server connect in eggdrop.conf

frost · Post by **frost** » Sun Dec 05, 2004 11:40 pm

hello

i need use encrypted server password in my eggdrop .conf (md5 ?)
its possible this?

ex:

set servers {
eggdrop.serv.com:6667:$miYrkOEt$OM2iUZIFemJwLRQdpNCYUQ==
}

thankx

demond · Post by **demond** » Mon Dec 06, 2004 1:18 am

no, it's not

why would you want to do this? doesn't make sense

frost · Post by **frost** » Tue Dec 07, 2004 2:20 am

demond wrote:no, it's not

why would you want to do this? doesn't make sense

hackers programs show easy the server pass put in the eggdrop.conf in plain text

my ircd server have passwd and need connect with eggdrop but not in plain text

thankz

metroid · Post by **metroid** » Tue Dec 07, 2004 2:44 am

Well you can't then?

demond · Post by **demond** » Tue Dec 07, 2004 11:36 am

if you have allowed hackers to break into your shell, you are in much bigger trouble than revealing some IRC user connect password

frost · Post by **frost** » Tue Dec 07, 2004 5:31 pm

ok i understand
eggdrop not support encrypted server password

ok the solution is change eggdrop bot service

thankz

demond · Post by **demond** » Tue Dec 07, 2004 5:50 pm

the solution is to secure your shell account

or/and run encrypted eggdrop (not 100% secure, but will discourage not-so-eleet hackers from inflicting harm on your IRC endeavors, should they break into the shell)

]Kami[ · Post by **]Kami[** » Wed Dec 08, 2004 3:37 pm

You should try psotnic, because if im not wrong it encrypts bots config file.

demond · Post by **demond** » Wed Dec 08, 2004 4:17 pm

encrypting config is not enough

I was used to patching eggdrop to encrypt config, user/chanfile, scripts and bot-to-bot traffic, some years ago, in the epoch of efnet channel wars (I can't believe I wasted my time with this hehe); yet the decryption key has to be stored somewhere, and it's only matter of time for a determined hacker to crack to bot executable, once he or she has access to it - but given that 90% of crackers are not that determined or/and skilled, you can have pretty good degree of security with totally encrypted bots, if you need your unregistered channel that bad hehe

KrzychuG · Post by **KrzychuG** » Wed Dec 08, 2004 4:26 pm

I don't recommend psotnic because of few resons. He need eggdrop and it's scripts. Psotnic doesn't support that. You can add own modules to that bot, but you must know C++ a little and write it by yourself. Psotnic will have problems on other networks that IRCnet (same as Evangeline). Config files, userfile and chanfile is encrypted. Bot is available only as binary, so it is a little bit better protection than in Evangeline (which is distributed as source code). In that case you can use tcl pro bytecode compiling to compile config file into non-human readable form.

demond · Post by **demond** » Wed Dec 08, 2004 4:35 pm

I suppose user will be smiling reading this, he mentioned somewhere he wrote a decompiler for TclPro

which was to be expected, given that there are many decompilers for Java bytecode