Authserv Security

This site uses cookies. By continuing to browse this site, you are agreeing to our use of cookies. More details

  • Authserv Security

    Your authserv account is the most important on IRC. It grants you access to example:

    • Access in the main channel
    • Access to the team channels
    • GameServ with the ability to temporarily ban people from game channels
    • Setinfos
    • For admins also OGN tools to manage staff on IRC

    Its also used to give you a face on IRC, when you login into Authserv it will change your host to Authname.teamrank.GameTLD and it will voice or OP you in public game channels. This way users can recognize you as a teammember and be sure they are talking with the right person.

    Because of this its very important to protect your Authserv account agains hackers and phishers who could use it to gain access on places they should not have access.

    Authserv knows 3 kinds of protections. The most known one is the password protection, the most annoying one is the ident@IP protection and the last one is the limits of logins at the same time.

    I will help you configure your account for an optimal but still manageable protection.

    Please be sure you are using commands with sensitive information such as passwords or emails in a save window like status (OnlineGamesNet). It will prevent that everybody can see what you typed if you made a mistake in the command (For example if you typed .as instead of /as)


    The first one is the password, you can choose this yourself when you register and account on the website. A good password is between the 8 and the 12 characters long. Not too short for a backtrack hack (Trying all combinations between a and zzzzzzzzzz) but also not to long to forget and to keep it manageable.

    A password should not contain any easy to guess combinations like ''qwerty, azerty, 12345678, password, etcetra'' but a combination of numbers, letters and special characters such as '@!#$%^&*()?><=+-_' (Its not recommended to use : in your password, it could give technical errors). The password is not capital sensitve so you could leave this out.

    If you want to change your password you can use the following command:

    /as pass <old password> <new password>

    You must replace the information inside the < and > and leave the < and > out of the command.

    If you want to request a new password because you forgot your old one you can use:

    /as resetpass <account> <new password>

    Authserv will send an email to the email which is used to register this account (Or if you ever changed this email to this one).
    This email contains a command which looks like: /msg cookie <code>. (This code is only a code to confirm the change! It will not be your new password.)
    If you copy this command and paste in on IRC it will confirm the resetpass and you'll be able to login with the new password.
    Same story as the other command, replace the information inside the < and > and leave the < and > out.

    If you want to change the email which is attached to your account you can use the command:

    /as set email <new email>

    Authserv will send you an email to both emails with a cookie code to confirm the change, you must use both of the cookies to complete the change. If you can't access your old email you must contact the IRC staff in #help. Its also not recommended to use any team email because this email is usually temporary. Same story as all commands, do not put the < and > in the command but repleace whats inside.

    ident@IP protection

    This is for most people the most annoying protection of all because it will ask you for confirm via the email if your IP changed but this protection could be very usefull when you make a mistake by accident and show your password to people. It will deny people to login on your account if the ident or IP is unknown for him.

    The format of this protection is ident@IP and wildcard (*) is allowed. Its not usual to make use of the ident protection but just to use the IP protection. This means that when you want to add an IP to the list you could use *@IP.

    When you register an account for the first time Authserv remembers the IP you're using the first time of authing. Its attached to your account as *@IP and it'll only allows this IP to login into your account at that time.

    If you want to add an IP to the list while you are authed you can use this command:

    /as addmask *@<IP>

    With this command you must repleace the <IP> part to the IP you want to add to the list and leave the < and > out.

    If you want to see which IP's are added on your list you must use the command:

    /as info

    Authserv shows you a list with some information about your account. Between this information you can find the line ''-AuthServ- Hostmask(s):''. All hosts which are added to your account are behind this line.

    If you want to remove an IP you must copy the ident@IP part and use:

    /as delmask <ident@IP>

    Replace <ident@IP> for the copied hostmask.
    Do not forget to keep your bouncer (ZNC) host/IP in the list if you are using one, if you're not sure which one it is ask your bouncer provider.
    There must be at least one hostmask in the list so its not possible to remove the last one in the list.

    And now the part where this protection is annoying. If your IP is changed and you try to login it will say that your hostmask does not match with any hostmasks in the list. In this case you must use the command:

    /as authcookie <account>

    Authserv sends an email to the email which it attached to the account to confirm you are the real owner of the account. This email contains like resetpass a command which starts with ''/msg cookie <code>''. You must copy this command and paste it on IRC, your new IP will be added to the list after you did this.

    There is a possibilty to disable this protection by adding *@* to the list, it could be usefull to people with a dynamic IP which changes a lot. This is NOT! recommended, only if there is no other solution. People with a dynamic IP for example have 6 of the 10 times a host instead of an IP (Its an IP which contains also letters and characters instead of only numbers). In this case there is also always a part of the host which is not dynamic. For example: the host '''' contains ''''. In many cases this is a part of the host which is not dynamic and you can use '/as addmask *@*' to still have a bit protection from the IP protect.

    Login limit

    Login limit means there is a limit of connections which can be authed at the same account at the same moment. This could be changed from 1 to 10 connections at the same time. The default for this is 2 and I recommend people who use IRC just for their team job and simple things to keep this on 2. People who are using a bouncer could better set this to 3 or 4. It depends on how much bouncers you use, its recommended to keep 1 or 2 'free' spots on your account as clones you usually have. This is recommended because there is no way to login if too many people are authed on the account, not even with an email confirm.

    To change the number of maximal logins use:

    /as set maxlogins <1/2/3/4/5/6/7/8/9/10>

    If you have any questions about Authserv protection or having trouble with it? Do not doubt to contact me with /msg Victor <your question> or contact any IRC teammember in #help.