Hacked again
-
Syn, about that password changing system… I'd suggest that you expand on it even further. I think it would be wise to impliment something that forces you to change your password say... every week or so. It's no big deal to come up with a new password and write it down, and it's much safer.
-
As I said on the huge friggen AIM chat last night:
"Awww, Sentience people. squee"
hehe. Maybe I'm being overly Lulu-like, but you guys make me feel fluffy. :> We may snark (a lot) at each other in game, but when it comes down to it, we all stick together. Awww. :D
hugs a tree
-
i've looked around on the server a bit. It doesn't show anyone but me and londo logging into shell, so it hink someone just hacked or guessed seresnity and ertai's password somehow, or that's what it would point to anyway. If they had shell account they would have at least wiped the logs, if not the other game data there, but it seems to be intact. At least i'm hoping that's the case since this is relatively easy to deal with… i'm considering adding a wait time to people who are denied due to a bad pw, but that maybe more trouble than it's worth
i've started working on the new changes, but i'm completly exhausted and have a programming project to do and work early tomorrow. so hopefully afte ri get out of class, i can finish this up and get the game goin
-
Yes, from what Londo said it looked like the shell access was totally safe. It had to be viva game account access only. Good thing they didn't touch the logs. About all I could tell from the player logs we took is that they messed up the pfile, locked out many of the areas, changed the churches names and hit every flag command they could. Pretty much just reinstall the pfile and game files and it should be up and going. Just a few days lost. But over all don't push yourself if it takes a few days so be it.
-
Meh, I guess I can live with a couple days' loss. Although, Londo determined that at the time Ertai was hacked into, only five pfiles were saved to disk: Bashae, Ertai, Armand, Serenity and Turlis. As far as those slaughtered during the CPK/slay/purge event as well as when those remorted by the moron….. you might not have been able to save your pfiles at all...
What does that means? You that got CPKd, might not have lost anything. Those that were remorted, might not have corrupted pfiles. And all that might need restoring would be the game files and the affected pfiles (with perhaps some bit of compensation). Hell, if areas were merely closed and whatnot, nothing deleted/butchered, those might not need restoring, just reopened. I DO know the church files are in a definite need of repair.
Anyways, that's alot of might's and maybe's. But hey, it could have been much worse. And even if the game were simply restored from the 19th's backup, it's not much loss for many people. We'll just to see when we get to log on.
On a side note in an attempt to bring some levity to the situation... did anyone else have visions of Matrix: Revolutions with the rampant Smiths destroying the Matrix and whatnot? Only way to laugh at that moron since he obviously didn't know what he was doing. He could have done ALOT worse with the immortal accounts he got into.
-
Well hopefully too much isn't messed with, the less the better. The only thing I can think of that might cause some complaint is missing global rewards. I'm not sure how that should be dealt with, I suppose we'll see.
As for what Syn said about them possibly guessing the passwords, I think that's a good reason that we should be forced to change our passwords now and then. Anybody who finds that too much of an inconvenience to play… probably couldn't take Sentience in it's entirety anyway.
Again, I hope things aren't too bad, and that we're up and runnin' again soon. I know a lot of people cough ME cough are bored because they don't have anything to do.
-
Depending on the extent of the damage we might just go to the save of the 19th if it would take too much time to fix everything. In which case me and Ertai will fix the global again and get it up and running again for you guys. Which while it isn't the same, it might be the best we can do, or at least the best I can.
-
Probably all we can expect, really. Cope with the few days loss and move on. Not like we can't recover. :)
And yes, I agree with Belexus… readies MUSHClient and his leveling fingers :D Ok, I can wait. :)
-
well, i maybe late on this..but if it was someone in the same relative location as ertai…would it be possible someone saw him log in, saw the pw? or has access to that comp at some point...
shrug, dunno.
back to being an asshole elsewhere
and yes.
we do all stick together. i might never say it much, but you ppl are pretty decent :) doesnt mean i dont want to take some of you and thrust you head-first into a wood chipper, or put other ppl's testicles in a blender on puree...but yeah.
Later
Soth
-
I can pretty well guarantee that I was hacked and my pword was not guessed. I never log on with people watching me, and it's a relatively unique password. Oh, and the only people that touch my computer are watched by me (god I'm freakin paranoid)
Also, he needed me to log in for him to get my password, otherwise he would have just gone straight for my character or higher. He obviously thought Serenity was unable to be punished, so when I froze him, he was taken offguard.
I don't think we'd need something to change every week, but I do agree that everyone needs to change their passwords once we've restored just to be safe (for logs and such that the hacker may have)
It looked almost as though (from the logs) that he went down the list of immortal powers and used them until he got bored (after finding security ones… siteban/wizlock/etc) The only thing that I could forsee causing real problems is if he messed with the wilds. Everything else can be set back pretty easy.
Anyways, I can't wait to get back up. I'm glad everyone feels so close to the people here (testicle and treeshredder or not)
We kick ass!
eRT
-
Soth if I was a guy you would scare me there, but since I'm not I think I'm safe…..for now. Yea, we're a hate filled family of misfits here who might fight and bicker between each other but if our little world is threatened we all band toether.
-
i look at it as less of hate, or violence…
and more as practicing the art of ajudication.
:)
Soth
-
<quote author="Xevira">
@Xevira:Only way to laugh at that moron since he obviously didn't know what he was doing. He could have done ALOT worse with the immortal accounts he got into.</quote>
naw, imm accounts are pretty safe. For security purposes even if you're lv155, there's no way to destroy data outside the game from within the game. you can't do a game wipe or data wipe without having access to the machine the game is running on, and that's highly monitored. therefore the damage you can do is pretty limited, and reversible. i just hadn't talked to londo about setting up a daly backup job to save all the data. but i have a backup nonetheless. -
Well abit of good news I can think of is that if the backup is from the 19th then allt he work we did to fix the global may still be there :D. Hehe Just thought I'd add that. ;)
-
<quote author="Jazelle">
@Jazelle:Soth if I was a guy you would scare me there, but since I'm not I think I'm safe…..for now. Yea, we're a hate filled family of misfits here who might fight and bicker between each other but if our little world is threatened we all band toether.</quote>
Like a big feudin' family of hillbillies.
-
So ertai, you think mebbe he guessed Serenity's pword. Then was snooping you or some such as you logged on using Serenity? Just a thought. Really dont know to much about how that works.
-
Snooping only works on those that are connected and logged in. And you can only snoop someone lower level than you if I recall. Ertai's level > Serenity's level. The hacker couldn't snoop him in the game anyways. As far as snooping outside the game, I'm not entirely sure how that's possible unless the hacker… err, enough with the hacker designation... he was a moron since he didn't really know what he was doing.... unless the MORON had access to the host machine or the machines of ertai or serenity and could sniff the packets that were being sent/received.
That's just my guess... the moron. If you're gonna to the trouble of breaking into a mud, at least have the brains to know what you're doing. He could have done alot worse if he had damaged as much as possible and performed a shutdown (had he managed to hack into an IMP... alot more files would have been saved to disk.. alot more damage to fix. So yeah, that's where the "much worse" business came in. I kinda figured he wouldn't have the ability to outright DELETE the stuff without shell access.
Hell, I think we should all feel insulted... being "hacked" by an obvious moronic amateur. -_- I know I do.... :evil:
-
Even if he wasn't a moron I would still feel insulted. Why the hell would you want to hack a mud anyway? There's almost no point. It's just, well, stupid. The fact that he is a moron just adds the slap in the face. We'll be up and running soon, and hopefully they will get what they have coming to them. About the password changing system. A week may be a little too low, but I still think there should be some sort of time period where it asks you to change it. Maybe a month, maybe 6? I don't know. It just seems to me like that could prevent problems in the future.
-
me and Xevira (since he is a lot more proficient at programming than me) have been shooting around ideas for making the game more secure from the inside. Also, instead of just copying everyone over I'm going to just copy over the player files of the people who have been modified by whoever the attacker was.
why would anyone hack a mud? well, several reasons… possibly they're unhappy with some decision I or one of the other imps made, and either have knowledge of network security flaws, or have friends that do. Perhaps they play another MUD and don't want to see ours running. Maybe they're just bored. Anyway, not pissing off these people is just as important as beefing up security, because no security will ever be enough - saying your server is absolutely secure is just inviting someone who's clever enough and has enough time to hack it. Xevira does have a point - he could have done a lot more damage if he had known what he was doing. But I wouldn't call them morons just yet; obviously they know something I wasn't astute enough to spot.
Londo had an interesting idea... perhaps some of the imms havn't changed their passwords from the last time we got hacked. But this is unlikely , seeing as how that was 1.5+ years ago.. .but anyway a global password change would solve it.
sometime pretty soon we're going to fix Ertai up with some shell access so he can fix what's needed from there, restart the game if needed, etc. This won't be until I have some time to tutor him on some security things and some basic aspects of how the game runs. This will allow the game to be up more often, and I will work on making it more stable.
I've almost finished my code changes to the game. I'm really sorry I havn't done it yet, but I've had work really early almost every day this week, a whole lot of reading and also a lengthy programming assignment to do for a class, as well as lots of social stuff (like smoking reefer) so I'm pretty exhausted, but I'll have it up by tomorrow definitely. hope you all have a good day :)
Hello! It looks like you're interested in this conversation, but you don't have an account yet.
Getting fed up of having to scroll through the same posts each visit? When you register for an account, you'll always come back to exactly where you were before, and choose to be notified of new replies (either via email, or push notification). You'll also be able to save bookmarks and upvote posts to show your appreciation to other community members.
With your input, this post could be even better 💗
Register Login