IRC-Junkie.org – IRC News

All about Internet Relay Chat

Tag Archives: Network Addons

phpDenora version 1.4.0 is out

The Denora project releases 1.4.0 of phpDenora which is according to Hal9000 mainly a bugfix release “with some changes to the core like utf-8 support”.

Now if you are wondering why there is nothing really new to see in this release, the explanation simply is that phpDenora2 is on the way and it would be a waste of time to dedicate any energy in making substantial changes to phpDenora 1.x. And fear not, an alpha preview release will be available sometime next month.

The changes that have been introduced “require Denora 1.4 and PHP 5.2.” and Hal9000 urges to “read the new System Requirements and the upgrade instructions carefully on the download page.”

Also the Denorastats.org website has been revamped and is worth a look :)

phpDenora fixes XSS vulnerability

After getting notified about a Cross-site scripting vulnerability in phpDenora irc-junkie quickly tried to get in touch with the project.

The vulnerability – which generally can be used to steal cookies – exists at least in phpDenoras then latest stable release, version 1.2.2 and “possibly all other versions” says developer Hal9000.

Due to lacking sanitization it was possible to exploit the vulnerability using specially crafted channelnames that would be visible on several pages of phpDenora – according to phpDenoras Hal9000 on the “channel listing, the channel stats page, the user stats page and the top channel list on the homepage – if the channel is in the top X channels”.

To test if your installation of phpDenora is vulnerable you simply can /join #<script>alert(‘XSS’)</script> and then visit one of the mentioned pages – if you’re getting a popup, you should upgrade.

But, since channels names usually are pretty limited in length and usable charset, serious threats like stolen cookies are unlikely to occur. Nonetheless this recent upgrade is a recommended one.

The download for phpDenora 1.2.3 can be found here.

Thanks go to Shawn for reporting the vulnerability, to w00t for making the initial intermediary contact to Hal9000 and of course to Hal9000 for being so quick to fix the vulnerability.

Anope switches their Support Network to InspIRCd

Following the announcement of InspIRCd 1.2-rc1, the Anope project wrote a news article on their homepage, stating that they have switched IRCds on their support network.

They’re now using InspIRCd 1.2 and a development version from the new 1.9.0 series of their services package. Stating reasons for this move, away from stable to potentially unstable development versions of both programs, chaz says that they “chose InspIRCd as it’s a well maintained, highly motivated and definitely innovative product and we (Anope) should be the forefront of the technology for the sake of our users”.

“We decided also to make the move from Anope 1.8 to 1.9 for a few reasons, namely to put our money where our mouth is and start to push the game forward by showing it’s developing fast and taking strides forward. We also wanted to be able to have users experience it for themselves without the need for a testnet or taking the plunge until their ready” chaz continues to explain the motives behind the move and says that they thought “that if we use Anope 1.9 with InspIRCd we’d be helping both teams find/fix bugs as we are all in the same game at the end of the day; to provide reliable, and feature packed IRC ‘Services’ to administrators & users alike”.

He explicitly mentions that there is no “political motive to our move” but that they “merely want to further the compatibility efforts with InspIRCd” because “of the Unreal project forking InspIRCd for their next major version” they figured that they “might aswell get in on the ground with InspIRCd”.

Closing the announcement, chaz writes that they’re “aiming for a release of Anope 1.9.0 as the first milestone in the development since it started it’s development over on C++” and that they’d like “everyone to get involved with us in testing and suggesting new features on the forum here and reporting any bugs to us on the Bugtracker here“.

Anope releases 1.8.0-stable of their IRC services package

The Anope project announces the availability of version 1.8.0, the new stable release of their IRC services package.

It’s been a long couple of years, with many changes both to the product and indeed to the team as a whole.

For those of you with Modules which won’t work beyond 1.7.21 we understand your plight and will be available to assist module authors if they need a hand revising their mods for general consumption.

We want everyone to move away from 1.7.x as a development branch and join us on -stable. (with your modules of course!)

Below is the complete changelog since version 1.7.24:

10/19 F Updated Anope Credits [ #00]
11/12 F Fixed a potential problem with NS ACCESS and UseRDB [ #00]
11/14 F Fixed two potential format vulnerabilities. [ #00]
11/15 F Fixed ns resending of passcode issue. [#964]
12/05 F Fixed session count being decremented twice on GHOST. [#969]
12/05 F Fixed CS setting +i when akicking a user from an empty channel. [#973]
12/07 F Fixed improper detection of ‘d’ usermode on UnrealIRCd. [#966]
12/20F Fixed crashbug in db-merger. [ #00]
12/29 F Fixed incorrect merging when db-merger is given arguments. [#976]
12/29 F Fixed akicklist not being reordered after a nickcore is dropped. [#983]

Provided by Julien S. <SnakeBrothers [at] hotmail [dot] com> – 2008
11/14 F Fixed BotInfo::chancount not being set properly with UseRDB [#965]

Provided by Szymek <szymek [at] adres [dot] pl> – 2008
10/25 F Updated Polish language file translation. [ #00]

Provided by Kein <kein-of [at] yandex [dot] ru> – 2008
10/25 F Updated Russian language file translation [#959]

Closing their announcement they “once again wish our loyal users all the very best in this holiday season and for all to have a successful year in 2009.”

Files can be grabbed from here.

Of course all the best wishes for 2009 from IRC-Junkie.org too – have a nice festive season!

How to protect an IRC network from spam

Dealing with spam is something every IRC network had to do in the past, present or even maybe in the future.

If it is somebody that is trying to give your network a bad name, a trojan horse that tries to infect your users or just someone that tries to annoy you and your users doesn’t quite matter, spam probably has been an issue as long as IRC has existed.

Luckily, there are quite a few methods and ways to counter-act on it.

First thing should be educating your users to not click on anything that has been sent to them unsolicited – or performing any commands that promise them to “get free ops” and what else is going to be tempting to some – or they also might unwillingly and unknowingly join the spammers.

There are many (semi-) automated means to combat spam, mostly depending on what software you use – or are willing to use – on your network.

Some IRCd’s, such as Unreal or InspIRCd, already have built-in functionality to filter spam in any part that is visible to other IRCers – those however require that someone notices the spam and adds a regular expression to block and act upon it.

Completely automated ways to combat drones and malicious users include setting up a proxy scanner using DNS blacklists, or DNSBLs for short. There are extensive lists of various blacklists available on the internet but only some of them are meant to be used exclusively for IRC so choose wisely.

But what if the IRCd of your choice doesn’t support spamfilters and you don’t want to use DNS-based blacklists? IRCDefender is a software that could provide you with such functionality by adding a “pseudo-server” to your network which sole purpose would be checking for spam and everything else you configure it to do.

Neostats is another service that can help you combat malicious activity – it might even already be installed so you only would need to add the SecureServ module to it to have an additional layer of protection available.

So, since preventing spam also somewhat pertains to security, the same rules apply to it: you rather have a few layers to prevent something bad from happening than depend on a single line of defense.

Please share your tips what you do about spam on your network as well as stuff i might have missed :)

  Copyright secured by Digiprove