Mud Machine hacked -- AntaresMUD

From: Gary Barnett (gbarnett@polarnet.com)
Date: 02/24/97


I'm not sure this is on-topic.. yet I think maybe it can squeak by. If
you feel it is off-topic enough to flame, flame away (to me, not the
list, please)

I had a fun day today. Someone managed to hack into my mud server and
wreak havoc on the filesystem. (Thank God for backups) Amazing what
Linux does when it lacks the /bin /etc /var and /usr dirs. 

Nothing was lost except my time. (The intruder tripped over a security
measure I had, so they only had root access for maybe a minute. Long
enough to mess up the filesystem, but not long enough to sniff a bunch
of packets or the like -- which my ISP was quite happy to hear I must
say.) Interestingly enough it doesn't seem they were after the mud's
code or a password file.. they just wanted to trash the machine.

I write this hoping someone can share some jewels of wisdom. or failing
that, maybe a few words about how I'm not an idiot for spending my time
running a mud. :-)

My questions:

1) What do you do about Gods that get themselves kicked off your mud and
decide revenge upon the server is the way to go? I am 90% sure that this
attack was by a former God on the mud (at least the log that I recovered
by using a sector editor seems to support the theory -- the site being
the same.) The reason this God was asked to leave is another story.. one
that I would be happy to relate.. but isn't germane to this post.

2) What OS do you use? Do you consider it to be secure? I am currently
considering BSDi and Solaris.. It seems fairly obvious to me that
I'm not willing to spend the time it takes to keep a Linux system secure.
At least the emperical evidence shows that to be true. :-)

3) Of the people on the list who have had security breakins.. what have
you done to stop the attacks? (what do you do to stop the people from
knocking on the door all the time? or.. what do you drink to stop you
from caring that the barbarians are at the gate?)

Thanks in advance for your time.

--Mallory -- Imp of AntaresMUD (down for an OS replacement..
if you hadn't guessed)



+-----------------------------------------------------------+
| Ensure that you have read the CircleMUD Mailing List FAQ: |
|   http://cspo.queensu.ca/~fletcher/Circle/list_faq.html   |
|    Or send 'info circle' to majordomo@cspo.queensu.ca     |
+-----------------------------------------------------------+



This archive was generated by hypermail 2b30 : 12/18/00 PST