www.IRC-Junkie.org – IRC News

All about Internet Relay Chat

Monthly Archives: August 2007

IRC Defender Back Under Development

“After a long period of downtime, Defender is back under active development. There’s a lot of mess as far as the website goes (under construction yadda yadda) but at least there’s someone to get a hold of if things go wrong”, the IRC Defender website announced. This modular Perl based piece of software is coded to help networks with security issues such as worms, spambots and viruses.

The development was halted for quite some time. Formerly active member Brain explains: “Development for IRC defender has been slow for a couple of years now. The program basically did what we needed it to for chatspike (the network it was initially written for), and with other projects like InspIRCd keeping me busy, i was unable to put the time into the project that it needed.”

A new maintainer Thunderhacker was chosen after he asked Brain about the project, and if development could resume. He seemed enthusiastic and willing to maintain the project, so i gave him access to the project to continue it in my ‘absence’.

The new version released (1.5 RC1) has been used on Chatspike for the past few years and includes new modules such as an anti-spamming and anti-repeating module, and the obligatory bugfixes. “Not that much is new yet but with ‘fresh blood’ on the project i can imagine that very shortly lots of new things will be cropping up in IRC Defender” Brain assures us.

IRC-Junkie asked Thunderhacker about the future for IRC Defender: “One of the major plans I have is setting up an area for third party modules to be hosted for use with Defender.” He is currently also working on a bug, and when that one is solved, RC2 will be released. And finally there are plans for new modules. “Beyond 1.6 is a bit too far to predict.  A lot of things could happen in that time”, Thunderhacker explains.

Anyone needing help with IRC Defender is encouraged to visit the forum or visit the #defender channel on Chatspike.

Thanks to w00t for the tip!

IRC & Moderation: A Well Made Match?

Moderating IRC regularly makes the news, especially in junction with online child safety, or IRC network with a family type of character. But how does this work in reality? Is IRC completely moderatable? What are the costs of a moderated network? And what if moderation failed? Time for IRC-Junkie to contact several people in-the-know and see if theres an easy answer.

Let us first see what actually can be moderated on an IRC network:

1) Channel names – Check channel names that seem to point to unwanted content.

2) Channel traffic – Having network personnel actively monitoring channel traffic.

3) Private chat – Directly monitor private chats between two people.

4) File transfers – Check file traffic for undesirable files.

Checking for channelnames that point to unwanted type of communication is fairly easy to do, it just requires the operator to do a /LIST and check for the names, or even automated.

DALnet took a different approach in December 2005. On reports of the sharing of personal information channels would be closed down. “I just emphasize that we’re not doing things to censor particular content,”, DALnet Ahnberg said to IRC-Junkie in December 2005. “We’re acting on a general level. i.e. just because there were a bunch of XXX-pass-trading channels alerted due to this we do not single them out. We treat everyone equally. If we were to find channels who spread login information for sites with info for bird-watchers, we would act on that too.”

Actual moderation of chat, both channel and private, requires probably the most from the network. Not only do network personell need to be present in the channel, they would need to be actively monitoring the chat constantly as well. Some of this type of monitoring is in use on networks that have children as their userbase. Another difficulty here are issues around privacy laws, as Undernet IRC operator Season`d, who works as a lawyer/judge, explains: “In the United States you start with the premise that speech is protected. Now the issue becomes whether  networks can content moderate despite free speech protections. One is not required to use an IRC network.  By using the free IRC network you agree to the terms and limitations of the use, including content moderation.” Things get trickier when for example DCC chat is being used, which takes place directly between two users after the initial contact has been made on the network.

Like DCC Chat, DCC file transfers are only initiated on IRC. Once the connection has been made the file transfers directly between the two users without any aid from the IRC network. Whatever the chosen filename might be, it does not necessarily says anything about the actual content of the file being transferred. This would make the moderation of file transfer very difficult, if not impossible. Asha, owner of the Illumichat network, explains their solution: “File transfers are limited to registered users”.

Many countries have very different laws that must be reviewed when it comes to moderation. Liability in the US for example, or privacy laws in the EU. And who is responsible? The servers the users are connected to, or also the hub in between which might be located in an entirely different country with different laws? Asha: “I am based in the US, most of our policies are designed to fall under US laws.  We will cooperate fully with – any – legitimate law enforcement agency, from any nation on the planet, as I’m sure most network owners would.”

Also, many questions remain about the medium IRC itself. Season`d explains: “Could you ‘shout’ obscenities and curse others in a gathering in the town square?  Most countries limit even free speech when it comes to inciting a riot, but how does one riot on IRC?  Is posting to a channel chat the equivalent of having a microphone in the town square?  You can show up in the town square with a tape recorder, is that the equivalent of logging on IRC?  Does your opinion change if the server is doing the logging without a client in the channel?”

Because of these difficulties many networks, especially larger ones like Undernet, chose to present them self as a “common carrier”. Season`d explains: “The theory is a common carrier is not liable for the contents of what it carries.  Think postal service, bus line or telephone service.  The postal authorities cannot be sued because you received commercial solicitations (our equivalent of spam).  Likewise, if a postal carrier accidentally delivers a pornographic magazine to you, they are not liable.  A bus company cannot  discriminate what packages or people it carries (with a few exceptions for public decency and security).  Finally, you and I can discuss any subject we chose when we are connected by telephone and I can use any speech I deem appropriate (although there are laws concerning telephone harassment that simply don’t yet exist for the Internet).”

This way of operation has yet not been tested in court, but for many networks it is a situation that works, as moderating 100,000′s of connections will be impossible in an organization like IRC, which is depending entirely on volunteers.

When the decision is made to moderate, in certain countries that makes the network a possible subject of liability as well. “In the United States there may well be liability for unsuccessful moderation”, Season`d explains. “Generally the standard is ‘reasonable person’ or in this case ‘reasonable ISP’ or ‘reasonable chat network’. The law evolved from a good samaritan that tried to help a drunk get home and dropped him at a train station.  Of course the drunk wandered out in front of the train.  If you say your chat network is ‘safe for kids’ it better be ‘safe for kids’.  If you say your network doesn’t allow copyright infringement, then you better take all the reasonable steps to prevent it.”

There can also be democratic objections against moderation. Even if it goes entirely against everything you considered decent and appropriate. Not too long ago a group of people in the Netherlands tried to form a new political party with the main objective to legalize pedophilia. It was blown out of proportion in the media, but in itself, forming a political party to change laws is not illegal, even if the law covers something that is illegal to practice at that time. In the end the party did not get enough support, so criteria were not met and the party never actually formed. But the idea still stands: who decides what is appropriate to discuss in a democracy?

The choice for moderation is often made because of the bad name IRC has. Asha explains; “The biggest problem that I see with IRC as a whole is the lack of integrity on the part of a few networks, giving all of us a bad name.  Many nets simply will not tolerate script kiddies, hackers, crackers, porn traffic and other forms of bot nets.  The few that do spoil a good thing for everyone.”

Drones, a Continuous Problem for Small Networks

In February 2006 IRC-Junkie featured an article titled “Help! My Network is in Servers.ini!”. In short, the article names one of the problems small networks engage when they become listed in mIRC’s servers.ini.

One of the major drawbacks is that not only humans use this file, downloading an up-to-date servers.ini is also one of the first things a newly installed drone is doing. And thus, attracting drones is one of the side effects that could cause a lot of problems that eat up valuable resources, which are often not really in abundance on small networks anyway.

The Beirut IRC Network for example started to gline about a 1000 IPs a day when they got first listed in servers.ini.

Tjerk Vonck, webmaster of mirc.com, denied knowledge of any drone issues concerning servers.ini: “No. And really, I doubt there is such a problem”, he replied to IRC-Junkie.

Today IRC-Junkie received an email from SanitariuM who scripted a mIRC script that can gline drones on connection.  “Those numbers for those bear drones, as I can verify with sources, have grown to over 2 MILLION unique IP’s per year. Divide this out and it’s almost 5,500 drones with unique IP’s per day on each network. Each bot sends out at *least* 10 spams, so that’s 55,500 spams per day”, he writes.

Despite that drone nets increasingly make use of other protocols like HTTP and P2P type of networks they continue to plague IRC networks.

SanitariuM also brings a bit of good news however. “There are several ways you can detect and gline these things with 100% accuracy on connection. I’ve written a universal mIRC addon that’ll work on *any* network to pattern detect and gline these. Instructions for setup are very simple… change a syntax or two, oper it up, and away it goes.”

To not give away the pattern and make the maliscious users running the drones aware of how they are being caught, SanitariuM only gives out the mIRC script after validation of the user requesting a copy, and only after initial contact has been made in one of two channels. These can be found on Undernet (#SSnD) and DALnet (#Snoop).

IRC-Junkie advices common sense with loading scripts into any IRC client. If you are going to load a script not written by yourself, and you don’t posses the knowledge of checking it out yourself, let someone else do it. Especially if it is going to run on an opered client on a production network.

edit (13:00): 55,000 spamposts instead of 15,000, changed on request of SanitariuM (which I just quoted without checking the math ;) )