Category Archives: technical

Javascript spam

Posted on by

You may have noticed some unusual amounts of spam over the past few days, which has had an impact on a number of channels.  This spam is the result of some malicious javascript being distributed on a number of webpages which causes visitors to these pages to make a connection to freenode and send spam.  While we are doing what we can to mitigate the spam, we would ask that you take a careful look at any unusual sites or URLs you might visit in the near future to be sure you are not being tricked into visiting such a site.

If you have been banned from the network after clicking on one of these links, please email klines@freenode.net with your internet-routeable IP address. Visit http://myip.dk/ and include both the IP address and hostname provided on this site.  It’s also helpful if you let us know what nick you were using at the time.  We will address these requests as quickly as possible, but please be patient.

It is of course never a good idea to visit a link that’s not from a trusted source.  If you must do so, look into using a browser with limited or no scripting support (wget from the command line is a great solution here on linux, as is links) or using something like no-script for firefox.

If you run a channel on freenode, you might want to consider setting +R to prevent unregistered users from sending to the channel as the spambots described here will not be registered.  If you do so please consider being proactive about contacting unregistered users joining your channel to ensure they get the help they need, and feel free to send them to #freenode so network staff can help them register.

For users, now is an excellent time to register your nickname and setup your client to auto-identify.  You can find information about registering here.  Configuring your client to auto-identify varies depending on the client, but one easy way is setting up your client to send the nickserv password as your server password. Most clients have an option for this.

It is also worth noting we will be moving to a new ircd in just 13 more days, as described here.  This new ircd provides a number of exciting new capabilities including improved capability to deal with spam of all kinds, including this most recent type which is entirely mitigated by improvements in seven.

Possible SORBS closure

Posted on by

Short blog post this evening but an important one!

I suspect many of you rely on the SORBS DNS blacklists to help provide spamless emails.  Sadly infrastructure support is being withdrawn by the current providers leaving a significant void to effective spam handling.

I encourage you to read over the articles on  http://www.au.sorbs.net/ and if at all possible offer assistance.

Thanks!

New freenode webchat (and why to use it)

Posted on by

As of today we have disabled access to the freenode irc network via mibbit.  While there are numerous reasons for this, it ultimately comes down to the ability to prevent abuse via this client.  We allow connections from many types of web gateways, and such connections require a certain amount of trust and communication between the server operators and the gateway operators.  While we have tried to maintain a good working relationship with anyone who wishes to provide access to freenode and are lucky that most of our users and projects are very friendly and communicative, we have found it difficult to maintain open communications with mibbit.  This has resulted in a large amount of staff time being spent on managing abuse coming from mibbit, disrupting service for other mibbit users and reducing the quality of the network.  Sadly, we feel that this is ultimately not beneficial to mibbit users or the network as a whole.

We apologize to those who used mibbit for the inconvenience this has caused, and for the need to find a new client or method to connect to freenode.

In response to this, we have implemented our own web gateway at http://webchat.freenode.net.  The webchat runs qwebirc package which was developed for and extensively used by quakenet. We’d like to extend our thanks to Chris “slug” Porter and the rest of the team for making it available.

Some of the features of qwebirc can be found here.

Our new webchat facility also makes it easy to add to your own site.  To do this, just click on the menu icon on the top left corner where you will find an “add webchat to your site” option.  You will be taken through an easy wizard to get this going and get the webchat on your very own site!

freenode Network Services Cleanup and Changes.

Posted on by

As announced previously, we have recently (as of Thursday, June 10th) pruned our nickserv and chanserv databases.  We also performed some additional updates and modifications.  While the most obvious change of this will be that any nicks older than 60 days have been dropped, there have been some additional changes implemented as well.  In addition, we have added a new webchat service for users who wish to irc from behind a firewall disallowing a more direct connection.  You can try it out here!

First, we have made a modification to make it easier to identify, as long as your client supports a server password.  Previously, users were able to identify by using a registered nick and sending the password for that registered nick as their server password.   You can also now identify on connect regardless of nick by providing both your account name and password, as follow: “/connect irc.freenode.net 6667 :mquin uwhY8wgzWw22-zXs.M39p.”  This will identify you upon connection.

As a result of this change, we have removed the requirement to group an alternate nick before requesting an unaffiliated cloak.  The requirements for a cloak are outlined here.

Group Contacts are welcome to check in with us within the next 4 weeks to resolve any issues that may have arisen as a result of the pruning.   If you are a group contact, and have any issues as a result of this maintenance, feel free to drop in to #freenode and ask for assistance.

As always, thank you for using freenode, and have a great day!

[Scheduled Maintenance] Services database clear-out.

Posted on by

This is just to let you know that we will soon be performing a fairly substantial cleanup of the NickServ and ChanServ databases.

We’ll be dropping all expired nicknames. As explained in the FAQ, nicknames on freenode expire after 60 days. Nicks that are at least two weeks old and that were last used less than two hours after their creation are also considered to be expired.

There are a few things you should know about this cleanup process:

  1. It will take place at 9am UTC on Thursday  11th June 2009.
  2. It may take a little while. We prune the database infrequently and it’s grown fairly large sine the last time.
  3. A channel for which all contacts are expired will be deleted. If your channel is active but your contacts are not, please let us know by midnight Wednesday 10th June (again, UTC) and we’ll try make special arrangements.
  4. We will try avoid expiring project cloaked user nicknames.
  5. Grouped alternate nicknames which are considered to be expired will be dropped.
  6. If you’ve not used your grouped nick much, or you haven’t used it recently, it may be expired.
  7. Please make sure your bots identify to NickServ or its registration may be lost.
  8. Be sure to do the canonical setup so you don’t lose your nicks and channels. Please follow these canonical nickname setup instructions to make sure that your nicknames and channels aren’t lost through disuse.

Please make sure your nick(s) are set up properly before Thursday and that you’ve spoken with freenode staff to resolve any outstanding channel and nick issues. Thanks for your understanding, and thank you for using freenode.

Nickserv Access Module Loaded.

Posted on by

We recently added support for NickServ’s ACCESS command to freenode’s services. This allows you to define a list of hostmasks from which nickserv will recognise you before you have identified. Logging in as normal is still required, but matching an entry on this list will prevent NickServ from changing your nick if ENFORCE is enabled.

For more detailed information, see NickServ’s help topic:

/msg NickServ HELP ACCESS

There is one caveat to this feature: if you match an entry on your nickname’s access list, you will not receive notices from NickServ asking you to identify. This, combined with nickname access lists that were migrated from our old theia database and have lain dormant since, may cause some auto-identify scripts to stop functioning.

If you find that this is the case, the simplest workaround is just to remove all entries from your nickname’s access list. Use

/msg NickServ ACCESS LIST

to see all entries, and

/msg NickServ ACCESS DEL <hostmask>

to remove them.

New servers

Posted on by

Hi all,

Over the past couple of months we’ve been fortunate enough to be able to add a couple of new servers to freenode’s rotation. Namely, lindbohm (IPv6: denis) and hubbard, sponsored by Stockholm University and Carnegie Mellon University Computer Club, respectively. Thanks to all of our sponsors for keeping the network online.

If you’re interested in sponsoring a server for freenode, take please take a look at our website to see what the process entails and don’t hesitate to ask me (Martinp23) or christel for any further information at all.

Thanks for using freenode! :)

Help us test ircd-seven!

Posted on by

As many of you will have noticed, our current IRC server software, hyperion, has been showing its age for some time now. Expectations for its eventual replacement are nothing if not high — hyperion contains a great many features not found elsewhere, most of which are fairly unique to the way in which freenode operates, so anything that wants to take over from it must provide all of these, in a more robust, maintainable and future-proof package.

Charybdis looks like a good start — it’s a modern, modular IRC daemon supporting many of hyperion’s strange features, and built on top of ircd-ratbox, which gives it a good heritage of stability and scalability. ircd-ratbox is perhaps best known for powering the majority of EFNet, which seems to make it an excellent base on which to build.

However, neither ratbox nor Charybdis implements freenode’s more unique features, such as ban-forwarding or hidden IRC operators. So, some work is needed.

Enter ircd-seven. Seven is based on Charybdis, with the features freenode needs added in. Channel operators and network operators alike should recognise most of the useful, and heretofore unique, features of hyperion, without many of the bugs and oddities that have become an unfortunate fact of life.

Development and internal testing of seven has been ongoing for some time, and we’re now ready to open up testing to a wider audience. The test network is currently running on testnet.freenode.net, port 9002 for normal connections or 9003 for SSL connections. This is a new server, sharing no code with the current software, so all aspects of it need thorough testing, both that it works, and behaves in a way consistent with how most people want to use it — this last aspect is particularly difficult to do in small-scale private testing.

ircd-seven is designed to be capable of everything hyperion is, but not necessarily as a drop-in replacement. Some functionality is still available in a different form, or with a different interface. The most notable differences for users are summarised below:

SSL support
seven supports SSL, for client and server connections. Users connecting via SSL will get user mode +Z to denote this.

Channel bans and quiets
Channel mode +q (quiet) is now sent as a separate mode — hyperion’s translation of +q foo to +b %foo is gone. Extended ban types are supported for all ban-like modes (+bqeI). These extended masks begin with $, followed by an optional ~, to negate the match, and a single letter denoting the type of match to do. For example:

  • +b $r:Lee* will ban any client whose realname (gecos) field begins ‘Lee’. This is equivalent to hyperion’s +d mode.
  • +I $a:spb will set an invite exception for any client logged in to services as spb.
  • +q $~a will prevent any user not logged in to services from speaking. This is roughly equivalent to hyperion’s mode +R.

Forward channels for bans are now delimited with $ instead of hyperion’s !, and can be used with extended ban masks as well. Setting and unsetting of bans via the hyperion syntax (nick!user@host!#channel) is supported — it will be translated to nick!user@host$#channel.

Identified status
There is no user mode +e. The IRCd keeps track of the account name of every user who is identified to services, and uses this to determine whether a user is identified or not. The ‘is identified to services’ line in WHOIS output is no longer present; there is, however, a line containing the account name if the user is logged in.

Identifying on connect
Using a NickServ password as a server password still works as it does in hyperion. However, there are two new mechanisms:

  • You can specify : in the server password field, to log in to a specific account. This removes the requirement to connect using a nickname that is grouped to your services account.
  • seven supports SASL authentication, to log in to services during the connection process. This requires client support; a script for Irssi to do so is located here. Conspire supports this natively. Other clients, as far as I’m aware, do not.

Username prefixes
The n= and i= prefixes are not used; instead ~ is prefixed to a non-identd username, as in most other daemons.

IDENTIFY-MSG
The identify-msg capability is still present, but the way to enable it has changed — it is now part of the same CAP mechanism that is used to control SASL and multi-prefix capabilities. A script for irssi that understands both hyperion’s and seven’s identify-msg capability is available here. Conspire will also support this natively once w00t remembers to apply the patch.

[Maintenance] Downtime warning — lem, orwell

Posted on by

Hi all,

Tomorrow evening, November 3rd 2008, at 22:00GMT we will be undertaking some routine maintenance on two of our client servers, lem and orwell, both servers have already been taken out of rotation. The downtime window is set to one (1) hour, but we anticipate that the upgrades will take less time. At time of posting we have approximately 2,000 users across the two servers, and while we will urge users to connect to a different server prior to the upgrades we realise that not everyone will be able to act on the notice in time and as such we expect to see some disturbances on the network at the time of the upgrade.

Thank you for using freenode!