08:56:05 -!- mode/#wraith [+o-b bryan 9f7!4926@1203432965] by wtest

Cookie-ops are an old concept. I by no means invented them. Wraith does have its own algorithm though.

The purpose of these are to ensure that bots are opping who they should be. Imagine that a shell admin injected a MODE #yourchannel +o takeover_bot into your bot's TCP stream (which is not stoppable). This would make the bot op this abusive admin's bot! The wraith bot is completely out of the loop on this as the MODE is sent into the bot's socket in the kernel, completely out of the control of the bot.

To catch this, the bot can send an 'op cookie' along with all of its +o modes. This 'cookie' contains one-way hashed information to ensure that the op is valid and secure. Some of the information includes who was opped, who opped them, a timestamp, and various other channel state. These 'cookie's cannot easily be faked by an attacker. If an attacker tries to use an old op cookie, the bot catches this and reacts. If the bot sends a MODE +o without a cookie, or a fake cookie, the bot reacts.

Unlike some botpacks, wraith's cookies support opping multiple people at the same time, while still maintaining security.

How to control

To set a channel to use op cookies:

.chanset #chan -fastop

To disable op cookies in a channel:

.chanset #chan +fastop

To change how the bot reacts see .help set, specifically: .set hijack

Last modified 10 years ago Last modified on May 14, 2009, 2:55:20 PM