When setting up a private IRC server with dancer-ircd, we typically need either of these security models:
- Global password authentication for all connections
- Individual user registration with admin approval
Edit the dancer-ircd configuration file (typically at /etc/dancer-ircd/ircd.conf):
auth {
password = "your_secure_password_here";
spoof = "no";
use_ssl = "yes";
};
This requires all clients to authenticate with the specified password during connection:
/connect irc.yourserver.com 6667 your_secure_password_here
For individual user accounts using dancer-services:
service {
nickname = "NickServ";
user = "services";
host = "services.yournetwork.com";
modes = "+s";
};
register {
email_required = "yes";
admin_approval = "yes";
};
Set up the admin approval process in /etc/dancer-services/services.conf:
registration {
require_admin_approval = yes;
admin_notify = "your@email.com";
approval_command = "/msg NickServ APPROVE <account>";
};
New users would follow this sequence:
/msg NickServ REGISTER password youremail@example.com
As admin, you'd then approve with:
/msg NickServ APPROVE username
Consider adding these protections:
connection {
max_connections = 50;
throttle = "yes";
flood = "10:60";
};
ban {
mask = "*!*@*";
reason = "Unauthorized Access";
exception = "trusted_users.txt";
};
For larger groups, create a script to manage users:
#!/bin/bash
# add_irc_user.sh
USER=$1
PASS=$(openssl rand -base64 12)
echo "$USER:$PASS" >> /etc/dancer-ircd/users.db
echo "User $USER added with password $PASS"
When setting up a private IRC server using dancer-ircd on Ubuntu, the default configuration allows open connections. For a friends-only environment, we need to implement authentication mechanisms. There are two primary approaches:
- Global password protection (simpler)
- Individual username/password with nick registration (more granular)
Edit your /etc/dancer-ircd/ircd.conf file:
password = "your_secure_password_here";
class "users" {
password = "your_secure_password_here";
host = "*";
max number = 100;
};
Then restart the service:
sudo systemctl restart dancer-ircdFor more controlled access using dancer-services:
service {
name = "NickServ";
user = "services";
host = "services.yournetwork.com";
command = "/usr/lib/dancer-services/nickserv";
};
Configure registration settings in /etc/dancer-services/services.conf:
NickServ {
Registration = "yes";
RequireAuth = "yes";
MaxUsers = 50; // Adjust for your group size
};
Create an access list in ircd.conf to restrict connections:
allow {
ip = "192.168.1.*"; // Example LAN range
password = "optional_lan_password";
class = "users";
};
allow {
hostname = "*.friendsdomain.com";
password = "friendspassword";
class = "users";
};
Set up operator privileges for management:
oper "adminnick" {
password = "operpassword";
host = "*@*";
flags = "all";
};
For automatic processing of registered users, create a script:
#!/bin/bash
# /usr/local/bin/irc_user_approval.sh
NEW_USER=$1
if grep -q "$NEW_USER" /etc/dancer-ircd/approved_users.txt; then
echo "/msg NickServ APPROVE $NEW_USER" >> /var/lib/dancer-services/in
fi
Set up a cron job to run this periodically against newly registered nicks.
Additional hardening measures:
// In ircd.conf
klines {
"*.badisp.com";
"spammer*@*";
duration = "7d";
};
throttle {
connections = 3;
period = "60s";
};
Remember to:
- Use TLS encryption (configure SSL in ircd.conf)
- Set appropriate file permissions
- Regularly update both dancer-ircd and dancer-services