Top Mud Sites Forum - View Single Post - Basic MUD security for admins and novices

Alastair · 05-01-2002, 03:42 PM

It seems one of the most recurring posts made on admin, legal and ethical forums either here or on TMC is a cry for help: Help, a former staff member has stolen my MUD or wiped my files, what can I do?

It seems the obvious needs to be stated from time to time. To be safe rather than sorry, you should get a few very simple security habits, and fortunately, most of those require no coding at all.

Security is not reserved to major corporate networks. It's a safety net to avoid some problems. The few measures below won't stop a determined hacker, but will slow down the casual self-righteous avenger.

Five steps to prevent a lot of future trouble:

1. Use at least basic password encryption instead of plain text. If you want to be able to help out players who lost their password, implement a command allowing staff to set a new password, and e-mail it to the addy the player used when creating their char.
2. When ordinary staff member resign, back up their work, then delete their account. You can always restore it if they return at a later date.
3. When staff members with shell accounts leave, immediately change the shell password. If you can't do that yourself, ensure the hoster does it immediately.
4. Ask your hoster to log IPs to shell access.
5. Backup your MUD as often as possible. Ideally once a day, in the worst case before and after any change is introduced. Don't leave the backups on the shell, ftp them to your private computer and delete them.

Now that was simple, wasn't it? Of those five steps, only the first one might involve actual coding, if it isn't shipped out of your codebase's distribution.

If you ever experience a disgruntled staff member wreaking havoc on your MUD or simply stealing the code, while you didn't implement those five steps, post your horror stories if you want, but remember: you have been warned.

05-01-2002, 03:42 PM	#1
Alastair Member Join Date: Apr 2002 Location: Switzerland Posts: 120	It seems one of the most recurring posts made on admin, legal and ethical forums either here or on TMC is a cry for help: Help, a former staff member has stolen my MUD or wiped my files, what can I do? It seems the obvious needs to be stated from time to time. To be safe rather than sorry, you should get a few very simple security habits, and fortunately, most of those require no coding at all. Security is not reserved to major corporate networks. It's a safety net to avoid some problems. The few measures below won't stop a determined hacker, but will slow down the casual self-righteous avenger. Five steps to prevent a lot of future trouble: 1. Use at least basic password encryption instead of plain text. If you want to be able to help out players who lost their password, implement a command allowing staff to set a new password, and e-mail it to the addy the player used when creating their char. 2. When ordinary staff member resign, back up their work, then delete their account. You can always restore it if they return at a later date. 3. When staff members with shell accounts leave, immediately change the shell password. If you can't do that yourself, ensure the hoster does it immediately. 4. Ask your hoster to log IPs to shell access. 5. Backup your MUD as often as possible. Ideally once a day, in the worst case before and after any change is introduced. Don't leave the backups on the shell, ftp them to your private computer and delete them. Now that was simple, wasn't it? Of those five steps, only the first one might involve actual coding, if it isn't shipped out of your codebase's distribution. If you ever experience a disgruntled staff member wreaking havoc on your MUD or simply stealing the code, while you didn't implement those five steps, post your horror stories if you want, but remember: you have been warned.