In my eyes, the only way to REALY keep your system secure is to not allow access to it. You can specify who has telnet access to your system by editing the /etc/host.deny and /etc/hosts.allow -Roger On Mon, 24 Feb 1997, Gary Barnett wrote: > I'm not sure this is on-topic.. yet I think maybe it can squeak by. If > you feel it is off-topic enough to flame, flame away (to me, not the > list, please) > > I had a fun day today. Someone managed to hack into my mud server and > wreak havoc on the filesystem. (Thank God for backups) Amazing what > Linux does when it lacks the /bin /etc /var and /usr dirs. > > Nothing was lost except my time. (The intruder tripped over a security > measure I had, so they only had root access for maybe a minute. Long > enough to mess up the filesystem, but not long enough to sniff a bunch > of packets or the like -- which my ISP was quite happy to hear I must > say.) Interestingly enough it doesn't seem they were after the mud's > code or a password file.. they just wanted to trash the machine. > > I write this hoping someone can share some jewels of wisdom. or failing > that, maybe a few words about how I'm not an idiot for spending my time > running a mud. :-) > > My questions: > > 1) What do you do about Gods that get themselves kicked off your mud and > decide revenge upon the server is the way to go? I am 90% sure that this > attack was by a former God on the mud (at least the log that I recovered > by using a sector editor seems to support the theory -- the site being > the same.) The reason this God was asked to leave is another story.. one > that I would be happy to relate.. but isn't germane to this post. > > 2) What OS do you use? Do you consider it to be secure? I am currently > considering BSDi and Solaris.. It seems fairly obvious to me that > I'm not willing to spend the time it takes to keep a Linux system secure. > At least the emperical evidence shows that to be true. :-) > > 3) Of the people on the list who have had security breakins.. what have > you done to stop the attacks? (what do you do to stop the people from > knocking on the door all the time? or.. what do you drink to stop you > from caring that the barbarians are at the gate?) > > Thanks in advance for your time. > > --Mallory -- Imp of AntaresMUD (down for an OS replacement.. > if you hadn't guessed) > > > > +-----------------------------------------------------------+ > | Ensure that you have read the CircleMUD Mailing List FAQ: | > | http://cspo.queensu.ca/~fletcher/Circle/list_faq.html | > | Or send 'info circle' to majordomo@cspo.queensu.ca | > +-----------------------------------------------------------+ > +-----------------------------------------------------------+ | Ensure that you have read the CircleMUD Mailing List FAQ: | | http://cspo.queensu.ca/~fletcher/Circle/list_faq.html | | Or send 'info circle' to majordomo@cspo.queensu.ca | +-----------------------------------------------------------+
This archive was generated by hypermail 2b30 : 12/18/00 PST