-
~~@Jazelle:~~
> Soth if I was a guy you would scare me there, but since I'm not I think I'm safe…..for now. Yea, we're a hate filled family of misfits here who might fight and bicker between each other but if our little world is threatened we all band toether.
Like a big feudin' family of hillbillies.
-
So ertai, you think mebbe he guessed Serenity's pword. Then was snooping you or some such as you logged on using Serenity? Just a thought. Really dont know to much about how that works.
-
Snooping only works on those that are connected and logged in. And you can only snoop someone lower level than you if I recall. Ertai's level > Serenity's level. The hacker couldn't snoop him in the game anyways. As far as snooping outside the game, I'm not entirely sure how that's possible unless the hacker… err, enough with the hacker designation... he was a moron since he didn't really know what he was doing.... unless the MORON had access to the host machine or the machines of ertai or serenity and could sniff the packets that were being sent/received.
That's just my guess... the moron. If you're gonna to the trouble of breaking into a mud, at least have the brains to know what you're doing. He could have done alot worse if he had damaged as much as possible and performed a shutdown (had he managed to hack into an IMP... alot more files would have been saved to disk.. alot more damage to fix. So yeah, that's where the "much worse" business came in. I kinda figured he wouldn't have the ability to outright DELETE the stuff without shell access.
Hell, I think we should all feel insulted... being "hacked" by an obvious moronic amateur. -_- I know I do.... :evil:
-
Even if he wasn't a moron I would still feel insulted. Why the hell would you want to hack a mud anyway? There's almost no point. It's just, well, stupid. The fact that he is a moron just adds the slap in the face. We'll be up and running soon, and hopefully they will get what they have coming to them. About the password changing system. A week may be a little too low, but I still think there should be some sort of time period where it asks you to change it. Maybe a month, maybe 6? I don't know. It just seems to me like that could prevent problems in the future.
-
me and Xevira (since he is a lot more proficient at programming than me) have been shooting around ideas for making the game more secure from the inside. Also, instead of just copying everyone over I'm going to just copy over the player files of the people who have been modified by whoever the attacker was.
why would anyone hack a mud? well, several reasons… possibly they're unhappy with some decision I or one of the other imps made, and either have knowledge of network security flaws, or have friends that do. Perhaps they play another MUD and don't want to see ours running. Maybe they're just bored. Anyway, not pissing off these people is just as important as beefing up security, because no security will ever be enough - saying your server is absolutely secure is just inviting someone who's clever enough and has enough time to hack it. Xevira does have a point - he could have done a lot more damage if he had known what he was doing. But I wouldn't call them morons just yet; obviously they know something I wasn't astute enough to spot.
Londo had an interesting idea... perhaps some of the imms havn't changed their passwords from the last time we got hacked. But this is unlikely , seeing as how that was 1.5+ years ago.. .but anyway a global password change would solve it.
sometime pretty soon we're going to fix Ertai up with some shell access so he can fix what's needed from there, restart the game if needed, etc. This won't be until I have some time to tutor him on some security things and some basic aspects of how the game runs. This will allow the game to be up more often, and I will work on making it more stable.
I've almost finished my code changes to the game. I'm really sorry I havn't done it yet, but I've had work really early almost every day this week, a whole lot of reading and also a lengthy programming assignment to do for a class, as well as lots of social stuff (like smoking reefer) so I'm pretty exhausted, but I'll have it up by tomorrow definitely. hope you all have a good day :)
-
you guys can connect and play now
it'll prompt you to change your password once. I suggest you think of one before you type it in - it needs an uppercase char, lowercase char, and a number
-
hmm…. really? I get a connection refused. >.> Sure it's up and on the right port?
-
Hey Syn. Don't worry about it dude. I'm sure a lot of us have other things to do. Heck I have classes from 9:25 to 8 PM some days 8O So don't apologize, it's all cool.
-
oops i forgot to turn it on. should be up now
-
Well I got back on, saw a few messages but couldn't do anything as I'm still frozen. :)
-
Hrmm, at 645am Eastern time this morn i couldnt get on. :(
-
meh i cant get on either :(
-
Well it was up and running. Syn loaded up the backup from the 19th. That bug Syn is trying to fix might be responsible.
-
Maybe the bug reproduced before Syn could get in to neuter it… :(
Oh wait, not that kind of fixing. ;)
