We have found that one of our clients (virt. domain account) is using the following software on our servers.

BitchX
bnc
Eggdrop

This is the first incident of such we have encountered since we started hosting. We have sent the client the following email warning:

"clients name,

We have noticed your use of the following software on our servers.

BitchX
Eggdrop
bnc

We hope that you are not doing anything of hostile intent. If we find this
to be the case we will immediatly shutdown your account and inform the local
authorities.

This is just a warning at this point.

We do not allow illegal or hostile actions from our servers. If you are not
practicing such actions then please disregard this email.

ACNS Support"

My question is. Am I being too soft or should I just go ahead and kill the account? I realize that most of the software is targeted towards IRC servers but I am not very well informed as to it's actual use and seriousness.

Any suggestions welcome.

chuck

You are being too hard. Just let them know to use the software with caution, Don't overly invade their privacy, all the tools they have are generally used to access irc, not cause problems

Bitchx=irc client
eggdrop=type of irc bot (usually for saving your channel operator status)

Many hosting companies don't allow irc on their networks, because it has a tendency to draw a decent amount of cpu cycles. So it's something to think about.

We noticed the usage in TOP. Also, we just sent a warning due to the nature of bnc not specifically bitchx or eggdrop.

chuck

I'm a Netadmin, and IRCop on several networks, and frequent several differnt servers. I use bnc's all the time to make nicer looking dns's. Nothing illegal about it, ofcourse several networks ban the use of bnc's and if caught the bnc is banned.......

Thus far I must admit that the client using these packages has used less resources than our JSP engine so I can't really bring myself to believe that they are doing anything really intense with the software.

We have not seen anything untowards about the usage as yet and will probably not. Thus we will more than likely leave well enough alone for now.

Thanks for the input though. It was very much appreciated.

Chuck

Originally posted by ckizer
Many hosting companies don't allow irc on their networks, because it has a tendency to draw a decent amount of cpu cycles. So it's something to think about.

I'm not sure about that. I've seen 200kbps of IRC traffic (somewhere around 1000 connections IIRC) taking under 1% of a P3-650's cpu time. The memory usage was slightly more significant -- about 25MB -- but I think the main reason ISPs don't like IRC is the risk of suffering DoS attacks.

I kill these processes immediately when I see them. They can use a lot of bandwidth and they can attract
hackers to your server.

The user recieves a warning message telling him/her
that we do not allow IRC bouncers etc. and that his/her
account will be closed the next time we discover these
background processes running under his account.

I think you are being too soft. Feel free to kill the account. And for the future, make sure that you add the proper statements to your hosting terms and agreements.

I think you are being too hard as well. It's annoying that many hosts don't allow it even on dedicated servers. These tools can actually be used for something good. And you don't have to be using Efnet but more secure connections.