Eggdev: Re: Bugs: Question

Dariusz Kulinski takeda at eggheads.w.pl
Fri Mar 5 00:11:40 CST 2004


Hello expres,

Monday, February 23, 2004, 12:18:16 AM, you wrote:

> Hello, while browsing the net I found this:

> http://mogan.nonsoloirc.com/egg_advisory.txt

> I own an eggdrop 1.6.15 and I'm concerned about it's safety, so if you can
> tell me what might happen in this case or how I can solve the problem I
> will be very gratefull.

You need to wait for 1.6.16 or use cvs version of a bot.
If you don't link directly bots with people who you don't trust, and
make sure, that all bots have password set, i.e. by loading following
script to each bot (script requires alltools.tcl):

--- cut here ---
bind time - "0 0 * * *" time_check_for_empty_pass
proc time_check_for_empty_pass {args} {
  foreach bot [userlist b] {
    if {[passwdok $bot ""]} {
      setuser $bot PASS [randstring 12]
    }
  }
}
--- cut here ---

Script will check everyday if there are bots on userlist that don't
have password set, and will set it, this should make you safe.
Don't link bots with people you don't trust, because that bug still
could be exploited that way.

-- 
Best regards,
 Dariusz                            mailto:takeda at eggheads.w.pl
http://eggdrop.takeda.tk - eggdrop help





More information about the Eggdev mailing list