eggdrop hacking

[rosc2112]

http://www.wireshark.org/

[alekleet]

i never used something like this so please help me with direkt link for download , installin and run it if u can

[Alchera]

so please help me with direkt link for download , installin and run it if u can

Suddenly cannot read?

Which clickable link do you not understand? The "GetHelp" one?

[rosc2112]

Again, if you are not able to learn and figure this stuff out, you should not be running eggdrop.

If anyone here really believed there was some kind of remote exploit in the current eggdrop, we would ALL be running packet sniffers to figure out what is broke. But..We don't and so we're not.

[YooHoo]

where i can find packet sniffer ? can anyone from here help me ?

try google

[Zircon]

Before looking for a possible bug/hack, i think we should start by being sure it s not a problem related to Channel Fix, or to an IRCOP, or just due to the limited knowledge of the user to manage efficiently his bot. alekleet, start by enabling the log of the channel...I hope you know how to do that....
By the way, what s the name of your channel ?

[Alchera]

Suggestion for alekleet: Completely wipe your channel access list(s).

One of your "trusted" ops has been clumsy with his pass by the looks of all this.

[alekleet]

i`m not retarded. that guy gets @ from my eggdrops, no via server or chanfix (C) all my users on the eggdrops are trusted. last time when he get @ i was on chat and i didnt see any command for takein @ like .op nick #cc-power t.s i didnt see nothing there. and yeah now i have new eggnet with logged bots +x +d and +silence and telnet protect. i dont have now problems but that guy can take anychannel he want take it. u can close this teme now. thanks for the help and all posts. i`ll continue use this forum coz its nice one.

[Zircon]

Hi there

Just curious, what do you mean by "bots +x +d and +silence". Do you mean that the bots are in the mode +x and +d, and silence to everyone ? or you mean that the bots logs "d" events (d - misc debug information) ans "x" events ( x - file transfers and file-area commands ) ? and what +silence mean ? I think it s important to know his procesus of hackin, for preventing it in future, for you, and for every1 here.
I have a big doubt about the ability of this person to hack any of my channels

[alekleet]

Code: Select all

in the mode +x and +d, and silence to everyone ? 

yes.

[Zircon]

Code: Select all

in the mode +x and +d, and silence to everyone ? 

yes.

Well, in this case, i doubt it has any utility to prevent hacking, coz :
First : +x is a usermode that allow logged in users to hide their real host, replacing it with @username.users.undernet.org, it does nothing more.
Second : +d will allow your bot to not "hear" a thing that's said in the channels. Private messages get through. And you can see join/part/kick and change mode in the channel.
Third : /Silence will prevent your bot from receiving any private/notice/ctcp message.

[Alchera]

i`m not retarded. that guy gets @ from my eggdrops,

No one said you were.

Secure shell? Channel passes (in scripts) secured?

Wipe the user file and delete the backup. Wipe the channel access list(s). Change the eggdrops nick pass and manually identify it to services.

It's not an eggdrop bug/hack.

[iamdeath]

Sorry for jumping in when seniors are already suggesting and can suggest better than I could. Anyway I thought to share a few of my thoughts maybe this could help the owner of this post.

I am basically a user from Undernet network, I have a channel with has no X so a friend of mine has lended me a botnet to protect my @op. The botnet consist of 8-10 bots. There is nothing special about those bot they're as simple as any. But there are 2 botnet files we're using on every eggdrop. Here are those files:

File 1
File 2

Not only that we also use silence on each bot, each means all the passive bots are using Silence not the hub bot. If all the bots have silence then how can we access the botnet? ehh

Code: Select all

putquick "SILENCE +*,~*@undernet.org,~*@*.undernet.org"
putquick "SILENCE *"

using that silence code will allow only users who are logged in X can access the bot, those who are not auth`d or logged in X will not be able to communicate with the bot. So in a way your bots become a lil secure from any kind of flood attacks. Usually flood comes from drones/floodbots which are not logged in X. So that command is quiet helpfull to protect your bots.

Another thing, add these two lines at the bottom of your config file. This will not allow anyone adding their host knowing the password. For example, if a friend of mine knows my password of bot but he/she does'nt have his/her *!*@host added in the bot. So through the addhost command he/she can easily add the host and get in the DCC and mess with everything. So if you unbind it, the bot will not react on this command. We use it on all the bots to protect ourself from adding host even if someone knows the password. If any op wants to add their host, we verify everything we find out we investigate then we add host. Which is quiet Secure.

I will also recommend you DO *NOT* , I repeat maybe you did'nt read DO NOT add anyone with auto op flag. I've experienced it, it is way insecure to give anyone auto op flags. How hard is it for someone to perform: /msg botnick OP password?. So there is no point of giving someone +a chattr.

Also use strictop mode and use any good +bitch or strictop script, you can ffind them from Archive easily.

These are minor things but if you follow them all, you will neverbecome opless.

If still there is something left do let me know.

peace
iamdeath

[alekleet]

hey imdeath thank you now i dont have problems , i access my botnet via telnet i have too telnet-protect so jus i can access the via telnet. when that guy get @ last time i have the script bitchxpack (if anyone give op the bots make deop to +o and +o-ed) and + .netcahnset +bitchx but he get op without any problem , i was on the chat with the hub and i didnt see nothing. anyways thank you all .

[nml375]

One thing that passed my mind, is that the normal bitch-mode does not trigger when the opper is identified as a bot or master. With superbitch.tcl there are a few settings to alter it's behaviour:

• sb_canop (default: "m|m")
  The flags for users who are allowed to give op to users with the flags specified in sb_canopflags.
  
  Valid settings: set in globalflags|chanflags format (e.g. "m|m" means global OR channel master, "m|-" means global masters only), or set to "" to specify that no users are allowed to op.
• sb_canopflags (default: "o|o")
  The flags for users who are allowed to be opped by users with an sb_canop flag.
  
  Valid settings: set in globalflags|chanflags format (e.g. "m|m" means global OR channel master, "m|-" means global masters only), or set to "" to specify that no users are allowed to be opped.
• sb_canopany (default: "b|-")
  The flags for users who are allowed to give op to anyone. This setting ignores sb_canop and sb_canopflags (e.g. you can set sb_canop to "" but users with flags specified in sb_canopany will still be allowed to op anyone).
  
  Valid settings: set in globalflags|chanflags format (e.g. "m|m" means global OR channel master, "m|-" means global masters only), or set to "" to specify that no users have the 'can op anyone' privilege.

Bitchxpack does no deopping or such, all it does it try to camouflage your bot as a BitchX client. Since you use server-side Silence, it would'nt be doing much at all (all it does is give bX-like ctcp-replies).

As for seeing things on the partyline, you'd be best off being logged onto the actual bot doing the opping. Also, as I believe I mentioned before, using the .channel command helps seeing who's identified as what.

In any case, from what you (and others) have explained 'bout those modes, the only way for anyone to access your bot would've been through telnet. If I understood you correctly, you've set up some firewall rules to prevent others from accessing the telnet-ports? If this indeed helps, it would further indicate this being an issue with telnet-ports..