Watch What You Click!

It’s time for a reminder to be careful when you click on links that people share. Recently Naive_One came to #help because he had clicked on a link A_Bad_Guy shared (names changed to protect the innocent). A_Bad_Guy used his server logs to get Naive_One’s IP address and attack his network. Unfortunately for Naive_One, there was nothing GeekShed staff could do. It was Naive_One’s poor judgement in clicking the link that caused the problem.

The morale of this story is clear: If you don’t know the person well or don’t recognize the link, don’t click on it. The link you click can give someone else information about your machine or it may cause your machine to download spyware, malware, or a virus that corrupts your system.

Usually it’s safe to click on these links on GeekShed:

  • Links to the GeekShed website.
  • Links shared by network staff.
  • Links to well-known sites, like Wikipedia or Jupiter Broadcasting.

Unless you know the person who shares the link, it’s best NOT to click on shortened links, because you cannot tell where they will take you. A bit.ly link might take you to Wikipedia or it could take you to a malware site. There’s no way to guess just by looking at the URL.

Finally, let me share a reminder from the GeekShed Terms of Service:

GeekShed is not responsible for the content you may transmit or receive. Due to the real time nature of IRC, we cannot monitor or police the exchange of data. To protect yourself, we highly recommend that you run a current antivirus program and never click on links from people you do not know.

So click safely, and make sure you keep your machine and network protected!

 

—posted by Tengrrl/Bunny

 

Tonight’s Problems

It’s been a rough few hours. We are sorry for this. An exploit was found in a 3rd party services module and used against us. This allowed the corruption of the access lists of 2 channels. Although it is fairly obvious from the code that an exploit caused by flawed logic exists, this has gone unnoticed for almost 3 years and it is expected that many more IRC networks will be affected by this.

We will shortly carry out a full audit of all 3rd party modules to check for similar exploits in those. We are sorry for any inconvenience caused.

Recent Downtime

The more observant of you may have noticed us suffering from some major netsplits lately. GeekShed has typically been a stable network because of the pro-active tactics of its staff in resolving server issues such that they have minimal effect on our users.

We have, recently, been hit with large scale Denial of Service attacks which have crippled our servers. A number of servers have had to delink as the attacks are affecting other services that run on those servers.

We are making attempts presently to re-evaluate our infrastructure and will hold a meeting later today to decide on the best course of action. We do not have the finances to purchase DDOS-protected servers and, as such, are very limited in what we can do.

It is completely unknown to us who is launching the attack or what their motives are, but we ask them to kindly cease these attacks. We are a donation-funded service who are simply trying to provide people with an enjoyable experience.

EDIT: New infrastructure has been put in place and we are restructuring the network as best we can. We hope to have full service resumed shortly.

TOS Change

We have today, after much discussion, changed our terms of service. The reason for this is that the way it was previously done was confusing for users. The terms of service were previously called “Rules” and featured prominently on our site. Many users confused these with a definitive set of laws for which punishment would surely be issued if they were broken. This is not the case. They are a set of guidelines to ensure GeekShed remains “a free to use and family-friendly Internet Relay Chat network”.

Some parts of the terms of service are legacy remnants which have been removed due to no longer being relevant. Others have been refined to make them more clear. We have also removed the following clause:

Do not send Private Messages, Notices, and or CTCP requests to a user without his or her permission.


This has always, throughout the history of IRC, been considered common courtesy. It was, on reflection, an oversight to have this in our terms of service and as the network has grown, we are becoming unable to handle the number of complaints about PM without permission.

In the near future, we will post an article for newer users of IRC which details the expected standards of behavior and common courtesies – ‘Netiquette’. EDIT: here it is!

Our refined TOS can be found at http://www.geekshed.net/tos/. If you have any questions on this, feel free to ask in #help or as a comment on this post.

Does GeekShed spy on channels or private messages?

In short, no. We value your privacy and, as a company, we do not store any logs of any conversations, private or otherwise. There are a few exceptions which I shall explain below:

  • All network staff log the channels that they are in and the private messages that they receive. These logs are typically for the sole reference of that staff member but may be shared with parties who have sufficient jurisdiction to obtain them, if required. We may also call upon users to voluntarily provide logs of channels or private messages, if required.
  • GeekShed operates a spam filter to help keep the network safe from spam. When the spam filter is triggered, the user who triggered it is always notified. In addition to this, network staff are notified of the violation and are provided with the full message that triggered the spam filter. This helps us to identify sources of spam and quickly remove these from the network.
  • Very rarely we are forced to run our services package in debug mode on the live network in order to diagnose and fix problems with it. This causes all messages seen by services bots to be placed in a debug log. Messages that are logged are private messages to services (e.g. identification to NickServ) and channel messages in any channel with a BotServ bot assigned. We will always notify you when services are going into debug mode.
  • All unauthorised messages to OperServ are logged. This is mostly so we can help users who might be looking for another command as there’s very little reason to attempt to use OperServ, except in error.
  • All messages sent through services bots with “/bs say” or “/bs act” are logged. This is the default behavior of our services package but is something that we are looking to change soon.

Posts such as “ADVISORY: How to tell if your Unrealircd network is spying on you” found here are simply ignorant scaremongering. GeekShed has modules which hook into channel and private messages – for example, we have a module to block private messages when umode D is set. These modules are all in the interest of our user’s security and suggesting that hooking into channel and private messages inherently means that a network spys on its users is just silly.

You can see the full and current source code for our ircd at http://code.google.com/p/gs-ircd/.

If you have any questions or issues, feel free to come and chat to us in #help.

New Staff Member -tengrrl

We would like to announce the addition of a new staff member to our team.

Today, we have asked tengrrl to join our network staff, and she has gratefully accepted. We are very lucky to have another experienced person on the team.

There is a lot to learn, and we are confident she will master this with time. Please welcome tengrrl to our staff and congratulate her on her new position.

Denial of Service

As I write this, GeekShed is suffering a large scale Denial of Service attack. It is expected that the attack is the result of a user being banned in the channel owned by Chris Pirillo. Following this ban, much flooding ensued. After this was quashed by #chris ops, a botnet was set on GeekShed. This was a relatively admirable botnet however it was fairly easily quashed by network staff.

Most of the servers that make up GeekShed are currently being bombarded with large volumes of ICMP and UDP traffic. Despite them being in data centres with large backbones and DDOS protection, they cannot withstand the volume of traffic being thrown at them and have buckled. Many of the servers have had to be null routed to prevent damage to other machines and customers. This is the second attack GeekShed has suffered as a result of someone being disgruntled at Chris Pirillo. Sadly, as Chris is currently now tucked up in bed and only offers the channel as a means for people to discuss tech related issues, this doesn’t affect him.

The people who are affected are the network staff who give their time and money to keep GeekShed running. The same network staff who donate their own servers for the good of GeekShed. The same network staff who are dragged out of bed at 4am to watch as their business sites crumble as a result of a misplaced attack.

It saddens me that someone would launch such an attack against a network of volunteers with such little cause. We must now sit out this attack and hope that the perpetrator realises the error of their ways or finds a more worthwhile place to attack. Until this time, service will be intermittent.

What Do YOU Want To See?

My week long break from courses is coming up soon, and I have nothing to do for it. So I figured that I would put a day or two towards GeekShed. The only problem is that I don’t know what I should do. This is where you, the users, come into play. Although we always welcome input from our users, whether it’s a comment left here, on the forums, in #help, on twitter, or directly to a staffer, the whole purpose of this post is to solicit ideas on what you would like to see.

Here are the ground rules:
  1. It should have something to do with the website, especially the parts that are driven by WordPress (basically everything except the forums), as that is my primary area of responsibility.
  2. It should be something that can be done in 12-24 hours. My break is only a week long, and as much as I love GeekShed, I don’t want to undertake something that will take the entire break.
  3. It should be something that will benefit the majority of users (i.e. not a post about why people should join your channel).
  4. Obviously, the suggestion must conform to the Network’s Terms of Use.
If there is more than one suggestion, I will probably work on the most popular one, so talk with your friends about it and have them comment too. Don’t let this discourage you from suggesting something though – all suggestions will remain here, as well as the spreadsheet I will be compiling with them. Something that isn’t done now may be worked on at a later point in time.

I will be leaving comments on this post open for a week, at which point I’ll close them and decide which item I will be working on.

If you have any questions or need something clarified, please /join #help and speak with Ryan, or you may post in this topic on the forum. Please leave comments here for suggestions only.

Common Question – How did WyldRyde spend my money?

There have been many questions directed at us lately about the status of donations made to WyldRyde. In this post we hope to clear it up for all users and prevent the pain of answering the same question many times.

GeekShed is a separate entity to WyldRyde and its staff have never had any knowledge of WyldRyde’s accounts or expenditure. We strongly sympathise with users who would like these questions answered, but kindly ask you to refer them to WyldRyde.

At GeekShed, we offer complete transparency of our accounts – simply because we have nothing to hide. We openly welcome comments or questions about our expenditure.

We understand that users like their donor vhosts and these have already been ported over to the new domain. Once our vhost policy is established, we will publish more information on the future of these vhosts. We do, however, vow that your vhost will not be lost and that your donor level, as shown in the vhost, will remain the same – although the wording is subject to change.

We apologise unreservedly for the problems you are having and hope that your questions will be answered within a satisfactory time scale.