1. #1

    The Happy Birthday, AnttiKi, thread.

    You are able to see the IP of any user connected to the web chat using the whois command.

    This is clearly a problem. I'm aware that on phpbb based forums such as this, that mods/admins are able to see every member's IP.

    But, when everyone is able to see everyone's IP, that's clearly a security issue.
    Share this post

  2. #2
    Euan's Avatar Senior Member
    Join Date
    Mar 2014
    Posts
    1,717

    Re: IRC Web chat

    I shall now not join till thats fix, mainly cause I don't trust kim
    Share this post

  3. #3

    Re: IRC Web chat

    Actually, this can also be done on the forums. I'm not going to reveal how, but it's completely possible to do without anyone even noticing it.

    Why are you so afraid of someone getting your IP/hostname? These days it's not a risk in any way, because all available IP addresses are already scanned by botnets. At most I get over a thousand automated hacking attemps in a single hour. If you are safe from them, you are safe from Kim in my opinion.

    If someone can tell me a _good_ reason, I'll consider adding IP masking for the IRC server.
    Share this post

  4. #4
    Morfyboy's Avatar Senior Member
    Join Date
    Mar 2014
    Location
    UK
    Posts
    8,183

    Re: IRC Web chat

    Is there an app for android for this?? Im sure it offered me one last week.
    Share this post

  5. #5
    Euan's Avatar Senior Member
    Join Date
    Mar 2014
    Posts
    1,717

    Re: IRC Web chat

    that was tapatalk I was offered it aswell for my Xperia S
    Share this post

  6. #6
    Morfyboy's Avatar Senior Member
    Join Date
    Mar 2014
    Location
    UK
    Posts
    8,183

    Re: IRC Web chat

    Thats right..did you get it by any chance?? If so, is it worth it cos my multipad doesnt like going into web from this site for some reason..
    Share this post

  7. #7

    Re: IRC Web chat

    Originally Posted by AnttiKi
    Actually, this can also be done on the forums. I'm not going to reveal how, but it's completely possible to do without anyone even noticing it.

    Why are you so afraid of someone getting your IP/hostname? These days it's not a risk in any way, because all available IP addresses are already scanned by botnets. At most I get over a thousand automated hacking attemps in a single hour. If you are safe from them, you are safe from Kim in my opinion.

    If someone can tell me a _good_ reason, I'll consider adding IP masking for the IRC server.
    Some people DoS people just for fun.
    Share this post

  8. #8

    Re: IRC Web chat

    Originally Posted by Yoshi
    Originally Posted by AnttiKi
    Actually, this can also be done on the forums. I'm not going to reveal how, but it's completely possible to do without anyone even noticing it.

    Why are you so afraid of someone getting your IP/hostname? These days it's not a risk in any way, because all available IP addresses are already scanned by botnets. At most I get over a thousand automated hacking attemps in a single hour. If you are safe from them, you are safe from Kim in my opinion.

    If someone can tell me a _good_ reason, I'll consider adding IP masking for the IRC server.
    Some people DoS people just for fun.
    Some people here or some people on the other side of the internet? So far nobody has misbehaved badly in the chat. A simple warning has done the job so far.
    Also, I don't think we have anyone here on the forums, who wants to get caught for launching a (D)DoS attack. It's pretty simple to trace them back.

    Oh and did you read the first part of my post? Kim can get your IP without you ever entering the chat anyway.

    If you really are sure that you want me to use (or waste IMO) about half of my work day to this, instead of doing something nice for the community for example, then fine, I'll do it.
    Share this post

  9. #9

    Re: IRC Web chat

    Originally Posted by AnttiKi
    Actually, I was thinking of implementing cloaking. It encrypts your hostname (users can't decrypt it) so it looks like a random string, but always stays the same. Mibbit also does that, but this would be for the ordinary users who have a real IRC client.
    I like this idea, people don't have to be unnecessarily worried about Kim hacking them with his 1337 computer haxX0ring skillz and everyone can still get banned. Win/win.

    Also will we be getting nickserv ever?
    Share this post

  10. #10

    Re: IRC Web chat

    Actually, I was thinking of implementing cloaking. It encrypts your hostname (users can't decrypt it) so it looks like a random string, but always stays the same. Mibbit also does that, but this would be for the ordinary users who have a real IRC client.
    I'm also thinking about removing the "ircname" field, to which Mibbit outputs the real hostname of every user. Or it could also be cloaked.
    Share this post