This is the new home of the egghelp.org community forum.
All data has been migrated (including user logins/passwords) to a new phpBB version.


For more information, see this announcement post. Click the X in the top right-corner of this box to dismiss this message.

help!

Old posts that have not been replied to for several years.
Locked
t
techman47
Voice
Posts: 21
Joined: Thu Jan 16, 2003 9:54 am

help!

Post by techman47 »

I am a little confused on the OP'ing of users via my eggdrop bot. Right now I give my channel OPs flags "foa" and also add their hostmask. Is this a safe way to OP my users or should I have my OPs supply a password to the bot to OP them.
User avatar
gumbydammit
Master
Posts: 311
Joined: Thu Sep 05, 2002 4:52 pm
Location: Canada
Contact:

Post by gumbydammit »

im not a fan of autoops so i would say remove the +a and make them use a pass and a /msg command... if they wish to be autooped get them to make their scripts send the command auto
That way is safer in my opinion because there is still a need for a pass
M
Moonster
Halfop
Posts: 95
Joined: Wed Nov 13, 2002 5:39 pm
Location: Manchester NH USA
Contact:

Post by Moonster »

Typically Users are added via the bots and then at that moment when the user is present upon addition they send a password to the bots to set. The users can then request their ops from the bot (Typical User flags of fgov) Some channels utilize special mirc scripting that has their users request ops securely from scripting that Verifies the bots name and host (to aid in them not sending their pass to a Mirc (very bad)) Or if your bots names are unique and no one else would want them. But in general AutoOp Flag is a VERY Bad Idea.
t
techman47
Voice
Posts: 21
Joined: Thu Jan 16, 2003 9:54 am

why?

Post by techman47 »

Ok, why is the auto-op flag bad? I have read several places where they say it is bad also, but they fail to go into detail about it. If you give them the +a flag with their hostmask, how can anyone duplicate it? I feel by using the password routine, you are giving the user a chance to mess around with your bot. no so if you do the +a flag.
s
spock
Master
Posts: 319
Joined: Thu Dec 12, 2002 8:40 pm

Post by spock »

the auto op flag is bad because a person only needs to match the hostmask of an already added user. no other authentication needed.

this means that any users you have added with dynamic hosts are VERY insecure.

with only the o flag, people will have to match the hostmask, and supply a correct password.

using the password routine will not let anyone mess around with your bot. infact, they can set a password on your bots right now, with the foa flags.

if you dont want people on your partyline, edit your .conf like so:

set require-p 1

users can set a pass and op up like this:

/msg bot pass their-password
/msg bot op their-password

to remove the autoop flag:

.chattr handle -a <#chan>
photon?
t
techman47
Voice
Posts: 21
Joined: Thu Jan 16, 2003 9:54 am

...

Post by techman47 »

Ok, you have convinced me. I'll go back to the password routine. I was using it before, but it would never OP the OP's in my channel. I think the reason was because I never added the users hostmask to their user record in the bots. Thanks for all who replied.
M
Moonster
Halfop
Posts: 95
Joined: Wed Nov 13, 2002 5:39 pm
Location: Manchester NH USA
Contact:

Post by Moonster »

You were prolly using .+user whereas .adduser adds their hostmask at the same time.

Good rule of thumb is Dont add anyone unless they are right there to set a pass on the bots.
t
techman47
Voice
Posts: 21
Joined: Thu Jan 16, 2003 9:54 am

Post by techman47 »

BeastNH wrote:You were prolly using .+user whereas .adduser adds their hostmask at the same time.

Good rule of thumb is Dont add anyone unless they are right there to set a pass on the bots.
Ok, thats why it didn't work. I was using .+user. Thanks!
M
Moonster
Halfop
Posts: 95
Joined: Wed Nov 13, 2002 5:39 pm
Location: Manchester NH USA
Contact:

Post by Moonster »

np glad to be of assistance
Locked