Results 1 to 7 of 7

Thread: Irc safety

  1. #1
    Join Date
    Jun 2002

    Irc safety

    I just answered that irc bnc question, it inspired me to create this.

    On IRC you have to be careful of files that are sent to you without permission. Some people, in an attempt to circumvent the /dccallow simply allow all files, well DON'T DO THAT!!! Often, when you enter a popular channel, files will be sent to you without your permission, I once got a file called "list.exe", sent to me without permission from "chanserv". I don't want to explain the chanserv trick as this is safety, not anonymity, plus it is kinda malicious. I found "list.exe" in my folder of downloaded files, I hadn't downloaded anything, so I scanned it, lo and behold, there was an IRC trojan. A great way to make enemies. many IRC trojans don't just provide access to your system, IRC users use YOU to spam other users with messages to join other channels or to check out certain websites, like I said, a great way to make enemies. So always make sure you don't accept just any file, this can be verified using the options and going to the "DCC" section.

    One important thing to remember on IRC, is that users can find out your IP address. This is pretty important, because many warscripts have built-in port scanners. So firewalls are paramount for IRC usage, because even if you use a BNC it is very simple to find out a person's IP address, (sorry, i don't want to mention that trick here as well, since I am kinda scared of getting neg points! ) so firewalls are a very important line of defense. And you can even set up a filreserver with a firewall. With products such as zonealarm it is as easy as click the server box next to your IRC program. In other firewalls, just pick a port that you want your fserver to use, not all fserve scripts have this option, but I know invision does. It is a good alternative to using the common port 59 for DCCs.

    Irc proxies, called BNCs are also very useful at times. Now, I personally wouldn't trust a free BNC, even though some work, make up another account to use on them, because BNCs can logs all activity so if you logon to a server using one and then you use your nickserv password, the BNC admin could log that info and then use it whenever he or she likes. To be safe, get a shell account, and set up a BNC on the shell. These are not only safe, but fun as many shell providers have vhosts for IRC so you can make your host name something like "i.like.big.butts.and.i.cannot.lie.net". Many shell providers offer these vhosts, different shell providers offer different vhosts, so find a really funny one to amaze all your IRC friends. Also, BNCs are useful if you were unafirly banned from a channel.

    Now, some warscripts, have backdoors built right in to them. These are very dangerous, as people can find out the version of MIRC you are running by typing "/ctcp version NICKHERE". To get past this, simply use a trustworthy MIRC script, I like invisions and excursion. And there is one more thing in this section to remember, some versions of MIRC, most notable MIRC 5.3 have exploits, which can crash a system or just the IRC client. To keep safe, just always use the most up to date version of your script or of MIRC. I think there is something like MIRC ver. 6.

    And one backdoor that is very common. People will often say something like, "type this in your mirc to get op status in every channel!". It is usually something thats starts with "//.write", "//.$decode", or "//.$encode". These actually create backdoors, I don't know how these work, and nobody I have asked on IRC knows. Even the security channels. But never type those in. But if you have you can find instructions on removal and security at http://slacker.to/decode.cgi.

    NEVER EVER GO TO A SITE THAT HAS BEEN GIVEN TO YOU IN A MESSAGE! ESPECIALLY IF IT IS FROM SOMEBODY YOU DO NOT KNOW! OR ESPECIALLY IF IT IS TELLING YOU TO DOWNLOAD A FILE!!! Often, people try to have others go to a site and download trojans, they are named all kinds of things, like "modembooster.exe", "cableuncapper.exe", "britneyspears.mpg", "angelfirecrack.exe", "drunkmanbing.mpg", "operator.exe". Never download those please. Not only will you get infected, but you may start to spam others.

    Those are all the good safety tips I can think of right now, as I find more, I will post them.

    And sorry for bumping this post guys, I did not know what the button did and I wanted to try it, and I figured it was safer to try it on my post than another person's post. So sorry if that was annoying. If anybody could explain the button to me, why it is there, it would be appreciated.

  2. #2
    Join Date
    Jun 2002
    And one more thing, is using the bump button offensive? Just wondering, because sometold withheld greenies cuz i used it (not blaming, just wondering), so i really really don't want to make that mistake again. so please tell me if it is, and i won't use it anymore.

    Come on, I am sure somebody knows the answer to my question. Please help me out here.

  3. #3
    Senior Member
    Join Date
    Apr 2002
    You can use the bump button... at least that's what it is there for at least. But wait until things fall down the page a bit (ie. not when the post is like #2 or #3 on the front page) and don't keep repeatedly bumping posts up to the front page after they fall off (there's discussion in this thread about possible changes to that button, but it's ultimately up to JP).
    \"Windows has detected that a gnat has farted in the general vicinity. You must reboot for changes to take affect. Reboot now?\"

  4. #4
    Fastest Thing Alive s0nIc's Avatar
    Join Date
    Sep 2001
    yeah.. ive always wondered what those //$decode and whatever sytax does..

    my hunch is.. normally its //$decode THEN a bunch of random characters. my guess that those characters are encrypted commands, and IF decoded will execute certain commands.. basic arbitary code technique..

  5. #5
    AntiOnline Senior Member souleman's Avatar
    Join Date
    Oct 2001
    Flint, MI
    One of the nice things about mIRC is that you can customize anything. You know that /ctcp <user> ping will send a ping to <user>. Well, you can program your mIRC so that when it receives a ping, it doest reply or replys with "6 hours and counting" or whatever you want...
    ctcp ^*:PING:*:{ .halt } <---will not reply...
    When you download a "script" like Showdown or something, there are a bunch of commands like this placed int the remote file.

    Ok, so lets say we create a bunch of events like that, which allow you to use ctcp to control the remote computer. Then you use the write function to write a new remote file with all those commands... Now, what? Well, mIRC includes encode and decode. encode is really weak encryption. and decode is used to decode it. So if you use encode on that sting of commands you came up with, you will get a bunch of MIME encoded charters....really weak encrypting, but still encrypted. So you tell someone, hey, type
    //$decode(Ffnakhvaihiowy857yrTETVAE4hihv 439)
    and wham, they have just installed your "backdoor".

    btw, that decode statement is just a bunch of gibberish (I think, I didn't actually encode anything). Also you may be wondering why its //$decode? Well, $decode is the command. You precede all commands in mIRC with a /. So /$decode will decode the statement. So why //$decode? The first / will execute whatever is decoded. If you just do a /$decode(whatever) then you can see what they were trying to send you, without actually executing it....
    \"Ignorance is bliss....
    but only for your enemy\"
    -- souleman

  6. #6
    Junior Member
    Join Date
    Jun 2002
    First of all , Hi evry-1 ,
    Second , One little remark about the ShowDown script .
    It is loaded with backdoors and you can find em in the 'Utils' directory of the showdown main Directory .
    Strangly enough most virusscanners will not find anything (like mcafee,norton,etc)
    I found them after a so called 'context menu scan' with an Ontrack scanengine ( context menu means you can activate the engine to scan a file if you rightclick it in Explorer )
    My normal routine scan of the whole C:\ station (wich i do almost every day) never showed it at all (not even now after i discovered it with the context menu scan)
    As long as you use the showdown script just to chat , maintain a 'friendlist' , play with popups , there should be no problem . . But stay away from the socalled war-utilities , because as soon as you activate those exe files , some will install trojans and give hackers access to or control over your machine/irc client .

    So to summarize : Don't make the mistake of feeling save by scanning for viruses with just one scanner engine , but get another one for a 'second opinion'
    and make sure your viruslist is up to date .
    You might also want to try one of the many 'Online Virusscan' services (easely found on google) because they generaly have the most up to date virusdefinitions handy

    greetz ,

  7. #7
    Join Date
    Jun 2002
    Thanks for that net, I actually didn't know that. I have only ever used one script for IRC. Thanks. It was helpful. And thanks to everybody else who posted here.

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts