Hey,
I was wondering how to enable/disable the displayment of oper-failure passwords, for example:
-irc.test.com- *** Network-Global -- Failed OPER attempt by: Plasma (~[email protected]) using UID Plasma [---]
How would I replace the --- with the password used upon oper failure? Can this be logged if not globalnotice'd across the server?
PS: Please ignore any irregularities with the above message, its just from memory ive written it.
Running UnrealIRCd 3.2
Thanks
oper failure notices
Try the operpasswd module by AngryWolf:
http://angrywolf.linktipp.org/operpasswd.tar.gz
http://angrywolf.linktipp.org/operpasswd.tar.gz
Great idea!
Would you like to have your password broadcasted to all opers on the net if you typod it?? (it's often easy to recover the real password)
Or log it in log files? "bad people" just *LOVE* that information! [think: "oops I forgot to set my logfile with the correct permissions", "oh I put the log online but forgot to delete it", "oh I made a backup of old logs but left the .tar.gz somewhere with incorrect permissions", etc etc]
I see this all the time...
Would you like to have your password broadcasted to all opers on the net if you typod it?? (it's often easy to recover the real password)
Or log it in log files? "bad people" just *LOVE* that information! [think: "oops I forgot to set my logfile with the correct permissions", "oh I put the log online but forgot to delete it", "oh I made a backup of old logs but left the .tar.gz somewhere with incorrect permissions", etc etc]
I see this all the time...
hmm... miss ya syzop!
FBSD-DEV Project
http://www.fbsd-dev.org
YatesDev Hosting
http://www.yatesdev.com
The Wrong Way
http://www.thewrongway.net
http://www.fbsd-dev.org
YatesDev Hosting
http://www.yatesdev.com
The Wrong Way
http://www.thewrongway.net
I totally agree with Syzop.
"[---]" (meaning the authentication was failed) is a short explanation to inform opers why the oper login was failed, not the place for passwords. It can be a few other things, like so:
1. [unknown oper]
2. [host doesnt match]
3. [maxlogins reached]
If you feel like seeing passwords, I suppose you haven't thought of the following situations:
1. What Syzop (and codemastr) already mentioned many times, in most cases bad passwords are due to typos.
2. When the password is right, but [maxlogins reached], [host doesnt match], oper name's mistyped, etc. Easy and often-made mistakes.
3. The sslclientcert authentication doesn't want a password. It accepts anything for passwords. Many opers can forget to use an SSL connection or the correct certificate. Why to see the password then?
4. It's possible that a nice server admin will mess up the configuration files accidentally, and your oper block will temporarely be gone.
5. You are an IRCOp on an other network, but you forget to connect to the right server. And everyone knows the continuation of the story.
Oh, and before anyone asks, I have the reasons why I coded the operpasswd module, I'm not crazy.
"[---]" (meaning the authentication was failed) is a short explanation to inform opers why the oper login was failed, not the place for passwords. It can be a few other things, like so:
1. [unknown oper]
2. [host doesnt match]
3. [maxlogins reached]
If you feel like seeing passwords, I suppose you haven't thought of the following situations:
1. What Syzop (and codemastr) already mentioned many times, in most cases bad passwords are due to typos.
2. When the password is right, but [maxlogins reached], [host doesnt match], oper name's mistyped, etc. Easy and often-made mistakes.
3. The sslclientcert authentication doesn't want a password. It accepts anything for passwords. Many opers can forget to use an SSL connection or the correct certificate. Why to see the password then?
4. It's possible that a nice server admin will mess up the configuration files accidentally, and your oper block will temporarely be gone.
5. You are an IRCOp on an other network, but you forget to connect to the right server. And everyone knows the continuation of the story.
Oh, and before anyone asks, I have the reasons why I coded the operpasswd module, I'm not crazy.
Of course I dont want oper passwords broadcasted across the server, im sure ive mistyped mine a few times.
Id prefer it logged in the event that I have people attempting to oper up (and notice them failing continiously) and wonder what they are doing - have they got a variation of an oper password that they shouldnt have? Or are they just trying random guesses?
It doesnt really concern me, but I do like the oper up protection on the module which is neat.
I do however like the fact that the password is NOT broadcasted to everyone by default (its happened a few times on the IRCd im on at the moment, not Unreal - ill be switching
) and so I know it can be uneasy and a pain to deal with.
Thanks for the replies
Id prefer it logged in the event that I have people attempting to oper up (and notice them failing continiously) and wonder what they are doing - have they got a variation of an oper password that they shouldnt have? Or are they just trying random guesses?
It doesnt really concern me, but I do like the oper up protection on the module which is neat.
I do however like the fact that the password is NOT broadcasted to everyone by default (its happened a few times on the IRCd im on at the moment, not Unreal - ill be switching
) and so I know it can be uneasy and a pain to deal with.Thanks for the replies