Page 1 of 1

Services Security

Posted: Fri Dec 30, 2005 4:28 pm
by tylertuller
I'm using Unreal but I'm having some problems with my services. There are some rouge users who have found some kind of bug in chanserv and nickserv which allows them to make themselves sops and effectively take over channels. Any one ever heard of this? Any way to patch it?

Thanks

Posted: Fri Dec 30, 2005 4:41 pm
by Syzop
You didn't mention which services you use, but.. I presume anope or ircservices? (if not, then that might be your problem ;p)
First of all, be sure to always use the latest version (eg: anope 1.6.4 / anope 1.7.13 / ircservices 5.0.56). That said, I haven't heard of any anope/ircservices issue with regards to hacking into accounts for a loong time.

Second, don't be surprised if it turns out it isn't a security issue after all, but just user stupidity (email or nickserv password hacked).

In any case, pretty much all services log.. so that would be a nice start to see if you can find something there (like: logins into nickserv from incorrect people).

Also, as a last resort, you could run services in debugmode (./services -debug) to catch any command people execute. That will massively flood your screen or log, but it is as lowlevel / as much info as you can get :P.

Hope it helps.