Yeah this is off topic, but I know there are a lot of IRC server admins on here, so I think this will help stop the spread of this exploit. Syzop has written a little module that will detect the bad DCC send and block it from ever reaching the user. I strongly recommend that if you run UnrealIRCd you install this module to protect your users!

(Sorry if anyone considers this to be spamming, I'm just trying to help stop this exploit from doing more damage than it has already done).

You can get the module at http://www.vulnscan.org/UnrealIrcd/modules/AntiDCCBug-latest.tar.gz

So far, every post that I've read on this subject says that it's just 6.1x that's effected. I tried this exploit on a friend who is running 6.03 and it worked.

As you can see at http://www.irchelp.org/irchelp/mirc/exploit.html the exploit affects all versions of mIRC from 6.0 to 6.11.

Regards,

Someone tried this exploit on a channel with me and about 15 people "died", but I (using mIRC 6.1 at that point, 6.12 now) was completely unaffected. Perhaps it was thanks to some scripts I was running...

this module is great!! thank you to syzop for making it!

I was wondering though, would it be difficult to change it so instead of sending out a local server notice to eyes users, it would instead send out a globops so opers on the whole network could see when a server blocks an exploit attempt?

i only wish that you all would at least let me know what the exploit attempts to do, even if vaguely. Additionally, can someone add some code to auto ban someone that uses the dcc exploit, as well as identify them?