-
well, i maybe late on this..but if it was someone in the same relative location as ertai…would it be possible someone saw him log in, saw the pw? or has access to that comp at some point...
shrug, dunno.
*back to being an asshole elsewhere*
and yes.
we do all stick together. i might never say it much, but you ppl are pretty decent :) doesnt mean i dont want to take some of you and thrust you head-first into a wood chipper, or put other ppl's testicles in a blender on puree...but yeah.
Later
Soth
-
I can pretty well guarantee that I was hacked and my pword was not guessed. I never log on with people watching me, and it's a relatively unique password. Oh, and the only people that touch my computer are watched by me (god I'm freakin paranoid)
Also, he needed me to log in for him to get my password, otherwise he would have just gone straight for my character or higher. He obviously thought Serenity was unable to be punished, so when I froze him, he was taken offguard.
I don't think we'd need something to change every week, but I do agree that everyone needs to change their passwords once we've restored just to be safe (for logs and such that the hacker may have)
It looked almost as though (from the logs) that he went down the list of immortal powers and used them until he got bored (after finding security ones… siteban/wizlock/etc) The only thing that I could forsee causing real problems is if he messed with the wilds. Everything else can be set back pretty easy.
Anyways, I can't wait to get back up. I'm glad everyone feels so close to the people here (testicle and treeshredder or not)
We kick ass!
eRT
-
Soth if I was a guy you would scare me there, but since I'm not I think I'm safe…..for now. Yea, we're a hate filled family of misfits here who might fight and bicker between each other but if our little world is threatened we all band toether.
-
i look at it as less of hate, or violence…
and more as practicing the art of ajudication.
:)
Soth
-
~~@Xevira:~~
> Only way to laugh at that moron since he obviously didn't know what he was doing. He could have done ALOT worse with the immortal accounts he got into.
naw, imm accounts are pretty safe. For security purposes even if you're lv155, there's no way to destroy data outside the game from within the game. you can't do a game wipe or data wipe without having access to the machine the game is running on, and that's highly monitored. therefore the damage you can do is pretty limited, and reversible. i just hadn't talked to londo about setting up a daly backup job to save all the data. but i have a backup nonetheless.
-
Well abit of good news I can think of is that if the backup is from the 19th then allt he work we did to fix the global may still be there :D. Hehe Just thought I'd add that. ;)
-
~~@Jazelle:~~
> Soth if I was a guy you would scare me there, but since I'm not I think I'm safe…..for now. Yea, we're a hate filled family of misfits here who might fight and bicker between each other but if our little world is threatened we all band toether.
Like a big feudin' family of hillbillies.
-
So ertai, you think mebbe he guessed Serenity's pword. Then was snooping you or some such as you logged on using Serenity? Just a thought. Really dont know to much about how that works.
-
Snooping only works on those that are connected and logged in. And you can only snoop someone lower level than you if I recall. Ertai's level > Serenity's level. The hacker couldn't snoop him in the game anyways. As far as snooping outside the game, I'm not entirely sure how that's possible unless the hacker… err, enough with the hacker designation... he was a moron since he didn't really know what he was doing.... unless the MORON had access to the host machine or the machines of ertai or serenity and could sniff the packets that were being sent/received.
That's just my guess... the moron. If you're gonna to the trouble of breaking into a mud, at least have the brains to know what you're doing. He could have done alot worse if he had damaged as much as possible and performed a shutdown (had he managed to hack into an IMP... alot more files would have been saved to disk.. alot more damage to fix. So yeah, that's where the "much worse" business came in. I kinda figured he wouldn't have the ability to outright DELETE the stuff without shell access.
Hell, I think we should all feel insulted... being "hacked" by an obvious moronic amateur. -_- I know I do.... :evil:
-
Even if he wasn't a moron I would still feel insulted. Why the hell would you want to hack a mud anyway? There's almost no point. It's just, well, stupid. The fact that he is a moron just adds the slap in the face. We'll be up and running soon, and hopefully they will get what they have coming to them. About the password changing system. A week may be a little too low, but I still think there should be some sort of time period where it asks you to change it. Maybe a month, maybe 6? I don't know. It just seems to me like that could prevent problems in the future.
-
me and Xevira (since he is a lot more proficient at programming than me) have been shooting around ideas for making the game more secure from the inside. Also, instead of just copying everyone over I'm going to just copy over the player files of the people who have been modified by whoever the attacker was.
why would anyone hack a mud? well, several reasons… possibly they're unhappy with some decision I or one of the other imps made, and either have knowledge of network security flaws, or have friends that do. Perhaps they play another MUD and don't want to see ours running. Maybe they're just bored. Anyway, not pissing off these people is just as important as beefing up security, because no security will ever be enough - saying your server is absolutely secure is just inviting someone who's clever enough and has enough time to hack it. Xevira does have a point - he could have done a lot more damage if he had known what he was doing. But I wouldn't call them morons just yet; obviously they know something I wasn't astute enough to spot.
Londo had an interesting idea... perhaps some of the imms havn't changed their passwords from the last time we got hacked. But this is unlikely , seeing as how that was 1.5+ years ago.. .but anyway a global password change would solve it.
sometime pretty soon we're going to fix Ertai up with some shell access so he can fix what's needed from there, restart the game if needed, etc. This won't be until I have some time to tutor him on some security things and some basic aspects of how the game runs. This will allow the game to be up more often, and I will work on making it more stable.
I've almost finished my code changes to the game. I'm really sorry I havn't done it yet, but I've had work really early almost every day this week, a whole lot of reading and also a lengthy programming assignment to do for a class, as well as lots of social stuff (like smoking reefer) so I'm pretty exhausted, but I'll have it up by tomorrow definitely. hope you all have a good day :)
-
you guys can connect and play now
it'll prompt you to change your password once. I suggest you think of one before you type it in - it needs an uppercase char, lowercase char, and a number
-
hmm…. really? I get a connection refused. >.> Sure it's up and on the right port?
-
Hey Syn. Don't worry about it dude. I'm sure a lot of us have other things to do. Heck I have classes from 9:25 to 8 PM some days 8O So don't apologize, it's all cool.
-
oops i forgot to turn it on. should be up now
-
Well I got back on, saw a few messages but couldn't do anything as I'm still frozen. :)
-
Hrmm, at 645am Eastern time this morn i couldnt get on. :(
-
meh i cant get on either :(
-
Well it was up and running. Syn loaded up the backup from the 19th. That bug Syn is trying to fix might be responsible.
-
Maybe the bug reproduced before Syn could get in to neuter it… :(
Oh wait, not that kind of fixing. ;)
