Top Mud Sites Forum - View Single Post - Cyber-Attack on Atonement (warning)

DonathinFrye · 08-09-2012, 03:05 AM

Notice that I'm not actively attempting to argue with anyone here; I've actually avoided posting because I really don't want to be trolled into an argument. I'd like to think that I have reputation on TMS as both a good, friendly community member and respected administrator of multiple games over the years. A few things I'll note before putting this matter to bed:

- My point, Ide, was that I created this thread as a Public Service Announcement to warn other games of this programmer so that they understand that he is a potential security liability.

- Sebguer is not an admin on Atonement anymore, but I am thankful for his support as a player; even if he and Hal were inexperienced in running a game and had to make due with limited resources during their tenure of administration (while I was taken away from it due to real life), I'm thankful that they were there. They kept the game alive during that period of time - and Atonement is a rather special game that exists, in no small part, because of them (and a number of others).

- I'm not attempting to ignore the oversight revolving around this guy's security access. However, I'm also not really keen on accepting personal insults from situational outsiders; the first that I'd ever heard of this person was when our game was hacked. I was not aware that he had this level of access (or even existed), nor am I the staff member who is the administrator of the server itself. I am the administrator that cleaned up the mess, investigated the issue, banned this guy - and made a friendly attempt to warn other MUDs of him. If there's a lesson to be learned revolving around giving this access to people that you do not know to voluntarily program for your game, I'm not opposed to that discussion. I am opposed to turning the other cheek when people begin to use this situation as a means to point fingers at me personally (or the game itself) without the knowledge to do so; simply put, it's an ignorant comment. It's a situation that any game could find itself in, no matter how secure it believes itself to be.

- I would agree with the others posting in that you do not need to give the highest level of security access to a coder for your game. It would, perhaps, be beneficial for newer admins to hear good alternatives so that they can protect the security of their game. As we did, I would also encourage people to have a system to automatically backup your information in a safe place - not just for a security breach, but for a number of reasons. This is what saved us from a massive amount of data loss.

- Thank you to the folks who've given us their best wishes. The truth of the matter is that we recovered from the attack after about 24 hours, with the biggest loss being a few players having lost a centimeter of skill-progress. We've been back to business as usual since then. Again, I just wanted to give the community a warning, an effort that I thought was the responsible decision considering the potential damage was far greater than the actual damage.

08-09-2012, 03:05 AM	#30
DonathinFrye Senior Member Join Date: Dec 2005 Name: Donathin Frye Location: Columbus, OH Home MUD: Optional Realities Home MUD: Atonement RPI Home MUD: Project Redshift Posts: 510	Re: Cyber-Attack on Atonement (warning) Notice that I'm not actively attempting to argue with anyone here; I've actually avoided posting because I really don't want to be trolled into an argument. I'd like to think that I have reputation on TMS as both a good, friendly community member and respected administrator of multiple games over the years. A few things I'll note before putting this matter to bed: - My point, Ide, was that I created this thread as a Public Service Announcement to warn other games of this programmer so that they understand that he is a potential security liability. - Sebguer is not an admin on Atonement anymore, but I am thankful for his support as a player; even if he and Hal were inexperienced in running a game and had to make due with limited resources during their tenure of administration (while I was taken away from it due to real life), I'm thankful that they were there. They kept the game alive during that period of time - and Atonement is a rather special game that exists, in no small part, because of them (and a number of others). - I'm not attempting to ignore the oversight revolving around this guy's security access. However, I'm also not really keen on accepting personal insults from situational outsiders; the first that I'd ever heard of this person was when our game was hacked. I was not aware that he had this level of access (or even existed), nor am I the staff member who is the administrator of the server itself. I am the administrator that cleaned up the mess, investigated the issue, banned this guy - and made a friendly attempt to warn other MUDs of him. If there's a lesson to be learned revolving around giving this access to people that you do not know to voluntarily program for your game, I'm not opposed to that discussion. I am opposed to turning the other cheek when people begin to use this situation as a means to point fingers at me personally (or the game itself) without the knowledge to do so; simply put, it's an ignorant comment. It's a situation that any game could find itself in, no matter how secure it believes itself to be. - I would agree with the others posting in that you do not need to give the highest level of security access to a coder for your game. It would, perhaps, be beneficial for newer admins to hear good alternatives so that they can protect the security of their game. As we did, I would also encourage people to have a system to automatically backup your information in a safe place - not just for a security breach, but for a number of reasons. This is what saved us from a massive amount of data loss. - Thank you to the folks who've given us their best wishes. The truth of the matter is that we recovered from the attack after about 24 hours, with the biggest loss being a few players having lost a centimeter of skill-progress. We've been back to business as usual since then. Again, I just wanted to give the community a warning, an effort that I thought was the responsible decision considering the potential damage was far greater than the actual damage. Last edited by DonathinFrye : 08-09-2012 at 03:26 AM.