Security

 
Post new topic   Reply to topic    mudlab.org Forum Index -> Coding
View previous topic :: View next topic  
Author Message
Gromble



Joined: 08 Oct 2005
Posts: 23

PostPosted: Fri Nov 11, 2005 8:29 pm    Post subject: Security Reply with quote

I'm in the process of coding this up, and given that it's a ubiquitous requirement, was wondering if there are better ways than how I'm approaching it. I plan to have support for...

a) ban host(s) completely
b) lock host(s) so no new accounts can be created from them
c) freeze account so it can not be accessed
d) secure account so it can only be accessed from specified host(s)

Wildcarding of host address or name is supported, so for example, all AOL users could be affected could be affected by a or b (networking style permit/deny ACLs may be useful here). Doing c will probably lead to doing b if the user is persistent.

None of this is new, except maybe mechanism d. Are there additional mechanisms you've seen servers employ? I did see the snippet in the code vault for handling proxies.
Back to top
View user's profile Send private message
Author Message
Greggen



Joined: 16 May 2005
Posts: 36

PostPosted: Sat Nov 12, 2005 11:37 am    Post subject: Reply with quote

I presume you're talking about methods for dealing with griefers in game and not securing your box from hackers etc. I think if you ban griefers outright, they usually find ways around it until they get bored of annoying you. I find it helps to be a little creative.

Some methods I intend on using are:


  • 'Ban' users without telling them immediately they have been banned. The more you waste their time, the quicker they get bored. I do this by cutting them off from in-game communication and not allowing them to interact with the world at all.

    The creative bit is not letting them know I've done this. They get the same messages they would normally get e.g. typing 'say blah' would show 'you say blah', but other players would not see it.

  • A 'contagious ban'. Logging in on a tainted IP taints the account you used and vice-versa. Annoys people using proxies until they figure it out.

  • Misinformation. If a tainted account is used by a new IP, for example, I could tell the user 'Proxies are not allowed' when they try to log in. They may think the code is able to detect proxies and give up. If they haven't used a proxy they will probably just ignore it.
Back to top
View user's profile Send private message Send e-mail Visit poster's website MSN Messenger
Author Message
ravuya



Joined: 09 Jan 2006
Posts: 1
Location: Canada

PostPosted: Mon Jan 09, 2006 3:48 am    Post subject: Reply with quote

I've found a lot of people using "dupe account" warnings, and I think the "contagious bans" idea is also a good one. Depending on your level of security, I've also seen some rather paranoid logging systems (allowing admins to "roll back" scammed users and discover who started a money train, for example).

It might also be prudent to add whois and reverse-lookup functionality so you can identify problem users by something more memorable than an IP address (this, of course, doesn't matter if you're around a decent *nix prompt all day).
Back to top
View user's profile Send private message Visit poster's website AIM Address Yahoo Messenger MSN Messenger
Display posts from previous:   
Post new topic   Reply to topic    mudlab.org Forum Index -> Coding All times are GMT
Page 1 of 1

 
Jump to:  
You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot vote in polls in this forum

Powered by phpBB © 2001, 2002 phpBB Group
BBTech Template by © 2003-04 MDesign