We've had a few account violations at a site I administer, and I believe that the problem has been pinpointed as being IRC. One user pointed this out as the access point into his own account, and this seems to be confirmed by a co-worker who also had his account broken, in apparently the same meathod. So, the question is -- Have there been any new holes in IRC (the newest non- beta version... IRCII 2.2.9, I think) discovered recently? I'm aware of the "ON EXEC" problems, and the like, but the co-worker who's account was broken ran no scripts, nor executed any command to disable EXEC_PROTECTION or anything simular (he's a very lightweight IRC user). I'd -really- like to find the specific meathod of entry here -- Disabling IRC is really not an option. as far as i'm aware (as ircii's maintainer) there are no bugs in a standard 2.2.9 that give this access. there are, however, some versions that were on various ftp sites that had some backdoors in them (CTCP GROK and CTCP JUPE are the ones i know about), that would give someone `control' over the client - which is as good as giving someone a shell. run % strings /usr/local/bin/irc | egrep 'JUPE|GROK' and see if the client has those strings. if so, i'd suggest getting and installing a new client. (email me if you want to be sure the client is `clean'). if anyone knows of anything else, i'd really like to know about it. .mrg.