-
~~@Syn:~~
> i wouldn't worry about it too much, we have backups
>
> with our ip logs we can hopefully track this person down
>
> i have classes until evening today but then i'll look at it
>
> we still need to assess how much damage was caused. Also i am
>
> going to implement a thing which will make all players change their passes after they login before they are allowed to play
>
> as to your comments, jazelle, you have to realise there is no complete security in the internet world. i'm sorry to put it in these words but i'm the only coder even present at the moment, extremely overworked and i have full-time classes, a job and a social life. i'm trying to do the best i can with what little time i have to devote to this, all the while trying to recruiting help from people i know to be trustable (like Ertai), so please don't act like i'm doing something wrong because i'm not on call 24/7 to address concerns in the mudding world.
Syn I understand I was only thinking on your side having it so you can track down people better and people do think twice when they have to give out their info. I know the program for the game does have some security settings you could toggle. It's just a frustration point that is hard to come up with an answer.
No one expects you to be on 24/7 that is just plain silly we all have a RL and you deserve to have one too. We all trust Ertai and mainly feel sorry that he had to be their focus point. Just remember we do support you and will help out in anyway we can so don't hestate to ask us for help.
-
~~@Elmah:~~
> Just a side question… What the hell is the motive here for hacking Sentience?
Guys with too much free time and needs to attempt to compensate for their small penises.
-
University of Michigan? If we get a name I can go there and kick some ass… :-D
I just wanna say something to Elmah here. You're awesome man. You deal with all sorts of rl issues and even though you can't currently connect, you stay in touch with us all and I just want to know that I appreciate you!
Anyways, I got some stuff to do after I check the rest of the posts so this will be short
eRT
-
Ertai you make me smile. Dude, I'm not going anywhere. Especially with people like you and some other folks I won't embarass publicly around. Heck, I feel like a part of the game now. Whether I was Bink the whiney little bitch, Jenner the asshole, Lyvain the… Lyvain?, or Elmah MacLean, I felt like I belonged.
I'm a Sentient. Be it down, or be I unable to connect.
Sorry for ranting.
-
Syn, about that password changing system… I'd suggest that you expand on it even further. I think it would be wise to impliment something that forces you to change your password say... every week or so. It's no big deal to come up with a new password and write it down, and it's much safer.
-
As I said on the huge friggen AIM chat last night:
"Awww, Sentience people. **squee**"
hehe. Maybe I'm being overly Lulu-like, but you guys make me feel fluffy. :> We may snark (a lot) at each other in game, but when it comes down to it, we all stick together. Awww. :D
**hugs a tree**
-
i've looked around on the server a bit. It doesn't show anyone but me and londo logging into shell, so it hink someone just hacked or guessed seresnity and ertai's password somehow, or that's what it would point to anyway. If they had shell account they would have at least wiped the logs, if not the other game data there, but it seems to be intact. At least i'm hoping that's the case since this is relatively easy to deal with… i'm considering adding a wait time to people who are denied due to a bad pw, but that maybe more trouble than it's worth
i've started working on the new changes, but i'm completly exhausted and have a programming project to do and work early tomorrow. so hopefully afte ri get out of class, i can finish this up and get the game goin
-
Yes, from what Londo said it looked like the shell access was totally safe. It had to be viva game account access only. Good thing they didn't touch the logs. About all I could tell from the player logs we took is that they messed up the pfile, locked out many of the areas, changed the churches names and hit every flag command they could. Pretty much just reinstall the pfile and game files and it should be up and going. Just a few days lost. But over all don't push yourself if it takes a few days so be it.
-
Meh, I guess I can live with a couple days' loss. Although, Londo determined that at the time Ertai was hacked into, only five pfiles were saved to disk: Bashae, Ertai, Armand, Serenity and Turlis. As far as those slaughtered during the CPK/slay/purge event as well as when those remorted by the moron….. you might not have been able to save your pfiles at all...
What does that means? You that got CPKd, might not have lost anything. Those that were remorted, might not have corrupted pfiles. And all that might need restoring would be the game files and the affected pfiles (with perhaps some bit of compensation). Hell, if areas were merely closed and whatnot, nothing deleted/butchered, those might not need restoring, just reopened. I DO know the church files are in a definite need of repair.
Anyways, that's alot of might's and maybe's. But hey, it could have been much worse. And even if the game were simply restored from the 19th's backup, it's not much loss for many people. We'll just to see when we get to log on.
On a side note in an attempt to bring some levity to the situation... did anyone else have visions of Matrix: Revolutions with the rampant Smiths destroying the Matrix and whatnot? Only way to laugh at that moron since he obviously didn't know what he was doing. He could have done ALOT worse with the immortal accounts he got into.
-
Well hopefully too much isn't messed with, the less the better. The only thing I can think of that might cause some complaint is missing global rewards. I'm not sure how that should be dealt with, I suppose we'll see.
As for what Syn said about them possibly guessing the passwords, I think that's a good reason that we should be forced to change our passwords now and then. Anybody who finds that too much of an inconvenience to play… probably couldn't take Sentience in it's entirety anyway.
Again, I hope things aren't too bad, and that we're up and runnin' again soon. I know a lot of people *cough ME cough* are bored because they don't have anything to do.
-
Depending on the extent of the damage we might just go to the save of the 19th if it would take too much time to fix everything. In which case me and Ertai will fix the global again and get it up and running again for you guys. Which while it isn't the same, it might be the best we can do, or at least the best I can.
-
Probably all we can expect, really. Cope with the few days loss and move on. Not like we can't recover. :)
And yes, I agree with Belexus… *readies MUSHClient and his leveling fingers* :D Ok, I can wait. :)
-
well, i maybe late on this..but if it was someone in the same relative location as ertai…would it be possible someone saw him log in, saw the pw? or has access to that comp at some point...
shrug, dunno.
*back to being an asshole elsewhere*
and yes.
we do all stick together. i might never say it much, but you ppl are pretty decent :) doesnt mean i dont want to take some of you and thrust you head-first into a wood chipper, or put other ppl's testicles in a blender on puree...but yeah.
Later
Soth
-
I can pretty well guarantee that I was hacked and my pword was not guessed. I never log on with people watching me, and it's a relatively unique password. Oh, and the only people that touch my computer are watched by me (god I'm freakin paranoid)
Also, he needed me to log in for him to get my password, otherwise he would have just gone straight for my character or higher. He obviously thought Serenity was unable to be punished, so when I froze him, he was taken offguard.
I don't think we'd need something to change every week, but I do agree that everyone needs to change their passwords once we've restored just to be safe (for logs and such that the hacker may have)
It looked almost as though (from the logs) that he went down the list of immortal powers and used them until he got bored (after finding security ones… siteban/wizlock/etc) The only thing that I could forsee causing real problems is if he messed with the wilds. Everything else can be set back pretty easy.
Anyways, I can't wait to get back up. I'm glad everyone feels so close to the people here (testicle and treeshredder or not)
We kick ass!
eRT
-
Soth if I was a guy you would scare me there, but since I'm not I think I'm safe…..for now. Yea, we're a hate filled family of misfits here who might fight and bicker between each other but if our little world is threatened we all band toether.
-
i look at it as less of hate, or violence…
and more as practicing the art of ajudication.
:)
Soth
-
~~@Xevira:~~
> Only way to laugh at that moron since he obviously didn't know what he was doing. He could have done ALOT worse with the immortal accounts he got into.
naw, imm accounts are pretty safe. For security purposes even if you're lv155, there's no way to destroy data outside the game from within the game. you can't do a game wipe or data wipe without having access to the machine the game is running on, and that's highly monitored. therefore the damage you can do is pretty limited, and reversible. i just hadn't talked to londo about setting up a daly backup job to save all the data. but i have a backup nonetheless.
-
Well abit of good news I can think of is that if the backup is from the 19th then allt he work we did to fix the global may still be there :D. Hehe Just thought I'd add that. ;)
-
~~@Jazelle:~~
> Soth if I was a guy you would scare me there, but since I'm not I think I'm safe…..for now. Yea, we're a hate filled family of misfits here who might fight and bicker between each other but if our little world is threatened we all band toether.
Like a big feudin' family of hillbillies.
-
So ertai, you think mebbe he guessed Serenity's pword. Then was snooping you or some such as you logged on using Serenity? Just a thought. Really dont know to much about how that works.
