New partner: HostSailor
New partner and server from HostSailor The amazing people at HostSailor.com have joined QuakeNet as partners and sponsored a new server hosted in Bucharest, Romania. You can access the server using the hostname hostsailor.ro.quakenet.org and the server will be part ...Read the rest 0 comments
Q chanlev vulnerability -
A flaw has been discovered in the chanlev command of Q, the channel service bot. It revolves around the way chanlev parses the command passed to it. What this means is that it is possible to grant someone owner status (+n) in your channel without actually realising it.
The flaw happens when you type a word containing 'n' as part of the chanlev command. For example:
chanlev #channel #nick +ano will grant the user #nick owner status, as you have specifically granted this flag.
chanlev #channel #nick +ao/n will also grant the person owner status.
We have seen a number of users who have been tricked into typing **chanlev
channel #nick +av/only!** - which grants the owner (+n) flag. We consider
this to be an exploit of Q and any user who tricks a channel owner into using this command to steal the channel owner flag will be dealt with appropriately.