The recommended way to upgrade is:Linux:Rename your old UnrealIRCd directory (or otherwise you'll overwrite it in the next step)Extract the new UnrealIRCd version and run ./Config and makeCopy your old configuration files to the new directory (unrealircd.conf, motd, rules, server.* [SSL certs], network file, etc)
2.0 - Installation Tested & Supported Operating Systems:*NIX versions:Linux 2.2.xLinux 2.4.xFreeBSD 4.6-STABLEFreeBSD 4.5-STABLESolaris 2.xWindows version: WindowsXP HomeWindowsXP ProWindows 2000 ProWindows 2000 ServerWindows 2000 Advanced ServerWindows 98Windows Me If you have Unreal3.2 working correctly under other operating systems, please send the details to email@example.com
The ban ip block bans an IP from accessing the server. This includes both users and servers attempting to link. The ban::mask parameter is an IP which may contain wildcard characters, and ban::reason is the reason why this ban is being placed. Since this ban affects servers it should be used very carefully.
The ban version block allows you to ban a client based on the IRC client software they use. This makes use of the clients CTCP version reply. Therefore if a client does not send out a CTCP version, the ban will not work. This feature is intended to allow you to block malicious scripts. The ban::mask specifies the version which should be banned. The mask may contain wildcards. The ban::reason specifies the reason why this ban is being placed. You can also specify ban::action, kill is the default, tempshun will shun the specific user connection only and would work very effective against zombies/bots at dynamic IPs because it won't affect innocent users. shun/kline/zline/gline/gzline will place a ban of that type on the ip (*@IPADDR), the duration of these bans can be configured with set::ban-version-tkl-time and defaults to 1 day.
This block allows you to deny a server from linking based on the version of Unreal it is running and what compile time options it has. The format for this block is somewhat complex but isn't too hard to figure out. The deny::mask directive specifies a wildcard mask of the server name this applies to. The deny::version specifies the protocol number of the version this refers to.
For example, 3.0 is 2301, 3.1.1/3.1.2 is 2302, 3.2 is 2303. The first character of this parameter can be one of the following >, then all version greater than the specified version are denied, if it is a
set::ssl::egd ; Specifies that EGD (Entropy Gathering Daemon) support should be enabled. If you run OpenSSL 0.9.7 or higher, then /var/run/egd-pool, /dev/egd-pool, /etc/egd-pool, and /etc/entropy will be searched by default so no filename is necessary, you may simply specify set::ssl::egd with no value. If you are using a version of OpenSSL prior to 0.9.7 or you want to use a EGD socket located somewhere other than the above listed locations you may specify the filename of the UNIX Domain Socket that an EGD is listening on.
8.9 SummaryAs you now hopefully understand, you can never be 100% secure. You (and us) have to find&fix every hole out there, while an attacker only needs to find just 1 server with 1 hole. Everything that was explained here DOES however help by minimizing the risks considerably. Do take the time to secure your network and educate your opers. A lot of people don't care about security until they got hacked, try to avoid that :). 076b4e4f54