On Sun, 12 May 2002, Tzahi Fadida wrote:
> I was asked to put a constant irc bot (eggdrop) on my linux server. > My concern is that since it interacts directly with the irc, > there could be reprecautions like bufferoverflows, etc. > also, i saw it may require me to open another port to my system. In general eggdrops are pretty safe. Buffer overflows could be found in any other application like sendmail, named, wu-ftpd, innd as well. So running eggdrop doesn't mean that your server becomes wide open. Of course there are some specific issues for eggdrop. It may bring script kiddies to your server if bot is used in some kind of irc war. There is much more possibility that people will try to hack your box to get access to the bot that try to hack your box through eggdrop. But if you are not planing to take over #warez or messing with wrong people no one will bother you. You don't need to open another port if your bot won't act as hub but only as a leaf. > my question are: > 1) what are the areas i should watch out for when securing the thing. > and should i even consider putting it on my server. There is nothing wrong in putting bot on your box when it is done right and you understand what you are doing. Compile only modules you need and go through configuration file line by line. There are number of parameters to understand and set up right. This applies not only for security measures but also for bot's behavior on irc. One of things you may want to disable is direct tcl commands. Choose who is having access on bot carefully, pay attention to what botnet it's connecting and don't load untrusted tcl scripts. Additional tips may be found on http://www.egghelp.org. > 2) Is there a way to channel all its inter bot communication thru ssh, > using some channeling software or some addon?. Eggdrop uses blowfish encryption for inter bot communication. > 3) In the event of a breach, is there a way to restrict its actions in some kind of sandbox, like: using only certain ports, certain directory and no more, etc... I guess usual rules apply here. Run it from dedicated user or even try to chroot it. Cheers, Boris ================================================================= To unsubscribe, send mail to [EMAIL PROTECTED] with the word "unsubscribe" in the message body, e.g., run the command echo unsubscribe | mail [EMAIL PROTECTED]
