mIRC Home    About    Download    Register    News    Help

Print Thread
[1] comprimised host #237214 18/04/12 01:46 AM
Joined: Apr 2012
Posts: 4
T
tharkun860 Offline OP
Self-satisified door
OP Offline
Self-satisified door
T
Joined: Apr 2012
Posts: 4
Hi -

for a couple of days, now, I have been getting this error message. One webpage suggested it was because of spamming or a virus or trojan. I have checked with a couple of anti-virus progs and my system appears to be clean.

all helpful advice welcome.

Re: [1] comprimised host [Re: tharkun860] #237215 18/04/12 02:38 AM
Joined: Jan 2004
Posts: 1,281
maroon Offline
Hoopy frood
Offline
Hoopy frood
Joined: Jan 2004
Posts: 1,281
does your internet provider frequently change your IP address, or have you had the same one for a long time. If you changed IP recently, it's possible you have an address formerly used by someone infected.
Is there someone else in your LAN that's been accessing the same irc server, and it could be them instead of you that's infected?
Do you get this error at all irc servers you try to connect to? Your message makes it sound like you got this error at more than 1 irc server, but it would help if more of a warning error than 'compromised host'.

Re: [1] comprimised host [Re: maroon] #237218 18/04/12 04:56 AM
Joined: Apr 2012
Posts: 4
T
tharkun860 Offline OP
Self-satisified door
OP Offline
Self-satisified door
T
Joined: Apr 2012
Posts: 4
>>does your internet provider frequently change your IP address, >>or have you had the same one for a long time.

No, IP only changes (I think) when I reset the router. Last router reset was 2-3 weeks ago, but error message appeared only 2 days ago.

>>Is there someone else in your LAN that's been accessing the >>same irc server, and it could be them instead of you that's >>infected?

nobody else on my LAN - home computer, only 1 user.

Do you get this error at all irc servers you try to connect to?

Yes, so far.

>>Your message makes it sound like you got this error at more >>than 1 irc server, but it would help if more of a warning >>error than 'compromised host'.

------ include section of log file -----------
02[15:06] * Connect retry #1 vancouver.bc.ca.undernet.org (6667)
-
05[15:06] -vancouver.bc.ca.undernet.org- *** Looking up your hostname
-
05[15:06] -vancouver.bc.ca.undernet.org- *** Checking Ident
-
05[15:06] -vancouver.bc.ca.undernet.org- *** No ident response
-
05[15:06] -vancouver.bc.ca.undernet.org- *** Couldn't look up your hostname
-
05[15:06] -vancouver.bc.ca.undernet.org- *** Ident broken or disabled, to continue to connect you must type /QUOTE PASS 25780
-
02[15:07] * Disconnected
-
02[15:07] * Connecting to vancouver.bc.ca.undernet.org (6667)
-
05[15:07] -vancouver.bc.ca.undernet.org- *** Looking up your hostname
-
05[15:07] -vancouver.bc.ca.undernet.org- *** Checking Ident
-
05[15:07] -vancouver.bc.ca.undernet.org- *** Found your hostname
-
05[15:07] -vancouver.bc.ca.undernet.org- *** No ident response
-
[15:07] [1] compromised host .
-
03[15:07] Closing Link: books860 by Tampa.FL.US.Undernet.org (G-lined)
-
02[15:07] * Disconnected
------------------- end include --------------

Re: [1] comprimised host [Re: tharkun860] #237234 19/04/12 05:09 PM
Joined: Aug 2006
Posts: 167
P
pishposh Offline
Vogon poet
Offline
Vogon poet
P
Joined: Aug 2006
Posts: 167
A few things:

1. Undernet's "Ident broken or disabled, to continue to connect you must type /QUOTE PASS #####" server challenges can be triggered when your port 113 (identd) is stealth firewalled. Try properly port-forwarding TCP port 113 to your computer, and opening TCP port 113 in your software firewall. (Whether you additionally enable mIRC's identd daemon or not, though, doesn't matter.) Also, these challenges can be triggered if your identd daemon is enabled, and if its "User ID" field is set to certain poisonous terms (like "root"), or if its "System" field is not set to "UNIX". So check those.

2. Undernet also auto-bans various Names, Emails, and Nicknames (see main ALT-O > Connect category) infamous for being used by botnets (with which Undernet has "occasional" encounters). Check yours and possibly try different settings in all.

3. Finally, a G:line is a global ban. It means your IP address is banned on all Undernet servers. The ban may have been triggered by a false positive against items 1 or 2 above. If so, and even if you fix them, the ban will remain until you either successfully petition them for its removal, or change your IP address.

So, try 1 and 2, and then change your IP address, and then try to connect again. If you're able to get back in, then you'll know it was probably one your old settings that caused the problem, and at that point, if you want, you can begin reverting to your old settings one setting at a time, re-connecting each time, until you find the culprit.

Of course, the cause could also be something entirely unrelated to your settings (how one of your present or past scripts behaved, or even a G:line against your entire netblock caused by the misbehavior of other people).

Re: [1] comprimised host [Re: tharkun860] #237237 19/04/12 05:32 PM
Joined: Feb 2011
Posts: 331
K
KindOne Offline
Fjord artisan
Offline
Fjord artisan
K
Joined: Feb 2011
Posts: 331
Try this.

http://www.user-com.undernet.org/documents/k-gline.txt

(Just a hint, section 3 is what you want)


irc.swiftirc.net #msl (mIRC Scripting Language)