Hey. On Sun, 12 May 2002, Tzahi Fadida wrote:
> Hi, > I was asked to put a constant irc bot (eggdrop) on my linux server. My concern is >that since it interacts directly with the irc, there could be reprecautions like >bufferoverflows, etc. also, i saw it may require me to open another port to my system. > my question are: > 1) what are the areas i should watch out for when securing the thing. > and should i even consider putting it on my server. Well there are few actualy, eggdrop are often the target for ddos attack, check they are running on safe networks. you should also make sure the people using the server know that any ilegal act (take overs dos attacks and things like that) would make them lose the account. and be ready to have a lot of complains e-mails.. also it would porbebly increase the hacking attempts to your server There are no known buffer overflows in eggdrop 1.6.x > 2) Is there a way to channel all its inter bot communication thru ssh, using some >channeling software or some addon?. You can channel the connection to the bot but not between bots > 3) In the event of a breach, is there a way to restrict its actions in some kind of >sandbox, like: using only certain ports, certain directory and no more, etc... not that I can think of.. Ely ================================================================= To unsubscribe, send mail to [EMAIL PROTECTED] with the word "unsubscribe" in the message body, e.g., run the command echo unsubscribe | mail [EMAIL PROTECTED]
