Services and IRCop Impersonators ================================ Version 1.0.2 Last revised by Fredfred (Fredfred at dal.net) on 2005-11-12 Originally written by Kzoo (kzoo at dal.net), LadyDana (ladydana at dal.net), and Pyr0s (pyr0s at dal.net) on 2001-01-22 Copyright (C) 2001-2005 by the DALnet IRC Network Please direct any comments or feedback about this document (only! no help requests!) to docs@dal.net. If you need help on issues not covered in this document, please see the information at http://help.dal.net/. Introduction ------------ New DALnet users are sometimes tricked into giving their passwords to someone posing as DALnet Services or as an IRC Operator. Services Impersonators attempt to fool users by sending out notices that resemble the ones used by the real DALnet Services whereas fake IRC Operators use intimidation. In both cases, they play on the new user's lack of experience. Sometimes users need help and seek it from somebody who is not an actual IRCop. They might then give away passwords and other information to the wrong person. The purpose of this document is to show how to recognize the real DALnet services or a real IRCop. It will also give you an idea of what things to look out for when identifying impostors. Contents -------- 1 * Services Impersonators 1.1 Ways to Identify to NickServ 1.2 Ways to Identify to ChanServ 1.3 Auto-Identification Scripts 1.4 'Fake' DALnet Services Ploys 2 * IRCop Impersonators 2.1 Telling Passwords 2.2 How to Tell an IRC Operator? 2.3 'Fake' IRC Operator Ploys 2.4 In Summary 3 * Frequently Asked Questions 1 * Services Impersonators -------------------------- Users who want to steal nickname passwords often try to impersonate DALnet Services and ask you for your passwords in private. If you don't want to lose your nickname, there are a few things that you must absolutely take into consideration. First of all, you should never use your DALnet password on another network and you should change it on a regular basis - just don't forget it. :) Many users have lost their nicknames in the past after joining another network and giving out their password to Services on that network. It may also be a good idea to type out commands in the Status window (if you have one) so that you will not accidentally give away your passwords to an open channel or to a private chat window. Secondly, it is very important that you learn how to recognize fake Services on DALnet. 1.1 * Ways to Identify to NickServ ---------------------------------- There are many ways to identify to DALnet Services; some are secure, some are not. Let's take a look at what Nickserv teaches you to do. If you use a registered nickname, you will get: -NickServ- This nick is owned by someone else. Please choose another. -NickServ- If this is your nick, type: /msg NickServ@services.dal.net IDENTIFY password The ENFORCE option is now set by default after the complete nickname registration. If you have the ENFORCE option turned on then you will see a third line: -NickServ- Your nick will be changed in 60 seconds if you do not comply. Therefore, you should use: /msg NickServ@services.dal.net IDENTIFY or one of the other built-in commands for identifying to NickServ. These built-in commands are: /nickserv IDENTIFY /identify /services IDENTIFY For those who wish to identify to a nick that they are *not* using at the time, these variations are available: /nickserv IDENTIFY /identify /services IDENTIFY Please keep in mind that your IRC client may prevent you from using one of the above mentioned built-in commands. In those cases, we advise you to use the "/quote" prefix in order to send your identification command directly to the server. Examples: /quote nickserv IDENTIFY /quote identify /quote services IDENTIFY Finally, remember these commands and do not use any other variations. DALnet is not going to change NickServ to another name. If you are in doubt about this, you can always ask in #Help or #OperHelp. 1.2 * Ways to Identify to ChanServ ---------------------------------- As with NickServ, the standard way to identify to ChanServ would be: /msg chanserv@services.dal.net IDENTIFY <#channel> There are also the three built-in commands: /chanserv IDENTIFY <#channel> /identify <#channel> /services IDENTIFY <#channel> Once again, if you run into problems with your IRC client then use the "/quote" prefix to get around the limitation: /quote chanserv IDENTIFY <#channel> /quote identify <#channel> /quote services IDENTIFY <#channel> If you are not sure about something then go to DALnet help channel #Help and ask. They always available to you. 1.3 * Auto-Identification Scripts --------------------------------- DALnet does *not* support or encourage the use of auto-identification scripts. Scripts are tricky things. There are many people who attempt to steal passwords by providing a script that slips them a constant report of what you are doing while chatting on-line. In addition, it is quite easy for someone else who has access to your script to retrieve the password. It has also happened that users have accidentally sent out their nickname and channel passwords to other users when they wanted to share their scripts. An insecure script may also send the password to a services impersonator instead of the real Services. 1.4 * 'Fake' DALnet Services Ploys ---------------------------------- Frequently, impostors try to impersonate DALnet Services. The most popular way is to use a nickname with a very similar spelling to the actual Services. Before we continue, you should have a good idea of what the *real* Services look like. NickServ is service@dal.net * Nick Registration Service NickServ using services.dal.net DALnet services home base NickServ End of /WHOIS list. ChanServ is service@dal.net * Channel Registration Service ChanServ using services.dal.net DALnet services home base ChanServ End of /WHOIS list. Note: It is normal to see ChanServ on different channels every time you "/whois ChanServ", as it constantly joins channels to masskick. For example: ChanServ on @#randomchannel #Dragonrealm #chatzone Services Impersonators will attempt to deceive you by adopting nicks and Real Name fields that are similar to one actually used by Services. The following would be a good example: NickSrve is service@mc-38-214.tm.net.my * Nick Registration Service NickSrve using twisted.ma.us.dal.net Global NAPs - Quincy, MA NickSrve End of /WHOIS list. Since they want to trick you into giving out their password, they will send out notices that are similar to, or exactly like the ones sent out by Services: -NickSeve- This nick is owned by someone else. Please choose another. -NickSeve- If this is your nick, type: /msg NickSeve IDENTIFY password -NickSeve- Your nick will be changed in 60 seconds if you do not comply. There are myriad nicks that Services impersonators come up with every day. It is impossible to list them all, however, you should always be wary of anything that asks you to use a command not mentioned previously in section 1.1. Another good way of recognizing Services impersonators is to note which server they are on. The real DALnet Services will always be located on services.dal.net. On occasion, Services Impersonators will go one step further by claiming that your nick or channel will drop unless you identify to them or that they are some type of "back-up" services. *Do not pay them any attention*. You can always ask in one of the help channels if you feel they sound genuine. 2 * IRCop Impersonators ----------------------- In addition to users who pretend to be Services, there are also a lot of users around who pretend to be IRC Operators. They may resort to threats ("you will be klined" is a popular one) in order to intimidate you or they may act helpful in order to trick information out of you. Either way, they do not have your best interests at heart. 2.1 * Telling Passwords ----------------------- Never tell your password to someone who messages you and asks for it. DALnet staff do not message users and ask for passwords. DALnet will not send you mail and ask for passwords. If you get a sudden message asking for a password, you can assume it is not for a good reason. 2.2 * How to Tell an IRC Operator? ---------------------------------- When a person is given IRC Operator privileges, it is written into the IRCd of a particular server. The IRCd is a program which coordinates everything that happens on DALnet with all the other servers. It has various other functions which are not important to this document. Because the IRC Operator privileges are written into the IRCD, it recognizes the IRC Operator when this Operator issues a special command. This is often called 'opering up'. When an IRC Operator 'opers up', the IRCD recognizes the privileges this person has and adds a separate line to the IRC Operator's "/whois." This line is by itself and says, "Heathcliff is an IRC Operator" When you look at all the information for someone you think may be an IRC Operator, it would look something like this: Heathcliff is moi@pp326.sometimes.net * Wherever you go, there you are. Heathcliff using jade.va.us.dal.net Hell hath no fury like a woman scorned for Sega. Heathcliff has identified for this nick Heathcliff is an IRC Operator - Services Administrator Heathcliff End of /WHOIS list. If you do not see that line by itself in a "/whois", someone is trying to fool you. If you think that perhaps this person might be an IRC Operator, ask him or her to 'oper up' and then look for that line in the "/whois". If it doesn't show, run quickly in another direction and put this person on ignore if they continue to bother you. 2.3 * 'Fake' IRC Operator Ploys ------------------------------- There are many ways someone may try to appear to be an IRC Operator. One of the most frequent is to have the word 'oper' in his or her nick or username. Here are some examples. "OperHelper is IRCop@DL34.really.net * IRC Operator" "IRCopper is oper@23673.pretend.net * I'm a IRCop and I'm gonna get you" Another thing a fake oper might do is to put an away message in his or her "/whois" to try to simulate the statement on a single line. An example of this might be, OperMan is MircOper@ppp317.wonderful.net * Your busy IRC Operator OperMan using jade.va.us.dal.net Hell hath no fury like a woman scorned for Sega. OperMan is away: IRC Operator - Services Administrator OperMan has been idle 18mins 12secs, signed on Sat Oct 21 19:12:13 OperMan End of /WHOIS list. Look at the difference between these lines. "Heathcliff is an IRC Operator - Services Administrator (the real thing)" "OperMan is away: IRC Operator - Services Administrator (a fake)" Notice the : after the word 'away'. This person has set an away message to try to look like a real oper. Notice also that this user has not identified to that nick. It probably isn't registered. There are some nicks which have been abused so much by people pretending to be opers, that they are no longer permitted to be registered. You may also have seen that this person seems to be bragging about being an IRC operator in just about any way he can. Real opers don't have the need for all this bragging. The single line says it all. 2.4 * In Summary ---------------- There are some not-so-nice users who pretend to be IRC Operators. They sometimes do that to intimidate, and sometimes to get passwords from people so they can take over nicks and channels. Users need to know how to protect themselves against such nasty users. DALnet personnel will not message you and ask for a password. If this happens, do not give it. DALnet will not mail you and ask you for your password. If this happens, do not give it. If you are approached by someone who claims to be an IRC Operator, do a "/whois " command. In the information, look for a separate line that says So-and-So is an IRC Operator. Be sure there is not an away message made to look like the person is an IRC Operator. Never give your password to anyone. 3 * Frequently Asked Questions ------------------------------ Q: Where can I report an IRCop or Services Impersonator? A: You can report the incident in #OperHelp or find an IRCop personally by following the instructions at http://docs.dal.net/docs/findoper.html. Q: Is there any one simple thing that I can use to identify a Services Impersonator? A: Yes. If they are using a nick other than NickServ or ChanServ then they are not the real thing. Services are always going to be on the server services.dal.net as well. Q: I lost my nick/channel to a Services Impersonator. Can you give it back to me? A: No. We consider password security to be your own responsibility. There are simply way too many users for DALnet to watch over your shoulder every time you do something. We do our best by providing you with resources such as warnings, documents and staff in the DALnet owned help channels. Think of this as a lesson... you will not make the same mistake again. ---------------------------------------------------------------------- IRC: /server irc.dal.net 7000 (also port 6667) The Web: http://www.dal.net/ DALnet Help: http://help.dal.net/ IRC FTP: ftp://ftp.dal.net/ Network! Email: help at dal.net (help), docs at dal.net (help documents), suggest at dal.net (suggestions and comments)