Security

Wraith used to be thought of being extremely secure, but the fact of the matter is, a program under the control of a hacker will eventually be cracked. How many commercial applications do you know that do not have cracks available for download? Wraith isn't developed by the NSA, and it is IRC after all, it's not worth the time to make it 100%. Sure, having the source code makes this task much simpler, but not having it does not necessarily mean the bot is any more secure, at all. Props to Mulder for being the first to crack it in 2004.

I cannot stress the following issues and tips enough, failure to follow them will result in you losing all of your channels and having your shells hacked. Compared to stock eggdrop, wraith is a far improvement regarding security. Once you have shell access to an eggdrop, it's all over. Wraith can be a little more difficult and take a little more skill than simply editing the config and rehashing. Hopefully by the time the hacker manages to do any damage, you will have noticed him and cut off that shell from your hub. If any of your shells are compromised or you see any suspicious connections on your hub from bots, you should immediately generate a new PackConfig with new salts, new passwords and upgrade your botnet to the new binaries.

Above all, remember this:

  • I will not compile leaf bots on public shells.
  • I will not put my PackConfig on public shells.
  • Only download the official version from wraith.botpack.net or www.botpack.net.

What NOT to do

  • Compile bots on servers where they will be hosted.
  • Run hubs on public boxes.
  • Use vhosts in your PackConfig.
  • Add excessive owners in your PackConfig (more than 2 is probably a bad idea, they all have access to your shells via .exec)
  • Egg someone on to hack your botnet.
  • Put leaf bots on shells which are insecure or hacked.
  • Use the same SSH password on all your shells.

What TO do

  • Compile binaries on secure boxes, 1 per operating system you will use. This will help keep your PackConfig file out of the hands of others. This file getting out will render the security and encryption of your botnet useless, thus allowing anyone to hack your entire botnet and channels.
  • Run hubs on secure and trusted boxes, possibly behind access controlled firewalls.
  • Use SSH keys to connect to your shells.
  • NEVER give out your PackConfig, salts, password, shell account logins, or binaries.
  • For maximum security, use IPs in your PackConfig for hubs, for ease of use, use subdomains on a domain which you own and control DNS for.
  • Don't enable the msg- cmds, use the AuthSystem instead, for DCC as well.
  • Secure your hub port via firewall to only allow trusted owners and leaf bots to connect.
  • Watch your shells for intruders, and keep an eye on untrusted shell admins.
  • Only download the official version from wraith.botpack.net or botpack.net
  • Change your password after connecting to the hub for the first time.
  • Pay attention to your botnet.

Auth scripts

Please see AuthSystem

Last modified 7 years ago Last modified on Nov 9, 2009, 9:53:42 PM