To create new wiki account, please join us on #znc at freenode and ask admins to create a wiki account for you. You can say thanks to spambots for this inconvenience.


From ZNC
(Redirected from Using ident spoofs)
Jump to: navigation, search

The identfile module places the ident of a user to a file when they are trying to connect. When the IRC server gets the connection request, it will query your system for the ident. An ident server such as oidentd or ident2 can read the ident file and send this ident back to the IRC server. Afterwards ZNC writes back the old contents of your ident file.

Loading the identfile module may be required to get connection limit increases (also referred to as ILINES or CLONES) on some networks to prevent username spoofing, specifically when you wish to run a bouncer service serving multiple users.

You will notice that this increases the time it takes for your connection to successfully connect. And if your ZNC has a large amount of users connecting to the same network the delay may spike up well in to several minutes.



This global module takes no arguments.

Read loading modules to learn more about loading modules.


Output of /msg *identfile help:

 | Command   | Arguments | Description          |
 | GetFile   |           |                      |
 | GetFormat |           |                      |
 | Help      | search    | Generate this output |
 | SetFile   | <file>    |                      |
 | SetFormat | <format>  |                      |
 | Show      |           |                      |

The format uses ExpandString, so %ident% will be expanded to ident. This is the value taken from the Ident field set for that ZNC user, or optionally, the network specific setting if there is one.

Another commonly used value is %user%, which is the name of the ZNC user connecting to IRC. As it may not be changed by normal ZNC users, it's often useful for BNC providers or anyone sharing the ZNC instance with others.

Using identfile with oidentd

1. Your /etc/oidentd.conf must allow ident spoofing for the user ZNC runs as (the allow spoof privilege).

Example file (replace "znc" with the user that ZNC will run on):

user "znc" {
    default {
        allow spoof
        allow spoof_all
        allow spoof_privport
        allow random
        allow random_numeric
        allow numeric
        allow hide

2. Create an empty .oidentd.conf in the homedir of the user you are running ZNC as (create this file while logged in as the user you run ZNC as):

touch ~/.oidentd.conf
chmod 644 ~/.oidentd.conf

3. Oidentd must be able to read your ~/.oidentd.conf. Therefore ZNC's homedir should at least have 711 (world executable, rwx--x--x) permissions. This step may not be necessary

chmod 711 ~

4. Next load and configure the identfile module. This can be done with the following commands.

/msg *status loadmod identfile
/msg *identfile setfile ~/.oidentd.conf
/msg *identfile setformat global { reply "%ident%" }

Check ExpandString for possible variables

Note: If you use ipv6 with oidentd and it is not working for an unknown reason, try running it like this: oidentd -a :: - it should force ipv6.

Using identfile with ident2

Warning: Ident2 does not support IPv6

1. Install ident2. By default when you install ident2 on debian it will automatically be configured and started via xinetd. If you are starting ident2 manually you will need to start it with the "-n" argument. This allows using an ident file in a user's homedir over their username for ident, and is required for use with the identfile module.

2. Next load and configure the identfile module. This can be done with the following commands.

/msg *status loadmod identfile
/msg *identfile setfile ~/.ident
/msg *identfile setformat ident %ident%

File Permissions

ident2 must be able to read your "~/.ident file". Therefore ZNC's homedir should at least have 711 (world executable, rwx--x--x) permissions. Commonly most homedir's are created as executable by other users but if this is not the case then you can use the following commands to change the permissions.

chmod 711 ~
touch ~/.ident
chmod 644 ~/.ident

Chrooted installs with identfile

If you have chrooted your ZNC installation you can still use identfile. Simply create a symbolic link to the ident file inside the chroot:

ln -s /home/bouncer/ident /var/chroot/home/bouncer/ident

You will need to change the "ident" part of each file to the actual file that your ident system uses, for oidentd it would become the following:

ln -s /home/bouncer/.oidentd.conf /var/chroot/home/bouncer/.oidentd.conf

All changes made by ZNC to the chromed ident file will now be visible for your ident server. An other way is, to chroot the ident server too which is more secure, but isn't easy for novice users.


Using ident spoofs with identserver and iptables

Troubleshooting tips

1. You will most likely have to chmod /home and /home/user with 644 permissions manually in order for the config to be read.

2. You will have to reconnect or restart ZNC after completing this, mileage may vary.

3. If there are any firewalls between ZNC and the IRC server, port 113 TCP needs to be permitted.

4. With oidentd, if there are any other users, or a "default" block. You may need to place the "znc" user at the top of the file.

5. Don't forget to restart or reload your identd after configuration changes.