Lately , one bug in particular caught my attention. Due to the new Undernet hostmasking feature , many idiots manage to evade bans much more easier. First of all , if , let's say , an 101 level ban is stored in a paricular's channel X banlist , when an 100 access user tries to remove it , X actually removes it from the channel's banlist , leaving it only in it's banlist. With this happening , many people mask their hosts (+x theirselves) , then remove the ban , and then join in. X doesn't reinforce the ban , thus , allowing the banned users to rejoin freely. I'm not posting this tread just because i'm annoyed by this bug , but because many specific channel rules are broken by it.

In a word: "HUH???"

That was nearly illegible, but here's my take on it:

If a user is logged in, X sees the actual host so it doesn't matter which host you ban, it will still work (if you use X to ban with). The catch is, if you ban a user's virtual hostmask, then he /quits and reconnects, but does not login, he can evade the ban. X doesn't check the host of non-authed users, so it can only rely on its banlist in this case.

Exactly my point. But also ,if the user that's trying to evade the ban (let's say a 500 level one) he CAN remove it through X , although X still keeps it in it's banlist). Example :
-X- You have insufficient access to remove the ban *!*porschegr@* from #taifas's database
* X sets mode: -b *!*porschegr@*
-X- Removed 1 bans that matched *!*porschegr@*

Ok after a few tests: you are correct.

A user can remove a higher level ban from the active channel banlist, though it does remain in X's banlist (viewable with the LBANLIST command).

Additionally we discovered that while X will keep track of both hosts when the virtual hostmask usermode is enabled, it would probably be a good idea for X to also check both even if +x is not enabled.

eg:

Ban someone with only their virtual hostmask. They can /quit and reconnect, re-auth with X, join the channel using their real host, remove the higher level vhost ban from the active banlist, then set +x and guess what? X doesn't care... even though the vhost ban is still in X's banlist, once the user has joined, he can set +x and X won't enforce the ban.

If someone can remove the ban, that means they're already an Op in that channel. What's the problem then? If you don't want them to be in the channel anymore, revoke their X access.

that's not the point. If i ban someone .... and that someone has a friend in my channel list , i can't possibly find out who's removing the ban ...