[hybrid] Searching for current m_cgiirc.c or other recommended way to let qwebirc set end user IPs on connections

Gavin Hanover gavin at subnets.org
Sat Nov 13 21:48:45 EST 2010

I'm not aware of any version without hardcoded passwords, and things haven't
changed much since 2002. If I recall the inner workings correctly, cgiirc
clients that get spoofed as the users host (rather than the webserver's
host) basically use whatever value the webserver passes for the host to
spoof as. Because of this, connection classes that work with the cgiirc
module should be limited to webservers you explicitly trust (ie - don't
leave it open to everyone). This is probably why hardcoded passwords (used
only in the web application config, not by the user) have not been an issue.


On Fri, Nov 12, 2010 at 9:54 PM, ADFH <adfh_ircdh at hogan.id.au> wrote:

> Hi folks,
> Trying out qwebirc with ircd-hybrid as an alternative to java based
> solutions I've used in past. So far, google searching has suggested the
> module at:
> http://www.wohmart.com/ircd/pub/hybrid/2-Patchsets/blitzed/ircd-hybrid-blitzed/modules/m_cgiirc.c
> This, however, seems to have been written back in 2002 and has a few
> things like passwords hard-coded. I was wondering if this was the
> latest version or if there was a newer way of doing it before I try it
> out.
> --
> ADFH <adfh_ircdh at hogan.id.au>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.ircd-hybrid.org/pipermail/hybrid/attachments/20101113/eeb14534/attachment.html>

More information about the hybrid mailing list