IRC: Dangerous?

Can I link to an IRC channel?
No. IRC is dangerous. Worse than linking to a website.
How is it dangerous?
IRC is dangerous. With all the bots and whatnot that can be created for them… Heck, we’re not even allowed to have links to them on the site. It’d be violating TOS with our server provider.
Most IRC bots are harmless.

Meanwhile, on the IRC channel,

Don’t listen to him, haggisbot!
Cover your ears!

However, according to Wikipedia,

An IRC bot is a set of scripts or an independent program that connects to Internet Relay Chat as a client, and so appears to other IRC users as another user. It differs from a regular client in that instead of providing interactive access to IRC for a human user, it performs automated functions.

The historically oldest IRC bots were Bill Wisner’s Bartender and Greg Lindahl’s GM (Game Manager for the Hunt the Wumpus game).[1]. Over time, bots evolved to provide special services, such as managing channels on behalf of groups of users, maintaining access lists, and providing access to databases.

Often, an IRC bot is deployed as a detached program running from a stable host. It sits on an IRC channel to keep it open and prevents malicious users from taking over the channel. It can be configured to give channel operator status to privileged users when they join the channel, and can provide a unified channel operator list. Many of these features require that the bot be a channel operator. Thus, most IRC bots are run from computers which have long uptimes (generally running a BSD derivative or Linux) and a fast, stable Internet connection. As IRC has become popular with many dial-up users as well, special services have appeared that offer limited user-level access to a stable Linux server with a decent connection. The user may run an IRC bot from this shell account. These services are commonly known as shell providers.

A bot can also perform many other useful functions, such as logging what happens in an IRC channel, giving out information on demand (very popular in IRC channels dealing with user support), creating statistics, hosting trivia games, and so on. These functions are usually provided by user-writable scripts, often written in a scripting programming language such as Tcl or Perl, added to the bot in question. Channels dedicated to file sharing often use XDCC bots to distribute their files.

IRC bots are particularly well-used on IRC networks without channel registration services like ChanServ, such as EFnet and IRCnet, and on networks that may prevent channels from being registered due to certain registration requirements (minimum user count, etc.), such as Undernet or QuakeNet. Where bots are used for administrative functions such as this, they may need more access than a normal client connection allows. Some versions of IRC have a “Service” protocol that allows clients with these extra powers. Such server-sanctioned bots are called IRC services.

Bots are not always welcome. Some IRC networks forbid the usage of bots. One of the reasons for doing so is that each nickname connected to the network increases the size of the network database which is being kept in sync across all servers. Allowing for bots in large networks can cause a relevant amount of network traffic overhead which needs to be financed and may even lead to netsplits. This however is a shortcoming of the IRC technology, not the bots.[2][3]

People that create an IRC bot use either the scripting language built into a client, or appropriate frameworks of a suitable programming language, or they use an existing bot implementation, and adapt it to their needs.

Popular IRC bots include Eggdrop, psotnic, Winbot, EnergyMech, DreamBot, Infobot, blootbot, Supybot, ShoutIRC and tec.

Nowhere in there does it say that the most IRC bots are malicious.  In fact, it doesn’t say anywhere that any IRC bots are malicious.  Why?  They aren’t.

Take haggisbot for example.  Someone at the highest userlevel possible could ask about volumes of a magazine, reboot the bot, play ping pong, make it say something, tell other users that they fail, facepalm, kick out users that are causing trouble from the chat, ask for a userlist, ask about ranks and possible commands, use haggisbot as a calculator, temporarily mute and unmute trouble users, and do simple string conversions like MD5, reversing, base64 encoding/decoding, rotating the alphabet 13 letters, and making their text show up in a rainbow.

Nowhere in there is anything that can do harm to anyone.  There are no hacking functions.  All haggisbot does is listen to simple commands, kick out people who break the language rules, and log the chat.

IRC bots don’t cause identity theft.  In fact, bots like NickServ prevent it.  Just by registering your name with NickServ, you can prevent other people from taking your nickname.  If someone joins any chat on freenode as Nightgunner5, they will have 30 seconds to log in with a password, and if they don’t, they will have their nickname changed to Guest with a few random numbers after it.

IRC bots, especially ChanServ, can prevent a channel from being taken over by hackers.  If a netsplit occurs, or a server needs to be rebooted, an IRC bot can keep the channel safe just by staying in it.  If there were no IRC bots, there would be no way to keep random people from becoming operators.  If a channel is empty on an IRC server, anyone who joins it will instantly become an operator, and obtain the ability to modify any aspect of the channel.  However, if the channel is registered with ChanServ, a simple /msg ChanServ RECOVER #channelname can get the channel back in order quite quickly, especially since ChanServ can make itself an operator.

If anyone can tell me one reason that IRC is more dangerous than a website, please make a comment here.

9 thoughts on “IRC: Dangerous?

Comments are closed.