[IRCServices] /ns ghost exploit
mark at ctcp.net
Thu Mar 14 03:04:01 PST 2002
Something I recently became aware of was users "abusing" the ghost command.
When the ghost command is issued, Services will SVSKILL the user from the
network. However, the new trend appears to be setting up a notify script,
which will automatically ghost any user trying to use a given nickname.
This quickly became popular. How this came to my attention is that a new
user was trying to access the network but was repeatedly killed by the
Use of "kill immediate" should be sufficient for those users who do not
want people using their nicknames and can be handled by services with a
nick change so I do not see use of the command in this manner as
One way to remove this exploit which seems the least complex to actually
manage is to only trigger the ghost if the target is currently identified.
This would mean that in the event a user got disconnected before they were
able to identify, they would be unable to remove a real 'ghost' on
reconnect with the ghost command, but they could use 'recover'
and 'release' instead. I believe that the 'recover' will "guest" a user
where NSForceNickChange is enabled.