freenode 要求使用者更換密碼

有 server 被摸進去了,參考「Server issues」:

Earlier today the freenode infra team noticed an anomaly on a single IRC server. We have since identified that this was indicative of the server being compromised by an unknown third party.

因此建議大家更換 channel key 與密碼:

Since traffic may have been sniffed, you may also wish to consider any channel keys or similar secret information exchanged over the network.

使用 SSL 連上 Freenode IRC server

ijliao 長輩的 blog 上看到「weechat」這篇才想起來 Freenode 有提供 SSL 連線。

可以在「About freenode: IRC Servers」這頁看到 SSL port 的連線資訊:

All freenode servers listen on ports 6665, 6666, 6667, 6697 (SSL only), 7000 (SSL only), 7070 (SSL only), 8000, 8001 and 8002.

其中 port 6698/7000/7070 是 SSL only,所以就拿這幾個用。由於我是在 Ubuntu 上跑 ppa 版的 WeeChat,所以基本上只加上這三行就可以了:

/set irc.server.freenode.address chat.freenode.net/6697
/set irc.server.freenode.ssl on
/set irc.server.freenode.ssl_dhkey_size 1024

連上後應該會看到類似的訊息:

gnutls: connected using 1024-bit Diffie-Hellman shared secret exchange
gnutls: receiving 2 certificates
 - certificate[1] info:
   - subject `OU=Domain Control Validated,OU=Gandi Standard Wildcard SSL,CN=*.freenode.net', issuer `C=FR,O=GANDI SAS,CN=Gandi Standard SSL CA', RSA key 2048 bits, signed using RSA-SHA1, activated `2014-01-13 00:00:00 UTC', expires `2015-01-14 23:59:59 UTC', SHA-1 fingerprint `2df8bb8922e69f781ef5abcd234fffde0490be21'
 - certificate[2] info:
   - subject `C=FR,O=GANDI SAS,CN=Gandi Standard SSL CA', issuer `C=US,ST=UT,L=Salt Lake City,O=The USERTRUST Network,OU=http://www.usertrust.com,CN=UTN-USERFirst-Hardware', RSA key 2048 bits, signed using RSA-SHA1, activated `2008-10-23 00:00:00 UTC', expires `2020-05-30 10:48:38 UTC', SHA-1 fingerprint `a9f79883a075ce82d20d274d1368e876140d33b3'
gnutls: peer's certificate is trusted

然後在 status line 裡,server[freenode] 的部份變成綠色的。