Register forum user name Search FAQ

Gammon Forum

Notice: Any messages purporting to come from this site telling you that your password has expired, or that you need to verify your details, confirm your email, resolve issues, making threats, or asking for money, are spam. We do not email users with any such messages. If you have lost your password you can obtain a new one by using the password reset link.

Due to spam on this forum, all posts now need moderator approval.

 Entire forum ➜ MUDs ➜ General ➜ Umm hackers

Umm hackers

It is now over 60 days since the last post. This thread is closed.     Refresh page


Posted by Daryis   (8 posts)  Bio
Date Mon 19 Feb 2007 01:00 PM (UTC)
Message
Hey all now I have another question. Is it possible for others to when they connect to me hack into my server? And from there hack into other ppl that might be playing? I am asking these questions for personal saftey.
Top

Posted by Zeno   USA  (2,871 posts)  Bio
Date Reply #1 on Mon 19 Feb 2007 01:24 PM (UTC)
Message
You can't really hack a MUD character. What someone could do though, is hack the server to get into it and mess around with pfiles or code. As long as your server is secure and you use a strong password, you shouldn't worry.

Zeno McDohl,
Owner of Bleached InuYasha Galaxy
http://www.biyg.org
Top

Posted by Jon Lambert   USA  (26 posts)  Bio
Date Reply #2 on Mon 19 Feb 2007 02:59 PM (UTC)

Amended on Mon 19 Feb 2007 03:00 PM (UTC) by Jon Lambert

Message
Yes. It's rather easy to hack into many mud servers. That's why you never want to run your mud under root permissions. If it's your server, run the mud under a very restrictive uid/gid.
Top

Posted by Nick Gammon   Australia  (23,133 posts)  Bio   Forum Administrator
Date Reply #3 on Mon 19 Feb 2007 08:06 PM (UTC)
Message
Since your potential hackers know your IP address, all they have to do is try to telnet to your server and guess your administration password. Many people choose poor passwords, and can be subjected to a "dictionary attack".

That is, if your password is in a dictionary, you have trouble straight away.

A strong password would be long and random. MUSHclient has a "generate unique ID" function on its Edit menu, it generates a string like this:


8d1f03b11526594ed3fb15d4


This is different every time you use it, and is unlikely to be in a dictionary.

A handy utility for storing passwords is PasswordSafe, see this web site:

http://passwordsafe.sourceforge.net/

This free program lets you store your important passwords into a single file, which itself is password protected with strong encryption. That way you only need to remember one password (and anyone breaking into it needs to access your file in the first place), and then keeping long random passwords for your web sites is much easier.

- Nick Gammon

www.gammon.com.au, www.mushclient.com
Top

The dates and times for posts above are shown in Universal Co-ordinated Time (UTC).

To show them in your local time you can join the forum, and then set the 'time correction' field in your profile to the number of hours difference between your location and UTC time.


13,496 views.

It is now over 60 days since the last post. This thread is closed.     Refresh page

Go to topic:           Search the forum


[Go to top] top

Information and images on this site are licensed under the Creative Commons Attribution 3.0 Australia License unless stated otherwise.