Eggheads: about security
David Fedoruk
david.fedoruk at gmail.com
Thu Jan 26 20:00:47 CST 2006
On 1/24/06, Indoglobalhost Technical Support - www.indoglobalhost.com
<support at indoglobalhost.com> wrote:
> Hello,
>
> We hear about people who can stealing an eggdrop. how is that work? is that anyone of you gusy give example how they stealing ?
>
> and how to protect an eggdrop from not being steal?
Hi:
The one and only possible moment this could happen is when you start
your *first* eggdrop flagged to created a user file. The fire /msg
<bot> will get prompted to create a uername and account. Usually, if
you're thinking at all, you start your bot on an empty channel with
just you and the bot. After that, the only way you could *steal* an
eggdrop is if you told someone your owners password. But that's in the
documentaion as I recall.
So an eggdrop can get stolen in really only one way, that is the
owners carelessness.
1. Never give your owners password to anyone!
2. Never give anyone access to your shell account.
3. Make sure shell account is run by reliable Systems Admins.
4. Make sure you have read ALL the documentaion.
5. Be careful which bot net you link with, if any.
This all adds up to common sense security. Eggdrops are only as
vulnerable as the person who runs it. Notice that all of the above
methods need a human owner to have made a serious blunder so beware of
social engineering.
Oh! one more thing, make sure you have fun running your bot! ;)
DF
--
David Fedoruk
Certificate in Internet Systems Administration, UBC, 2003
B.Mus. UBC,1986
http://recordjackethistorian.blogspot.com
"Music is enough for one's life time, but one life time is not enough
for music" Sergei Rachmaninov
More information about the Eggheads
mailing list