Currently there are 10,000 Bitcoin clients on the IRC server, in the main channel. Since you don't need to see
all clients quit/join or get a 10k client list there is now the new system called 'split channel'.
This means a client will not join #bitcoin, but it will join #bitcoin
xx, where xx is a random number between 00 and 99.
It is a great idea and will cut down bandwidth usage a lot for the server and the client!
There is one (major) downside for this.
What if an attacker would make bots join #bitcoin00 till #bitcoin99, and has OP (@) in all channels? He could lock the channel with a limit of one (+l 1), set a key (+k ywebnxs), or he could even ban everyone (+b *!*@*).
This would not work if all the channels would already have people in them, since OP would only be given once to the first one joining.
At the moment there are only 6 clients in the #bitcoinxx channels, so it's vulnerable and could be exploited any moment.
Possible fix: get some sort of IRC module/script to take control over these channels before an attacker does. This could either by joining the channel and let it de-OP itself, or never give OP in a #bitcoinxx channel.
Not fully working but to give you an idea, here is a bit of python script...
channel = "#bitcoin" + random.randint(00,99)
# Joins the channel
ircsock.send("JOIN "+ channel +"\n")
# Set channel limit to 1 (clients can't join because it is full)
ircsock.send("MODE "+ channel +" :+l 1\n")
# Send a message that it has taken over the channel
# ircsock.send("PRIVMSG BadDude :I just took "+ channel +"\n)
I see you guys found a quick fix: Join channels manually and de-OP yourself there.
Show Posts
