The irc.bararanca.com SSL has been expired since 6th June, it was updated today.
With the change of SSL we also used the time to update the cyphers, the hash and the dh params to 2048.
You can AND SHOULD connect to irc via SSL:
Personally, I would like to have a better setup on the SSL and be more strict, but at the moment with the limitation of gnutls on inspIRCd it's hard to do so, but...
the server is secure:
In Omerta IRC we have a bot that consistently scans ips of new users in order to find blacklisted or "bad users" and bans them, yesterday (26 December 2014) one of the services that provides us the blacklists was discontinued: Ahbl.
You can read more about it in here: http://www.ahbl.org/content/changes-ahbl & http://www.ahbl.org/content/last-notice-wildcarding-services-jan-1st
The way they decided to stop the service was to force every scan to show as blacklisted, this caused the issues with our network, every new connection got banned and only the ones that never disconnected IRC could stay.
The situation is now FIXED.
Meanwhile, we will update this post to inform when our bot Helpster is back, as he was the bad guy banning everyone we just plugged it off.
Update #1: Helpster is back online.
With the objective of communicating the changes that affect Omerta IRC network, we've decided to create a blog in the new wiki.
As you might have noticed, the current wiki is still not updated, this will change during next weeks as we are focusing in centralizing all documentation.
Recent attacks and new network changes
The network has been victim of some DDoS attacks, this ones were fixed last week with a new update on our firewall rules, the attackers have changed their method to something that forces users to reply with the malicious intention of generating spam and get disconnected from our server as "Excessive flood".
To prevent this, we have added a "Connection throttle", if there are many connections at same time and you try to connect to the server you will get the following message:
|Delayed connection message|
Also, to allow a less amount of bots and spam we've added a proxy-checker, with this a new rule is applied to the network:
- You are not allowed to run Open Proxies (without authentication) on same network you are connecting to the server.
For the operators of the most active channels in network we recommend disabling channel CTCP by adding mode +C to your channels.