Top Mud Sites Forum Return to TopMudSites.com
Go Back   Top Mud Sites Forum > MUD Players and General Discussion > Tavern of the Blue Hand
Click here to Register

Reply
 
LinkBack Thread Tools
Old 05-01-2002, 03:42 PM   #1
Alastair
Member
 
Join Date: Apr 2002
Location: Switzerland
Posts: 120
Alastair is on a distinguished road
Send a message via Yahoo to Alastair
Talking

It seems one of the most recurring posts made on admin, legal and ethical forums either here or on TMC is a cry for help: Help, a former staff member has stolen my MUD or wiped my files, what can I do?

It seems the obvious needs to be stated from time to time. To be safe rather than sorry, you should get a few very simple security habits, and fortunately, most of those require no coding at all.

Security is not reserved to major corporate networks. It's a safety net to avoid some problems. The few measures below won't stop a determined hacker, but will slow down the casual self-righteous avenger.

Five steps to prevent a lot of future trouble:

1. Use at least basic password encryption instead of plain text. If you want to be able to help out players who lost their password, implement a command allowing staff to set a new password, and e-mail it to the addy the player used when creating their char.
2. When ordinary staff member resign, back up their work, then delete their account. You can always restore it if they return at a later date.
3. When staff members with shell accounts leave, immediately change the shell password. If you can't do that yourself, ensure the hoster does it immediately.
4. Ask your hoster to log IPs to shell access.
5. Backup your MUD as often as possible. Ideally once a day, in the worst case before and after any change is introduced. Don't leave the backups on the shell, ftp them to your private computer and delete them.

Now that was simple, wasn't it? Of those five steps, only the first one might involve actual coding, if it isn't shipped out of your codebase's distribution.

If you ever experience a disgruntled staff member wreaking havoc on your MUD or simply stealing the code, while you didn't implement those five steps, post your horror stories if you want, but remember: you have been warned.
Alastair is offline   Reply With Quote
Old 05-02-2002, 12:02 AM   #2
Koryon
Member
 
Join Date: Apr 2002
Location: Canada
Posts: 50
Koryon is on a distinguished road
Send a message via ICQ to Koryon Send a message via MSN to Koryon
6. Use a secure version of telnet and ftp (SecureCRT, OpenSSH, many others) when connecting to your shell account, otherwise your password is liable to be intercepted, it's not a fairy tale, it happened to an unfortunate customer of mine.
Koryon is offline   Reply With Quote
Old 05-02-2002, 08:37 AM   #3
Seth
Senior Member
 
Join Date: Apr 2002
Location: Ede, The Netherlands
Posts: 271
Seth is on a distinguished road
Send a message via ICQ to Seth Send a message via MSN to Seth
Alternatively, code an SSH socket in your codebase because telnet is known to be insecure. The most ideal thing being a codebase only accepting SSH connections for imps/imms. Telnet connections for anyone but players would/should be refused.
Seth is offline   Reply With Quote
Old 05-02-2002, 09:02 AM   #4
Alastair
Member
 
Join Date: Apr 2002
Location: Switzerland
Posts: 120
Alastair is on a distinguished road
Send a message via Yahoo to Alastair
Quote:
Originally Posted by (Seth @ May 02 2002,2:37 pm)
Alternatively, code an SSH socket in your codebase because telnet is known to be insecure. The most ideal thing being a codebase only accepting SSH connections for imps/imms. Telnet connections for anyone but players would/should be refused.
Certainly good advice, though probably not quite as easy to implement for novices...

I'd rather venture that the people who know how to do that are not likely to post their pleas for help anyway.
Alastair is offline   Reply With Quote
Old 05-02-2002, 09:31 AM   #5
Seth
Senior Member
 
Join Date: Apr 2002
Location: Ede, The Netherlands
Posts: 271
Seth is on a distinguished road
Send a message via ICQ to Seth Send a message via MSN to Seth
Quote:
Originally Posted by (Alastair @ May 02 2002,3:02 pm)
Certainly good advice, though probably not quite as easy to implement for novices...

I'd rather venture that the people who know how to do that are not likely to post their pleas for help anyway.
Still tho, for people who can do some advanced coding, it would be worthwhile to make snippets for every codebase/engine to include an SSH connection socket. I think SSHd, the deamon used on *NIX machines to accept SSH connections, is Open Source and that with some searching you could find the source code for it.

Altho this does give a problem with non-opensource codebases/engines...
Seth is offline   Reply With Quote
Reply



Thread Tools


Basic MUD security for admins and novices - Similar Threads
Thread Thread Starter Forum Replies Last Post
Six Basic Directions NotL337 MUD Builders and Areas 19 12-02-2006 02:53 PM
Recruiting coders, basic C skills needed Singer Advertising for Staff 0 05-01-2005 09:44 AM
Security certification the_logos Advertising for Players 2 08-26-2004 03:48 AM
New Article: Basic Player Wants and Needs imported_Synozeer MUD Announcements 0 02-03-2003 12:10 PM
Basic Codebase Zellius MUD Coding 6 06-30-2002 09:43 AM

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

vB code is On
Smilies are On
[IMG] code is On
HTML code is Off
Trackbacks are On
Pingbacks are On
Refbacks are On

All times are GMT -4. The time now is 02:13 PM.


Powered by vBulletin® Version 3.6.7
Copyright ©2000 - 2014, Jelsoft Enterprises Ltd.
LinkBacks Enabled by vBSEO 3.0.0
Style based on a design by Essilor
Copyright Top Mud Sites.com 2014