Root talks

[Quis]

My root talks to me :|

13:47 <@root> Lol , :) test'
15:38 <@root> lol ik wil eindelijk een enter'
15:45 <@root> lol'

These things he said Note the ' at the ending of al his sayings It might be that there is some sort of an 'SQL-injection' in bitlbee I don`t know whether this comes from MSN or bitlbee I think it is bitlbee

This seems like a security hole to me...

[wilmer]

Hmmm... If this ever happens again, please send me a log of the complete traffic between BitlBee and your IRC client around that moment.

[Quis]

It happened again after I set AuthMode to Closed

01:15 <@root> MSN - Logged in
01:15 -!- XXX [***] has joined &bitlbee
01:15 -!- XXXX [***] has joined &bitlbee
01:15 <@root> .
01:15 <@root> Enter in your name'

01:51 <@root> .
01:51 <@root> Rabbit :0'
01:51 <@root> .
01:51 <@root> Rabbit :)'
01:51 <@root> .
01:51 <@root> ^^'
01:52 <@root> .
01:52 <@root> .KONTHAAR BOEM BOEM BOEM'
02:14 <@root> .
02:14 <@root> .KONTHAAR BOEM BOEM BOEM'
02:16 -!- XXX [***] has quit [Leaving...]
02:17 <@root> .
02:17 <@root> KONTHAAR BOEM BOEM BOEM'
02:18 <@root> .
02:18 <@root>  Ben GEK!!!'

Do you want the raw irc-protocol data? or just a log from &bitlbee?

From now on I am logging both...

[wilmer]

Hmmm, interesting conversations you're having. :-P

Yeah, raw IRC-protocol data please. This is pretty strange.

[Quis]

Not that interesting :P It is only a one-way communication (I hope!) so don`t blame me :P

I`ve send the rawlog by email

[wilmer]

Okay, we tracked it down now. Turns out one of Quis' buddies found out how to put newlines in his "friendly name". Since Quis uses the "display name changes" option and the bitlbee_name_change script, that first line gets swallowed by the script, and the other lines then look a bit strange. :-)

BitlBee should maybe strip those newlines...

[wilmer]

DIE, fucking spammer, DIE!

(Actual spam removed.)