Chex IRC Home
OperOnly
IRCop FAQ
The Official Xnet IRC Services FAQ
| |
Oper
Help
NOTE: This
document is primarily intended for Net
Operators. There isn't much use in
reading this if you're not an operator,
although we won't stop the curious from
reading anyway.
A detailed list of
commands can be found
here
This document
tries to explain some facts about how
the IRC servers operate, explains handy
Net Operator commands (and non-oper
commands which are still useful), tries
to explain how to use commands like /SQUIT
and /CONNECT, and details the workings
of services, mostly OperServ. This
document is NOT concerned with the
ethical side of being an IRC Operator,
ie. when use of channel or user mode
overrides is acceptable, when to DROP
and GETPASS or SETPASS nicks or
channels, when a /KILL or AKILL is
justified, or anything else. See the IRCop
Guidelines for this
Server operation -
a list of commands. There are
quite a few commands. Make sure to
understand at least /CONNECT, /SQUIT,
/STATS c, /STATS k, /WHOWAS and
/WALLOPS, these are the most useful
commands (and /KILL :-) ). In time,
you'll understand all the other
commands, by learning them from others,
or learn them by reading this. Just keep
this document handy as a
reference. Also, note that many
commands listed here are also available
to non IRC Operators. But as they still
are quite useful, they're listed anyway.
Remember that your
irc client may not pass your commands
correctly to the server because of
standard alias's or they use the command
themselves. If this is the case
use /quote <command> or /raw
<command>.
/CLOSE
The CLOSE command forces
the server to close all unknown
connections. Unknown connections are
connections on which it is still not
known whether the person connecting is
an user, or a server. This will not
disconnect anyone from IRC who is
already connected. I haven't seen
any useful use of this command yet, but
you might want to try as a last resort
(aside from a /RESTART) if the server
seems to act weirdly and refusing to
accept connections, or /LUSERS shows an
usually high number of unknown
connections. Many clients have
reassigned /CLOSE to an internal
function, so to send this command to the
server, use /QUOTE (or /RAW) CLOSE
This command unfortunately can't be used
to close half-open connections caused by
a SYNflood
/CONNECT <new
server> <port> <start
server>
Forces a server to
connect to another server. If you use
CONNECT with one or two parameters, this
will force your server to connect to the
other server. If you give a third
parameter, this will send the connect
command to that server (remote
connecting). See server
linking for more information,
/DIE
The /DIE command
terminates the server completely. All
open connections are closed, everyone is
disconnected. A server will NOT come
back up by itself after a /DIE (unless
the server admin is using a script that
checks if the ircd is alive, and reboots
it if it isn't). /DIE should only be
used in cases where the server is better
off not running, like clients being
randomly disconnected, or the server
going crazy and disrupting the rest of
the network. Try to inform everyone on
your server, and all IRC operators, that
your server will be terminated, before
using /DIE Server admins may choose not
to enable /DIE.
/GLOBOPS
<message>
This will send a message
to all online IRC Operators, and
former-operators, who set mode -o, but
still have +g enabled. (off-duty? :-) )
Normal users can not see messages sent
via /GLOBOPS. Some clients might not get
this command right, so if words are
missing, or other strange things happen,
use an alias
ircII:
alias globops globops :$-
mIRC: alias globops
globops : $+ *1
/HELP
Lists all the commands that
the server accepts. Many clients
reassign /help so its best to use /raw
help or /quote help.
/KILL <nick>
<mode>
Sends a KILL message to a
user, which will cause the user to be
disconnected from IRC. At times, you
will see a message like KILL changed
from ... to ..., this means that the
user has changed nicks, and the servers
have changed the nick to kill
accordingly. (This makes sure users
can't escape kills by changing nicks
quickly)
/KLINE <mask>
<reason>
Sets a temporary K-line,
on your server only. A K-line will make
it impossible for the user to connect to
your server - when he tries so, it will
see the message K-Lined, and the
reason. You can't kline by
nick!user@host, only by user@host. Don't
try to use !s in /KLINE masks.
Please note that most clients don't
handle this command correctly - reasons
longer than one word are cut off. Unless
you have an alias to correct for this,
use KLINE like this:
/QUOTE KLINE <mask>
:<reason>. Don't
forget the `:', otherwise the kline
comment will still be cut off.
Suggested aliases for popular irc
clients are:
ircII:<\B>
alias kline quote kline $1 :$2-
mIRC:<\B> alias
kline quote kline $$1 : $+ *2
/MAP
Shows a map of the
network, the number of users per server,
and the percentage each server has of
the global. (I know the percentages
don't add up to 100%, no need to keep
mentioning that to me :) )
/MODE
<Channel><mode>
(Channel modes)
Changing channel
modes
Usage: /MODE channel parameters
The following
table contains a subset of channel modes
- Click
for a complete list
| b
<banmask> |
Ban
users from a channel |
| c |
Knock
- send a notice to chanops if a
user tries to join (the channel
needs to be +i for this to work) |
| i |
Chanops
must /invite people before they
chan join |
| k
<key> |
User
who want to join must specify this
key |
| l
<limit> |
Limit
the max number of users in the
channel |
| m |
Moderated
- only +o and +v users can speak |
| n |
Users
must be in channel to speak |
| o
<nick> |
Chanop
status - chanops can change
channel modes |
| p |
Name
of channel won't be shown in /list
and /whois |
| s |
same
as p, except channel names won't
be shown in a /who #channel |
| t |
Allow
only chanops to change the topic |
| v
<nick> |
Voice
- allow to speak in moderate
channels |
| z |
Only
clients with VWORLD
off or invited users may join |
/MODE
<nick>
<mode>
(User modes)
See here
for user modes
/MSG mask message
The /msg (and /notice)
command have some extra options, which
allow you to send notices to a large
group of users. Use a destination
starting with a # if you want to send
the message to all people with a certain
hostmask, and start with $ if you want
to send the message to people on a
certain server, or servers.
Examples:
| /msg
#*.nl Please use
london.uk.eu.dreamwave.org for
less lagged chats |
Will
send the specified message to all
people with a hostname ending in .nl |
| /msg
$fron*.org Frontline will
terminate in a few seconds, for
ircd upgrade |
Sends
the message to everyone on
frontline. (you *have* to specify
.org at the end in this case!) |
| /msg
$*.us.dreamwave.org There's a new
american server,
ultratech.mo.us.dreamwave.org |
Sends
the message to all people on
american servers |
| /msg
#* Services will go down for
upgrade, apologies for downtime |
Sends
the message to everyone /notice
can be used in just the same way
as /msg. The practical differences
are, that most Windows clients
tend to hide notices a bit (place
them in the status window), while
messages usually open up a window,
or appear in their message window,
and generally is better at
attracting their attention.
Considering that, use /msg for
more important notices. And
remember that stupid bots often
start replying to you if you do
global messages (though most
ignore /notice) |
/OPER
<name> <password>
Gives operator
privileges, and enables a lot of modes.
/REHASH
This forces the server to
reload the configuration files. This is
useful if you have made changes to
ircd.conf (if you have access to it) or
when you need the internal AKILL list
cleared (it happens at times that an
expired AKILL isn't removed from your
server, so you can /REHASH to also clear
your servers memory). Note that /REHASH
removes AKILLs from the memory of your
server, but if they're still in
OperServ's memory, OperServ will readd
the akill if a user matching it comes
online.
/RESTART
This restarts the server.
The server will close all open
connections, disconnect everyone (all
servers and clients, including you!),
and try to restart. Inform all online
operators before issuing this command,
as rerouting might be necessary,
especially if you're a hub. /RESTART
should only be used as a last resort, if
all else fails. Do not use a /RESTART
lightly. Note that servers may
disable /RESTART completely, and that it
can happen (memory errors, or CPATH
incorrectly set up by the server admin
at compilation) that the server will NOT
come back to live. (and someone has to
restart the server manually, by using
the "ircd" command on the
machine the server is running on).
Most likely, you will never have to use
/RESTART.
/UPING
<server>
This sends a series of
pings directly to the server (not via
the IRC network routing). This is
useful for determining the best/fastest
network topology. The results of
the pings are displayed.
/UNKLINE
<mask>
Removes a temporary
K-line which was originally set
/KLINE. /UNKLINE does not remove
AKILLs, or permanent K-lines set by the
server admin (in ircd.conf).
Suggested aliases for popular irc
clients are:
ircII & mIRC:
alias unkline quote unkline $1
/STATS <stats>
<server>
| L
l |
Data
transfer statistics by connection
The numeric fields are as follows:
sendQ (outgoing message queue)
sendM (protocol messages sent)
sendK (total kilobytes sent)
receiveM (protocol messages
received) receiveK (total
kilobytes received) time in
seconds since the connection was
created. Only
restrictions are on those who are
invisible not being visible to in
the normal way to those who use a
wild card based search to list
it. STATS L is the
same as STATS l, except shows IP
address instead of host |
| C
c |
display
ircd.conf C and N line information |
| H
h |
display
ircd.conf H and L line information |
| I
i |
display
ircd.conf I line information |
| K
k |
display
KLINE details |
| M
m |
display
command statistics |
| O
o |
display
ircd.conf O and o line information |
| Q
q |
display
ircd.conf Q line information |
| R
r |
any
more ideas? |
| D |
any
more ideas? |
| d |
any
more ideas? |
| B
b |
display
server B line information |
| T
t |
display
server statistics |
| U |
display
ircd.conf U line information |
| u |
displays
the servers uptime and maximum
connection count |
| W
w |
display
server statistics |
| X
x |
??
(its in the code) |
| Y
y |
display
ircd.conf Y line information |
| Z
z |
display
more server statistics |
/SQUIT
<server> <reason>
Breaks a link between
server. This will break the link between
two servers, and send out a WALLOPS with
the reason you've specified. Wildcards
are accepted, so /SQUIT ult* would
disconnect ultratech.mo.us.dreamwave.org.
But make sure that the wildcards you use
only matches one possible server.
See server linking for more information.
/TRACE
<nick/server> <start server>
The TRACE command
is used to trace the path from your
current server to the specified server
or user.
When the
destination is a server, TRACE will also
return information about current server
and operator connections, incoming
connections (with negative class
numbers), and the number of users in
each class. The oper connections contain
the connection class, the nickname, and
user@hostmask for the oper. For server
connections, it shows the connection
class, the number of servers behind it
(followed by "S"), the number
of clients on and behind it (followed by
"C"), the server name, and
what was responsible for connecting it.
When the
destination is a user, TRACE shows the
connection class, nickname and user@hostmask
for that user.
/WALLOPS
<message>
This sends a message to
all people with mode +w enabled. Keep in
mind that non-operators can read these
messages too!
/WHO
<parameters>
This displays a list of
on-line users who meet certain search
criteria. Remember that people
normally invisible to you wont show up
in these searches.
The
<parameters> are as follows:
| #<hostmask> |
Scan the
hostname field (if empty, your
host) |
| $<servermask> |
Scan on a
specific server (if empty, your
server) |
| &<infomask> |
Scan the
"info" or "real
name" field |
| @<nickmask> |
Scan by
nickname |
| o |
List only
opers |
| i |
List only
people who have the invisble flag
set |
| c |
List only
people who are currently on a
(visible) channel |
| a |
List only
people who are away |
| ! |
Invert
selection |
| 0 |
All users (?) |
You can also type /who ? for this list
of options
Examples:
| /who
#*.nl |
Look
for people from The Netherlands |
| /who
#*.com #*slip* |
Look
for people with both
"slip" in their host
name, and having their hostname
end in ".com" |
| /who
# |
Look
for people with your hostname
(probably you & your bot :) ) |
| /who
#*.au !$*.au.dreamwave.org |
Look
for people from Australia, who are
not on an Australian server |
| /who
@*lynx #*.nl |
Look
for people who's nick end with
"lynx", and are from The
Netherlands |
| /who
@*lynx !#*.nl !$ !# |
Find
lynx'es not from NL, not from your
host, and not on your server |
| /who
$ o |
Look
for IRC Operators on your server |
| /who
c !a |
List
all people who are currently on a
channel, and are not away (biggest
chance of finding people who are
alive) |
| /who
i |
List
invisible people (You will only
see yourself, and people who are
on a common channel with you, you
WON'T see people you wouldn't
normally see either :) ) |
| /who
0 o |
List
all IRC Operators on any server |
| /who
#* |
List
all users (useful for IRC
Operators) |
/WHOWAS
<nick>
Whowas is similair to /WHOIS,
but is used to look in the nickname
history. If someone changes nicks, or
leaves irc, the old nick is stored in
the database. This makes /WHOWAS
very effective to track down people who
try to hide by changing nicks. First do
a /WHOWAS on the old nick. This will
give you the hostname of the user, and
you can then use this hostname in a /WHO
request. (eg, if /WHOWAS told you
the user was unilynx@grngn1-p15.worldonline.nl,
you could use /WHO #grngn1-p15* to find
the new nickname of the user)
/VERSION
<server>
This command requests
version information from a server, or
your current server if you don't specify
information. You can use /VERSION if you
think servers are behaving weirdly, and
think it might be caused by incompatible
versions, or if you want to know the
compilation options of the server.
Behind the version response, you'll see
a string like AcDefFghIj. Every
character corresponds to a server
compile-time option, and you can use
this information to gather a bit more
information about server compilation.
| A |
SENDQ_ALWAYS |
SENDQ_ALWAYS
increases server efficiency, but
also tends to cause Dead Socket
errors earlier with /who
responses. (But this problem has
already been fixed in a different
way, so all servers now use
SENDQ_ALWAYS without problems) |
| c |
CHROOTDIR |
CHROOTDIR
only has to do with local security
on the server's system, and
nothing with IRC itself. |
| C |
CMDLINE_CONFIG |
Another
option that increases security,
but has no effect on IRC |
| D |
DEBUGMODE |
Indicates
that the server has been compiled
in debugging mode. If you see this
mode enabled, then that's a likely
explanation for the high system
loads or slow server response :) |
| e |
LOCOP_REHASH |
Controls
wether local operators (little-O
lines) are allowed to use /REHASH |
| E |
OPER_REHASH |
Controls
wether operators (big-O lines) aer
allowed to /REHASH |
| F |
INVITE_DELAY |
Tells
wether the server has invite-flood
protection enabled. Note: due to a
small type error, the 1.5.x
servers will never show a F in the
/VERSION info - even if
invite-flood protection has been
enabled |
| H |
HUB |
Servers
compiled with the HUB option are
able to connect more than one
server at a time, servers without
the HUB option are not. See server
linking for more information. |
| I |
NO_DEFAULT_INVISIBLE |
People
connecting to the server, won't
have mode +i enabled by the server
(though they can still enable it
theirself, and on) servers who do
set +i by default, users can turn
it off again.) |
| i |
IGNORE_CASE_FIRST_CHAR |
The
case of the first character will
be ignored, when checking for
invalid or mixed-cased userids |
| k |
LOCAL_KILL_ONLY |
Operators
and local operators on the server
are only allowed to kill people on
their own servers, and not on
remote servers. If this option is
enabled, it affects BOTH local and
global operators. |
| K |
OPER_KILL |
Operators
(big O-lines) on this server can
kill users on any server. Local
operators (little O-lines) still
can only kill local users |
| m |
M4_PREPROC |
This
server uses a M4 preprocessor on
the ircd.conf. This does not
affect IRC itself. |
| M |
IDLE_FROM_MSG |
The
idle time of a user is only reset
when he does a /MSG. If this
option is not enabled, then every
command, except PING and PONG,
will cause the idle time to be
reset. |
| p |
CRYPT_OPER_PASSWORD |
Indicates
that the O-line passwords in
ircd.conf are encrypted. This
option does not affect IRC. |
| P |
CRYPT_LINK_PASSWORD |
Indicates
that the N-line passwords in
ircd.conf are encrypted. This
option does not affect IRC. |
| N |
NICK_DELAY |
This
server has nick-flood protection.
This normally means, that only 2
nick changes per 30 seconds
allowed. |
| n |
NOSPOOF |
The
server has IP spoofing protection
(the PING/PONG you see when
connecting) |
| r |
LOCOP_RESTART |
Indicates
that local operators (little-O
lines) are allowed to issue the
/RESTART command |
| R |
OPER_RESTART |
Indicates
that operators (big-O lines) are
allowed to issue the /RESTART
command |
| T |
KPATH |
K-lines
set via /KLINE and /UNKLINE are
recorded in a local file, so
they'll survive a /REHASH |
| t |
OPER_REMOTE |
Indicates
that operators can also send
commands to other servers. All
servers should have this defined,
or they will be incompatible. |
| U |
DISALLOW_MIXED_CASE |
Disallows
clients to use mixed-case, or
illegal characters in their userid. |
| u |
IRCII_KLUDGE |
Compiles
in some extra code for backwards
compatibility with older ircII
clients. |
| Y |
USE_SYSLOG |
Indicates
that the server logs errors to the
system logfiles. Does not affect
IRC. |
/UPING <server>
<port> <start server>
<pings>
This command sends out a
serie of PINGs to a server (using
methods similair to the unix
"ping" command). If you only
specify a server name (wildcards ok), it
will send out 5 pings to that server,
and report the number of successful
pings, and ping times, to you. If
you want to ping from a remote server,
you have to specify a server, a port
(always use port 7007), and a server to
start the pinging from. You can, as a
fourth parameter, specify the number of
pings, although you can never have the
server send out more than 20 pings with
a single UPING. UPING should be
used if a server link seems to be slow,
and you want to see if there's a better
link available - you would UPING all
possible links for that server, and see
if any link is faster. Note that
servers will only UPING servers to which
they can actually connect. If you try to
have a server UPING another server to
which it can't connect, you'll receive
an error message complaining about the
server not listed in the configuration
file. See server linking for more
information.
/LIST <Parameter>
Usage
on ircII: /QUOTE
LIST parameters
on mIRC : /RAW LIST parameters
Where parameters
is a space or comma separated list of
one or more of:
| space |
Show all
channels |
| <max_users |
Show all
channels with less then max_users. |
| >min_users |
Show all
channels with more then min_users. |
| C<max_minutes |
Channels that
have existed less then max_minutes. |
| C>min_minutes |
Channels that
exist more then min_minutes. |
| T<max_minutes |
Channels with
a topic last set less then
max_minutes ago. |
| T>min_minutes |
Channels with
a topic last set more then
min_minutes ago. |
Example: LIST
<3,>1,C<10,T>0 ; 2 users,
younger then 10 min., topic set.
Security
considerations
Keep your password secure.
Although obvious, this can not be
emphasized enough. Many people don't
realize that things like running scripts
can expose them to risks. Even a simple,
and a regularly used mIRC event like
1:ON TEXT:!nick:*:/dcc send C:\mirc\wavs\
$+ $1 is known to make all files
on your C: drive accessible - including
your mirc.ini files, which usually
contains your /oper and nick
password! It is very wise to not
run any script, but if you really have
to, be very, very careful. In mIRC,
usually /dcc send events, and events
that allow users to execute any command
remotely, are dangerous. All other
clients have similar risks - running no
script is usually the safest of
all. On a multiuser UNIX
system, keep your .ircrc secure, if that
is where you store your password. The
command chmod 600 .ircrc should
keep this file safe, but there's still
the problem of running an insecure
copy of ircii itself, a root which can't
be trusted, hackers, etc... And of
course, packet sniffers that read all
data, can pick up passwords. You can't
protect against every possible password
steal attempt, but do whatever you can.
Restrict the O-line
Your server admin has the
option to limit the hosts at which /OPER
can be used. Have the admin limit it to
as few hosts as possible. If you're on a
static IP, only add that single host.
Don't use the same
password twice
Never, ever, use an important
password at multiple places. O-lines
have been hacked before, by ignorant
users using the same password they used
for /oper, as an access password on a
bot run by someone else... Also,
if you have a backup O-line on a second
server, then be sure to use a different
password on that server.
Use different NickServ
and /OPER passwords.
Most services commands also
require NickServ authentication, so
making the NickServ password different
is a bit more secure. Also, be sure to /msg
NickServ SET OPER ON, which will protect
your nick from expiring, so it can't be
re-registered (or used by someone
impersonating you)
Other nickserv options
Unless you are on a static
IP, enable secure. (If you are on a
static IP, then do update the access
list - usually NickServ chooses a mask
like user@*.isp.com, change that to
user@slip12.isp.com - the exact hostname
used. It's probably best to enable
SECURE even if you are on a static IP)
Vacation
If you won't be on IRC for a
while, notify other operators, so they
know you're gone, and will get
suspicious if someone will try to
impersonate you while you are gone. Even
better is asking your server admin to
disable your O-line while you are gone.
Many of the recommendations and risks
outlined here may seem to be a bit
far-fetched, but please, take any
security measures possible. One single
oper password hack can cause enormous
amount of damage to the network.
Produced
by Capt, Summer 2000, based on
many documents and a study of the actual
code:
Last
changed 1998 Feb 23 09:43:09 by Arnold
Hendriks.
Regenerated 1998 Jun 19 18:33:41.
Copyright © 1998 Xnet IRC Network.
|