists, longer channel names, IPv6 support and CallerID/server-side ignore”.

The changes from the previous version, 1.0.2, are the following:

  • BUGFIX: /invite no longer allows users to invite banned users.
  • BUGFIX: bump HOSTLEN to 255 per RFC1123
  • BUGFIX: hide hidden servers from /links, /map, and /who for non-operators
  • BUGFIX: Fix IP-based WEBIRC bans
  • FEATURE: Filter out part messages with colors or control characters from +c/+C channels
  • FEATURE: Add SSL-only channels (cmode +z, also includes umode +z)
  • FEATURE: Notice channel operators on /invite
  • PLATFORM: Fix build on x86-64 Linux
  • HELP SYSTEM: Updates for new usermodes and various corrections

The IRCd can be downloaded from here.

IRC.EFNet.CH Supports IPv6

Another EFNet server adds supports IPv6.

Recently IRC.EFNet.CH added support for the IPv6 protocol. IRC-Junkie asked IRC EFNet.CH admin Taliz for how long IPv6 has been supported on EFNet. “Ratbox is an early fork of Hybrid 7 and, if I recall correctly, has always supported IPv6. Hybrid 7 has supported IPv6 since it was released back in 2003(there were however a lot of Betas & RC’s supporting IPv6 as well, which ratbox built on, dating back to 2001).”

“Some of the first servers supporting IPv6 on EFnet were &, they linked around 2001. Nowadays Qeast is gone, but IPv6 is enabled on as well as a multitude of other servers like,,,, &” These servers can be found in the IPv6 round robin at

One of the old concerns with IPv6 was that maliscious users could have access to an unlimited range of addresses for floodbots. “CIDR limits are used to control IPv4 as well as IPv6 classes,” Taliz explains. “You can for example limit /64′s to 5 connections, effectively preventing mass cloning.”

IPv4 remains by far the most popular protocol in use. “I would estimate that there are less than, or around, 2000 IPv6 clients on EFnet regularly,” Taliz ends.