UnrealIRCd

UnrealIRCd
Original author(s) Carsten V. Munk (stskeeps)
Developer(s) Bram Matthys (Syzop) and others
Initial release May 1999 (1999-05)[1]
Stable release
4.0.5 / July 28, 2016 (2016-07-28)[2]
Written in C
Platform Linux, BSD, Mac OS X, Solaris, HP-UX, Windows
Type IRCd
License GPL
Website www.unrealircd.org

UnrealIRCd is an open source IRC daemon, originally based on DreamForge, and is available for Unix-like operating systems and Windows. Since the beginning of development on UnrealIRCd c. May 1999, many new features have been added and modified, including advanced security features and bug fixes, and it has become a popular server.

Development

UnrealIRCd was originally based on DALnet's DreamForge IRCd, "a now deprecated IRC server that was the predecessor to the actively maintained Bahamut server."[3]

On July 13, 2007, Carsten V. Munk (stskeeps),[4] the founder of the UnrealIRCd project,[5] announced that a future v4.0 would be a fork of InspIRCd. Later on, this idea was dropped.[6]

With the release of version 3.2.10 in December 2012, Bram Matthys (Syzop), the current project leader of UnrealIRCd,[5] announced that development has been started on a 3.4 version. The 3.2 series will be maintained until the new version has been declared stable, which was expected to happen somewhere in 2014.[7] In October 2015 it was announced that due to the many changes the new series will be called UnrealIRCd 4 and the first Release Candidate was made available for download.[8] An UnrealIRCd 4.0.0 stable release was made on December 24, 2015.[2]

Features

Some of Unreal's features are referred to as "nonstandard",[3] in that they are not listed in the IRC-related RFCs 1459 and 2811-2813,[9] but are beneficial "from a security point of view."[3] The software "possibly has the most security features of any IRC server", including "spam filters, different styles of user bans, various channel modes to prevent abuse and flooding, SSL (Secure Sockets Layer) connection support, and compressed server connections."[3] For example, the shun command blocks a user from transmitting any text, the spamfilter uses regular expressions and can automatically ban, shun or disconnect users, and dccdeny can block files from being transmitted.[10] It includes the ability to password-protect server restart and stop commands, for operator use only.[11] The Windows version includes error reporting on startup.[11] Unreal supports linking to IRC Services, and allowing Services to change channel modes.[12] Server-side filtering can be used by administrators to block transfers of files, or certain domains.[13]

Unreal 3.2's "new-style" configuration file format is described as "more verbose" than traditional IRCd servers, which makes it easier set up; it is divided into "blocks" of related options, and has explanatory comments for each option.[14]

Reception

UnrealIRCd is "one of the most popular and full-featured IRC daemons"[3][15] and is used on the largest number of IRC servers, according to SearchIRC.com.[16] This server is described as having "possibly the most security features of any IRC server."[3]

Security issues

The tarball of version 3.2.8.1, from November 2009 to June 12, 2010, contained a trojan that allowed people to execute commands with the privileges of the user running the daemon, regardless of any user restrictions. The problem was fixed - the current tarball download is not suspected to contain a trojan.[17][18][19]

The "Firefox XPS" cross-protocol JavaScript-based attack on IRC networks was reported in January 2010;[20] UnrealIRCd developers later released a patch to set its anti-spoofing configuration parameter to "on" - the default was previously "off" - and "kill/zline/etc such connections".[21][22] It is the first question in the configuration file.[22]

See also

References

  1. "UnrealIRCd celebrates its 15th birthday!". Retrieved 2014-05-18.
  2. 1 2 "UnrealIRCd 4.0.5 released". UnrealIRCd. June 26, 2016. Retrieved June 26, 2016.
  3. 1 2 3 4 5 6 Piccard, Paul; Baskin, Brian; Spillman, George; Sachs, Marcus (May 2005). Securing IM and P2P Applications for the Enterprise (1st ed.). Syngress Publishing. p. 370. ISBN 978-1-59749-017-7. Retrieved 2011-09-10.
  4. Munk, Carsten V. (stskeeps) (December 6, 2008). "Stskeeps says goodbye". Unrealircd.com.
  5. 1 2 "UnrealIRCd Staff/Contributors". UnrealIRCd.com. Retrieved 2009-09-10.
  6. Bishop, Nathan (nate) (December 10, 2008). "UnrealIRCd Development & Future". UnrealIRCd.com. Retrieved 2011-07-28.
  7. Matthys, Bram (Syzop) (December 25, 2012). "Unreal3.2.10 released & Unreal3.4 development". UnrealIRCd.org. Retrieved 2012-12-25.
  8. Matthys, Bram (Syzop) (October 11, 2015). "UnrealIRCd 4.0.0-rc1 released". UnrealIRCd.org. Retrieved 2015-10-11.
  9. Piccard et. al., p. 402
  10. Piccard et. al., p. 371
  11. 1 2 Leadbeater, David (2004). "Chapter 15, Servers and Services: Hack 95". In Mutton, Paul. IRC Hacks: 100 Industrial-Strength Tips & Tools. O'Reilly. p. 363. ISBN 0-596-00687-X. Retrieved 2011-09-19. One of the most popular and full-featured ircds is Unreal.
  12. Leadbeater, p. 366.
  13. Piccard et. al., p. 409, 392
  14. Leadbeater, p. 361.
  15. Leadbeater, p. 360.
  16. "IRCd version overview". SearchIRC. Retrieved 2011-09-10.
  17. Bott, Ed (June 12, 2010). "Linux infection proves Windows malware monopoly is over; Gentoo ships backdoor? [updated]". ZDnet.
  18. "UnrealIRCd Security Advisory". UnrealIRCd.com. June 12, 2010. Retrieved 2011-09-10.
  19. Lederer, Christian (June 12, 2010). "Some UnrealIRCd 3.2.8.1 downloads trojaned (Update 3)". IRCJunkie.org. Retrieved 2011-09-10. (rationale)
  20. Goodin, Dan (January 30, 2010). "Firefox-based attack wreaks havoc on IRC users". The Register. Retrieved 2011-09-10.
  21. Syzop (February 28, 2010). "Browser/Javascript POST attack". UnrealIRCd.com. Retrieved 2011-09-10.
  22. 1 2 Lederer, Christian (March 1, 2010). "UnrealIRCd team releases patch against Firefox XPS attack". irc-junkie.org. Retrieved 2011-09-10.
This article is issued from Wikipedia - version of the 10/26/2016. The text is available under the Creative Commons Attribution/Share Alike but additional terms may apply for the media files.