Forums Feature Suggestions Auth-Hack protection?

Dear mIRC-developer-crew,

recently the amount of take-overs and auth-hacks terribly increased @ quakenet. The the scheme the overtakers/hackers use is almost always the same. They try to make the "victim" execute a command, which has to do with the function "play". Mostly it is used as "/play perform.ini" or "//.play $decode(stuff,which,means,nick+perform.ini)".

I would like to suggest a new feature for future versions, the so-called "newbie-mode" (or however it should be called), which detects (if activated), whenever a harmfull script-code should be executed, stop the execution (or don't let it start), until the user confirms, that he wants the script to be executed. A notice about the harm (auth-hack, takeover, etc.) that could be caused by the script would be very usefull. This way the users had the chance to avoid being auth-hacked. This mode should be enabled by default, and there should be a checkbox added at "options" to enable/disable this mode.

This feature would make quakenet a more peaceful place i guess. I would really appreciate a feature like that.

Thanks for your attention.

Best regards

Andy Z.

Though I do share the idea, its almost pointless. Why allow people to be ignorant to such scripts. You cant block all scripts, and all harmful code from the user=--its impossible. If you developed a way to stop "execution of code" that say had /play or $decode in it, what's stopping the next generation of harmful code? I mean Khaled has already stopped //$decode(...) because it was harmful, and users found a way around that. Just stopping play will create a whole new scheme.

People have to stop playing ignorant, and start realising not to type every single thing some kid PM's you are notices you. Start taking some responsibilty for your actions, and assume everything isn't goign to safeguard you. If people can't watch out for themselves, why should they expect someone else to do it for them?

I suppose it wouldn't hurt to have every scripting command disbaled from the command line, by default. Ofcourse there would be an exception for commands like /me. Atleast then, the ignorant user has to accept a file to harm himself. There could be a Dialog similair to the DCC ignore dialog made for this feature. Command line is re-disabled after 3 minutes or so.

Most newbies don't need the ability to execute powerful commands from the chat window. Most advanved users would have no problem going to mIRC options, and enabling the ability. I think it would end these problems once and for all, And wouldn't harm the advanced user.

There are commands in mIRC that can ruin your operating system, from the chat window, Again, that power isn't needed by the newbie. It makes mIRC look bad, and even though we shouldn't coddle 'ignorant' people, there's also no reason to make life so easy for wicked people.

Also people have used the possible abuse of this power to deny useful feature requests such as $regread. So it is already a problem for advanced user and newbie alike. Right now we have to be very careful of what is added to mIRC incase a newbie get's screwed with it in a chat window..

There is no way to protect an ifnorant user from himself. If you block commandline access to all commands, the people tricking the newbies now will just tell them to deactivate that first or their magickal command to save them won't work. And then the newbie will be grateful the idiot suggested this, deactivate the commandline block, and type up the command.

I see your point, and you are right, Though if a newbie willingly disables the security feature, It takes some of the blame off mIRC. Ofcourse, it doesn't solve the problem of the security being compromised. Although it might stop a certain % of it.

From mIRC's perspective, If a newbie has enabled it, and ignored a clear warning, then it is their own fault. Right now, mIRC do have some responsiblity in unleashing a powerful langauge in a chat enviroment, where a newbie might not expect they are using anything but a normal chat program.

Actually, there is never any blame on mIRC. There is a part of a person's own responsibility. Which in my book means: 1] get to know your program 2] if someone tells you to jump, ask them not how high, ask them why. No one is responsible for the loss of channels/nicknames/passwords but the owner, and quite frankly, a person who wishes to run a channel should have enough experience on IRC to know these tricks exist. I'm willing to bet that most of the people losing channels/nicknames/passwords are the bigger newbies, who barely have a few ghours under their belt when starting a channel cause they want the nice @ next to their nick.