Thank you (everyone who replied) for sharing your knowledge.
I am lucky enough to have this hosted somewhere else and the account has
been deleted and re-made all passwords have been changed, we are still checking code and found a few things so far. I have already delt with him changing the password to ssh and ftp and deleting the game. I guess the guy forgot to think about backup, the mud was only down for an hour.
The systems admin for this hosting company is well aware of the issue and watching closely, actually he was quite the trooper through all of this and took action very quickly to get everything back to normal, restoring the code from 24 hours previous. What is irking me while I go line by line through the code adding in new things at the same time looking for shady code, is if he really had time to code in some sophisticated back door why would he delete the code ?
apex.lazernet.com 6969
On Mon, 28 Oct 2002 21:07:49 -0800
Mythran <kip_potter@HOTMAIL.COM> wrote:
> >
> > Just check this one carefully, as there are a lot of legitimate uses of
> > this in a mud, not stock, but I can think of uses. So just carefully
> > check any calls to these VERY carefully.
> >
> > > Check for ipc/shared memory use:
> > > egrep -i '(mmap|shm...|sem...|shmdt|msg...) *\(' *.[ch] |less
> >
> > This would be an absolute giveaway. There's, as far as I can think of
> > but might be wrong, absolutely no use for this in a mud.
> >
> > > Check for listeners/sockets other than the main port
> > > egrep -i '(bind|listen|connect|sendmsg|recvmsg) *\(' *.[ch] |less
> >
> > connect() would be an absolute giveaway, since a daemon shouldn't be
> > calling anyone (unless you have my metaserver patch, or I think the i3c
> > package connects() as well.)
> >
> > >13. Check 'command_interpreter' of act.wizard.c
> > Also, check for anything that contains GET_ID/GET_IDNUM. He could've
> > easily added something that checks for another imp's ID and runs some
> > command to either reinstate his char, randomly mess up someone's char,
> > or an endless list of other things. This could possibly show up a LOT
> > of lines, and be tedious to check them, but it's still necessary so
> > check all of 'em.
> >
> >
> > -me
> >
>
> And if you have absolutely no idea what the above says, reformat, reinstall,
> start from scratch, and there ya have it :P
>
> Mythran
>
> --
> +---------------------------------------------------------------+
> | FAQ: http://qsilver.queensu.ca/~fletchra/Circle/list-faq.html |
> | Archives: http://post.queensu.ca/listserv/wwwarch/circle.html |
> | Newbie List: http://groups.yahoo.com/group/circle-newbies/ |
> +---------------------------------------------------------------+
>
--
+---------------------------------------------------------------+
| FAQ: http://qsilver.queensu.ca/~fletchra/Circle/list-faq.html |
| Archives: http://post.queensu.ca/listserv/wwwarch/circle.html |
| Newbie List: http://groups.yahoo.com/group/circle-newbies/ |
+---------------------------------------------------------------+
This archive was generated by hypermail 2b30 : 06/25/03 PDT