On Fri, 8 Sep 2000, Shane Lee wrote: > -What I meant was this: I don't intend on worrying about something a > hacker could or couldn't do to my MUD. I mean come on, do you > actually think they are going to take over your life just because > they can get in and screw with your MUD for an hour or so? No, I don't believe that, the mud itself, Hack that one for all I care, It'll be annoying yes, but nothing that couldn't be solved. Besides, all I had to do (in my case) was to login to the machine (not the mud), change the password, remove all "non" known IMP's (since there's only 3 imps that's not a big deal), do the same to all gods (Since we know who the gods are as well), ASK EVERYONE to change their passwords. If players don't do that, not my problem, gods just the same. That wasn't my point, my point was that you have to differ between security and security. There's mudsecurity, that one's low, heck one on the same lan as you (Imagine a school) would be able to sniff your password, using nothing more than tcpdump. Then there's the Serversecurity, now THERE you have to be more carefull what you do, you don't want people inside your machine you don't know, Even if it is not your machine, you can at least contribute to the security of the Server by not opening up a gaping hole through the mud. That is what I'm talking about, the serversecurity not the mud-security. Heck if they get hold of the code so? They could have downloaded a newer version of Circle anyway as you put it. But since they have access to the machine, they might use it as a jumphost for hacking, portscanning, DoS'ing, Spamming (keep filling in the blanks :) another host, that is something to worry about. > saying to lighten up a little - it's just a game. Yes, it's just a game, running on a server, try asking the Admin of the server how he/she feels about having someone spamming from his/her server (bloddy, I think I'm going to use the $m and $e extensions :), or someone using $s machine to Portscan another machine, hack it, Kill it or whatever. Investigation will show that the guy FIRST got access through your mud, my best guess is that your mud will be shut down immediatly, not to be started on that server :). But it's still only a game, and games do not need shell-extensions, they need things like rocks, scissors and paper! :) /S Sir Alec Guinness - May the force be with you, Always! +------------------------------------------------------------+ | Ensure that you have read the CircleMUD Mailing List FAQ: | | http://qsilver.queensu.ca/~fletchra/Circle/list-faq.html | +------------------------------------------------------------+
This archive was generated by hypermail 2b30 : 04/11/01 PDT