www.IRC-Junkie.org – IRC News

All about Internet Relay Chat

Quakenet open-sources core services

The gaming aimed IRC network Quakenet recently published their set of services, commonly known as Newserv, to the community. Among the different bots, the two most notable ones are Q and S, which handle user accounts, channel management and protection against floods in big channels.

A repository has been set-up, from which one can download a copy of the source code. Complete with a README file, it’s not only aimed at developers, but also network administrators. The repository is located at https://hg.quakenet.org/newserv. Available under GPL v2.0 license, freedom to use and extend the software has graciously been given by the maintainer slug.

Quakenet is based on a lot of modified and custom-crafted code. Whilst the network has released some software in the past, this is the first time they release the last version of something their core services. Prior to this release, the latest public version of Q dated back to January 2003.

Efnet faces major attack on New Year’s Eve [Update 2]

IRC servers with code based on old Ratbox 2.0 code are vulnerable to a bug in the code that handles user authentication. It was found and published at 7 pm GMT by IRC member Fudge when he messed around with the protocol TS6. Charybdis developer nenolod was informed about the issue in the development channel #charybdis. Shortly after that him and other members agreed on that the bug was “pretty serious”.

A working example of how an IRC server could be brought down via this bug was published in the channel. Some person, or a group people, began to misuse the information they presumably got from the channel in order to bring down Efnet. At 10:45 pm GMT, many servers have been patched and restarted, but there are still ten servers, including services.int [Update: services.int is down due to unrelated maintenance according to EFnet], missing, according to the automatically updated network map on http://map.efnet.net/. To bring a server down, the attacker does not need any special privileges. All they would need to do is to send one line consisting of less than 15 characters.

A new version of Charybdis was released around 22.00 pm later this same evening. Patch files for both Ratbox and Charybdis have been sent to many IRC administrators, so that they can secure their servers against this exploit as soon as possible.

Some of the affected channels include #irchelp, a channel that now has a new date of creation:
-!- Channel #irchelp created Mon Dec 31 22:32:01 2012

It is likely that the operators of #chanfix will get a dramatically increased work load during the next couple of hours. They have prepared well by setting the topic of the channel:
Yes we know EFnet just took a mickey. Plz state the channel with the problem and wait…

There are rumours around claiming Hybrid is also affected, but they have not been confirmed [Update 2: According to the IRCd-Hybrid team, it is not affected by the vulnerability]. As the number of IRC servers forked from Ratbox, with exploitable code, is relatively high it is highly likely that servers on many networks will go up and down for the next few days.

Freenode was one of the first networks to patch themselves, occuring only minutes after the seriousness of the issue had been established. Thanks to staff member tomaw all relevant servers could be secured before any harm was done.

IRC servers which have been confirmed by their developers as patched against this vulnerability are:

  • ShadowIRCd 6.3.3
  • Charybdis 3.4.2
  • Ratbox 3.0.8

Article to be updated when more information is available…

 

Link to the original advisory: http://www.ratbox.org/ASA-2012-12-31.txt

Freenode is still growing

In the past five years, many networks have seen their user count decrease. Very few networks are bigger today than they were during The Great Times (2004-2005). One of the networks that actually have grown, and that in a tremendous speed, is Freenode.

As a network, Freenode is quite unique. It relies on hosting companies, universities and other organizations to support them with servers and bandwidth. In return they don’t get any special privileges on the network, although a few of the sponsors are members of staff. The network primary targets people who want to discuss free and open source software (FOSS) and it was among the pioneering networks when it comes to using namespaces for distinguishing between different channel types.

Freenode’s Head of Staff, christel, says they’re constantly trying to make sure the network will not suffer from the continuously increasing user count. One way of doing this is by actively working with the round-robin (DNS rotation). That’s an efficient way of controlling how many users a server will take, without having a negative or visible impact on the users.

In January 2010, the Hyperion ircd was taken down in favour for ircd-seven; an IRCd that had been carefully chosen and designed to make sure it could handle the growth. One of the problems that Freenode has experienced while growing is that “more users are finding Freenode without necessarily being familiar with our philosophy or purpose, and as such don’t really fit within the scope of us providing services for free and open source projects and other peer-directed projects”, christel says.

Despite, or perhaps thanks to, this, Freenode is still growing today. In August 2007, they reached 40 000 simultaneously connected users. Only about a year after, that number had grown to 50 000. In 2009 the user count increased to 70 000 and in 2011 it was on 70 000. Right now there are 73 000 users connected and a peak of 79 600.

This suggests that Freenode is still one of the few fast-growing IRC networks, but it doesn’t grow in the same speed as it did a few years ago.

Netsplit.de has measured user and channel statistics about Freenode since 1999, and the curves in the graphs show and reflect the constant growth. According to their figures, Freenode is, together with OFTC, the only three of the major networks that are growing and have been doing so for quite a lot time. Both EFnet and IRCnet are facing a decline in users.

Quakenet, Undernet and Rizon have all faced a decrease in users the past five years, but they’re all slowly recovering now. It might just be temporarily and it’s just very recently that they (re)started, but they are growing.

 

Perhaps IRC is on its way back to glory, or maybe it’s just the calm before the storm?

Quakenet Gets a New Website


(Click for a larger image.) 

On February 8 2012 the world’s biggest network, Quakenet, got a new website. In comparison to the old, this new one is more of a Web 2.0 site with aesthetically pleasing URLs, the same design throughout all pages and a lot simpler to navigate. In the top-right corner there’s a flag which indicates the website might feature localization in the future. The translations will then be done by a team of already known people, to ensure accuracy.

The live statistics are now being updated periodically. In the old website, they were last updated on 8th of February 2005.

The Columns section has been renamed to Staff Articles. No new articles have been written, although the old ones (with the oldest dating back to February 2002) have been transferred over.

Something that’s new in this version of the site is a Privacy Policy page. It’s currently empty, but something will be written there once a law or similar that might require logging gets implemented. Currently not logs are kept, except “standard apache logs and extremely generic stats”, meeb says.

According to the (also updated) About page, the site was written in Django, a language that’s become increasingly used lately.

The left bar now shows the two latest news items, instead of a list of help topics, like it did before.

8 items in the main menu, which now are located right below the logo, have been removed. Some of them have been relocated to sub-pages and some have been removed. One of the removed ones is the Forum link, which has been dead for a few years. No forum is currently present, but there might pop one up in the future.

The logotype has been updated to a very simplistic one, made in only two colours. The primary reason for this was because the old logotype wasn’t owned by Quakenet. All content, including the new logotype, is now owned by Quakenet, as stated in the footer.

In addition to the user and channel statistics provided by Netsplit.de and SearchIRC, Quakenet now hosts a page with official statistics. It features line diagrams for both users and channels, and users can choose to look at either the last 24 hours, the last week or the last year.

One interesting feature that’s pretty unique for IRC networks’ websites is that the server list automatically calculates the distance from you to each server. Along with that, each server has its location and its current user count periodically updated.

This is not the end though. Behind the scenes there’s a long list of awesome features that may or may not be added to the site in the future, meeb says.

Mibbit has been compromised

On August 14 a cracker group claiming to be “hackers” named HTP broke into Mibbit, the popular web chat client for IRC. According to their temporarily “rescue” blog the break-in only affected their IRC network, their primary blog and their Wiki. NickServ passwords in clear text were released later the same day by the HTP, as well as personal information regarding several staff members. Both their IRC O-line passwords as well as their NickServ passwords, home addresses and phone numbers were published to the public via a range of file hosting services, and Pastebin.

Something perhaps even more concerning is that the group has revealed not only channel logs, but logs of private messages. It appears like Mibbit has been logging what people have said in PM to each other over their network. According to official statements, this was only a test. Some people have heard that Mibbit has been logging all messages going through their systems. Mibbit has never logged anything, unless a user wants to enable logging. The leaked message logs were captured by a staff member, and not by Mibbit’s system, according to official statements. While this is fully legal, the level of ethicality has been questioned.

The web IRC client that can be used to connect to almost any other network, which is what made them famous, has not been affected. It is operating normally.

All NickServ passwords were stored in plain text, and that raised a concern for those who are interested and engaged in enforcing security. According to staff member pottsi password hashing was not done because that would “means sendpass and getpass would not work”. Another staff member, Joshua, claimed that password hashing was not done because it was too much work to convert all passwords. This has however proven to be incorrect, at least if they used a plain copy of Anope. In Anope’s module database, there is a module called enc_switchover. It’s fairly easy to migrate from one encryption method, or none, to another, using that module. In addition to that, the Anope module ns_resetpass will allow users to reset their passwords despite encryption taking place.

Many people, especially IRC administrators, are now questioning Mibbit’s reliability and some are considering to block access from the web service, just like one of the largest networks, freenode, did a couple of years ago. This is mainly due to the question whether they log messages there too, which would go against many networks’ policies.

The Mibbit team is now working very hard to bring all services back up again. At the time of writing, ChanServ and NickServ on their network is down and staff members are forced to use /samode if they need to get op. They advice everyone who had a NickServ account registered in April or earlier, this year, to change password.

  Copyright secured by Digiprove