mIRC Home    About    Download    Register    News    Help

Print Thread
Joined: Sep 2004
Posts: 20
W
Wookie Offline OP
Ameglian cow
OP Offline
Ameglian cow
W
Joined: Sep 2004
Posts: 20
I run a reasonably secure channel, and have an eggdrop bot also, but something happened just last night that gives me cause for concern.

A "voiced" member did something (I dont know what) that immediately gave him ops on the channel. The worse part about this is in the channel window it said that I gave him these ops.

Q1. How did this person do this?
Q2. How do I prevent this from happening in the future.

Owing to the sensitive nature of the question and possible answers, I think these q's should be answered either in pm or by email. Thanks in advance for all help offered, and I'll forward my email by pm to those who can help.

Wookie

Joined: Aug 2004
Posts: 7,252
R
Hoopy frood
Offline
Hoopy frood
R
Joined: Aug 2004
Posts: 7,252
I'd be checking any and all scripts that you run & that the bot uses (I'm not familiar with eggdrop) for lines that allow a non specific entry...for mIRc, they would look something like one opr more of the following

on *:text:*:*
on *:text:*:#
on *:text:*:?
on *:action:*:*
on *:action:*:#
on *:action:*:?

Lines like these are extremely supseptible(sp?) to commands that can be entered which can cause a lot of problems.

If you have any code that is like that, then I would recommend that you see about getting that script (or those scripts) re-written.

I don't know how they did it, but the above shows how they might've been able to pass a command to a script which, in turn, granted them ops. The above also shows the primary method of preventing this.

Joined: Sep 2004
Posts: 20
W
Wookie Offline OP
Ameglian cow
OP Offline
Ameglian cow
W
Joined: Sep 2004
Posts: 20
I have no scripts installed, and the member used my nickname to gain the ops, not the bots so I think that negates the bot scripts. He also boasts he can do it on any chan or network, luckily he's not mailicious.

But if he can do it so can others which is why I want the solution to stop it, and how its done to further protect my chan.

Joined: Sep 2004
Posts: 20
W
Wookie Offline OP
Ameglian cow
OP Offline
Ameglian cow
W
Joined: Sep 2004
Posts: 20
Sorry, I should have said thanks Russel...so uhhm..thanks..:)

Wookie

Joined: Oct 2005
Posts: 1,741
G
Hoopy frood
Offline
Hoopy frood
G
Joined: Oct 2005
Posts: 1,741
If you know that you don't have any vulnerable scripts running, then you should be forwarding your information (with logs if possible) to the IRCOps on your network. They may be able to help you. It may be that there is a bug in their IRCd's code that allows that person to avoid the security measures.

-genius_at_work

Joined: Jan 2003
Posts: 1,063
D
Hoopy frood
Offline
Hoopy frood
D
Joined: Jan 2003
Posts: 1,063
I think this would be the problem:

the eggdrop identifies a person by nickname... and granting rights to the person with the right nicknames.
if it's on a network without registration services, the person could 'steal' the nickname of the bot owner easely and gain operator status that way because he can then order the bot to op him/her/it

you should get a more secure bot I think...


If it ain't broken, don't fix it!
Joined: Dec 2005
Posts: 2
P
Bowl of petunias
Offline
Bowl of petunias
P
Joined: Dec 2005
Posts: 2

ello, I run mIRC on msn chat... which is a bit of a pain but thats besides the point, ANY WAYS I dont know any thing about eggdrop or even what kind of client it is, if its not something you can personaly edit I'd have to agree in saying you should get a more secure bot, if this is something you can edit the coding in then switching $nick where it recognizes names for $ial($nick).addr might work... well thats how it works on msn atleast, I'm a bit ignorant about other servers... if it does work you'll have to switch it out in more than just the coding thats ownering the person...

I gotta ask though do you have your self in the auto op list and if so what command line did you use to add your self?

Joined: Jun 2003
Posts: 994
C
Hoopy frood
Offline
Hoopy frood
C
Joined: Jun 2003
Posts: 994
DCC Chat with the eggdrop and type the following:

.chanset your channel name here +bitch

example: .chanset #mirc +bitch

This tells the eggdrop to "only allow users with the +o flag to be ops on the channel" but is only saved until the next rehash or restart. To make it permanent, add +bitch to the channel configuration in the config file.


I refuse to engage in a battle of wits with an unarmed person. wink
Joined: Jun 2003
Posts: 5,024
M
Hoopy frood
Offline
Hoopy frood
M
Joined: Jun 2003
Posts: 5,024
"He also boasts he can do it on any chan or network, luckily he's not mailicious."

That's all it is. Boasting. He can't.

There is something quirky going on with your client, another op's client or the ircd the network runs, simple as that.

Regards,


Mentality/Chris
Joined: Sep 2004
Posts: 20
W
Wookie Offline OP
Ameglian cow
OP Offline
Ameglian cow
W
Joined: Sep 2004
Posts: 20
The eggdrop is more than secure in that I am the owner, and the only person allowed any access at all, its completly secure and shut off to other users and everything is logged. The eggdrop only runs a google script, a weather script and a soon to be iniated invite script. This is why I have ruled this out of the equation.

The ops where for all intent and purposes given by me to this member although I definately did not give the ops to him. Something he did triggered this response and the result seen in the chan window was myself opping this member. Chanserv and nickserv are both operating on this network so my Admin (!) status comes direct from them. And I have just spoken to the network admins and they have no idea either.

Investigations continue...

Thanks all for your input.

Wookie

Joined: Dec 2002
Posts: 29
H
Ameglian cow
Offline
Ameglian cow
H
Joined: Dec 2002
Posts: 29
Your best bet for finding out exactly what's going on is to turn debugging on (/debug on) and have him "op himself" again (if he will and is not malicious as you say). Then look at the debug.log and try to make sense of what happened. If it is something with a script, you will more likely than not see a message sent to you that you didn't see in the regular output. If it's actually you doing the opping, you will see in the debug.log a command sent from you to the server to op the person.

Good luck.

Joined: Jun 2005
Posts: 127
H
Vogon poet
Offline
Vogon poet
H
Joined: Jun 2005
Posts: 127
Remove your eggbot from the room or disable its scripts. Then turn your remotes off by typing /remote off

Then get the 1337 h4x0r (as im sure he thinks he is) to do this again. If he cant (no matter what his sad little excuse is) then you know the problem is in your mIRC scripts or your eggdrop bot. If he can, contact an IRCop. (dont be hesitant to talk to them. They are there to help.)


-- HAMM3R (aka: alhammer)
http://www.HAMM3R.net
Joined: Jan 2003
Posts: 1,063
D
Hoopy frood
Offline
Hoopy frood
D
Joined: Jan 2003
Posts: 1,063
Quote:

ello, I run mIRC on msn chat...


check this thread:

https://forums.mirc.com/showthreaded.php?Cat=0&Number=21021&page=


If it ain't broken, don't fix it!
Joined: Oct 2004
Posts: 72
C
Babel fish
Offline
Babel fish
C
Joined: Oct 2004
Posts: 72
I am not familiar with eggdrops nor with the google and weather scripts you mentioned. I only know that scripts using $read and $readini without the n parameter are vulnerable to $finddir and $findfile. Can you find out whether this voiced person typed in $finddir or $findfile somewhere? Also, investigate all your scripts for $read and $readini statements without having the n parameter. They should be of the format $read(filename, n, ...) or $readini(filename, n, ...). If I'm right, I think this voiced person googled for something with $finddir of $filefind in it.... Same thing happens with seen scripts based on textfiles instead of hashtables...


Link Copied to Clipboard