security question

Sheldon · Post by **Sheldon** » Mon May 15, 2006 8:39 pm

i have been running my bot for a few days now, and have a few scripts on it, things are looking rosy...

im actually really happy with it, it does more than i thought it could ever do
(just wanted it for logging originally)

now i have decided to let my channel users have access to it (to add themselves)... for notes etc..

but i would like to know exacly what setting to apply.... because in truth although ive done OK im not 100% sure what to do...

biggest fear obviously is opening the bot too much and have someone abuse it...

how do i set it so, its a useful tool for the channel members, but not be a sucurity risk!

please help, my baby bots life depends on it

Alchera · Post by **Alchera** » Mon May 15, 2006 8:53 pm

Refer to this page for flag information: http://www.egghelp.org/commands/core.htm#whois

Choose your users carefully, add only those you trust. Those added without owner (permanent or temporary) priviledges are not a "threat" to your bot. You'll notice when reading up on all the information available that there are levels of users i.e. owner, master &c.

Sheldon · Post by **Sheldon** » Mon May 15, 2006 9:12 pm

so your saying that i have to add the users personally??

thats OK for trusted friends etc... but isnt there a run of the mill type access for normal users?

that they can access without my intervention

i used another connection and run Mirc, and tried to get acces to the bot.... no matter what i type in, it doesnt respond to me?

set open-telnets 1
set protect-telnet 0

were the two commands i was playing with... but they dont make any difference

Alchera · Post by **Alchera** » Mon May 15, 2006 9:31 pm

so your saying that i have to add the users personally??

Yes, for party line access.

You didn't actually specify if you wanted these users to have party line access. If not, then you'll need to search the Tcl Archive for an appropriate public commands channel script.

i used another connection and run Mirc, and tried to get acces to the bot.... no matter what i type in, it doesnt respond to me?

Your hostmask altered and you were therefore unrecognised by the bot.

Using the following can assist (this lets the bot recognise you from a new address):

Code: Select all

/msg BotNick ident <password> [handle]

For the above to work make sure you have commented the following line if your eggdrop.conf:

Code: Select all

unbind msg - ident *msg:ident

Sheldon · Post by **Sheldon** » Mon May 15, 2006 9:36 pm

sorry i wasnt very clear...

the reason i logged on again under another host and nick was to test if i could get access

seeing it from my users point of view... i was hoping i could add myself.

so then i could tell the channel members how to do it?

Alchera · Post by **Alchera** » Mon May 15, 2006 9:57 pm

You have discovered how well your bot is configured.

Unless added by the bot owner or bot master no one is recognised and therefore cannot add themselves to the bot.

A script, on the other hand, if written correctly can allow a channel user to trigger certain commands based on their channel access i.e. op or voice. Most public commands scripts require users to be added to the bot otherswise they cannot access the public commands.