Security issue with my botnet

[GQsm]

a user on my bots that had +hp global flags somehow gave himself +nm , I'm using eggdrop 1.6.6.

dcc:tcl and dcc:set were usable but only by owners "set must-be-owner 1"

I was the only +nm user before he did it, so no-one else could have given him the flags.

tcl scripts I have are netbots 3.80 and mel eggdrop logger. He said he did the changes days ago and my eggdrop logs are only kept for 1 day so I have no clues from my eggdrop logs.

Can someone tell me how he could have done it or what precautions I need to look into.

Thanks
A worried botnet owner.

[ppslim]

Suegestions would be to ask him how he did it.

What version of mel are you running?

[GQsm]

mEL v1.55:

and i've asked him how, but he wont tell me. He finds it amusing, and useful for trying to blackmail me.

[ppslim]

Blackmail him - remove him from the bot, ban him and add a .+ignore to the bot for his host.

See how long he laughs for then.

[GQsm]

If hes hacked one of my shell accounts then that wouldn't really stop him would it?

What are the possible ways he's done this? then I will look at fixing them all.

[ppslim]

CHMOD all userfiles and channels files 700.

Each time you login to your shell account, check which host last logged in. If one that isn't yours shows up, e-mail the shell admin, and tell them they have been intruded.

Change your passwords, make sure your eggdrop and shell passwords are different.

Load lopfile.tcl component of netbots, and have logs e-mailed to yourself daily. Turns all log flags on.

Enable console mode r in config file, and ".console +r" yourself. Trick him into proving to you he can do it in front of your face. This console trick should provide you with the network dumps required to find out how he did it.

[Petersen]

$ last |grep petersen

invaluable tool too see if your shell has been hacked (replace petersen with your username)