Re: Mud Machine hacked -- AntaresMUD

From: JTRhone (ujtr@lady.cs.sunyit.edu)
Date: 02/25/97


> My questions:
> 
> 1) What do you do about Gods that get themselves kicked off your mud and
> decide revenge upon the server is the way to go? I am 90% sure that this
I've kicked a few people off, hmm I think every situation is unique
though.  I had one player really get steamed because I blacklisted him
from a couple of his favorite muds (good to have friends :).  He stole
code, actually a complete mud, and only changed the title screen and put
it up on some other site.... in my mind, very worthy of blacklisting.  He
then plotted revenge on my machine, though he slipped when he mentioned
the ip address of my machine on IRC.  Again, good to have friends, as I
happened to have a buddy monitoring that IRC channel (which he does for a
living, imagine that, what a job :) who then alerted me that a possible
attack was under way on my machine.  A few minutes of backups and password
changes along with warning his friends on my mud that I knew seemed to
stop that fairly fast.

> 2) What OS do you use? Do you consider it to be secure? I am currently
> considering BSDi and Solaris.. It seems fairly obvious to me that
> I'm not willing to spend the time it takes to keep a Linux system secure.
> At least the emperical evidence shows that to be true. :-)
I think that the OS doesn't matter if they get root access.  I work with
all sorts of OS, and no matter if its Solaris or OSF/1 or BSDi, if they
have root access, things can get ugly.

> 3) Of the people on the list who have had security breakins.. what have
> you done to stop the attacks? (what do you do to stop the people from
> knocking on the door all the time? or.. what do you drink to stop you
> from caring that the barbarians are at the gate?)
Usually we can run a traceroute or we have ample logs available to
determine the remote IP which fails a login... this is assuming they fail
at least once.  A little threatening email to them or their sysadmin
sometimes steers them off.  Though if they ARE the owner of the machine
they logged in from, it doesn't matter much.

One protective measure I take, is to have a backup in some obsucre
directory like 7 or 8 levels deep.  A find command will screw this up
though...hopefully they will be discovered before they discover the find
command.

jtrhone aka vall

+-----------------------------------------------------------+
| Ensure that you have read the CircleMUD Mailing List FAQ: |
|   http://cspo.queensu.ca/~fletcher/Circle/list_faq.html   |
|    Or send 'info circle' to majordomo@cspo.queensu.ca     |
+-----------------------------------------------------------+



This archive was generated by hypermail 2b30 : 12/18/00 PST