If someone stole my player password, the worst thing that could possibly happen is my character gets denied / banned.

If someone stole my Immortals password and I didn't realize it within a few seconds, they could do a lot of harm in a hurry.

In general, I'd rather someone mess with my character on a MUD I play than with the players on the MUD I admin.

If uselessly changing the subject to an irrelevant and also useless topic is something you think is praiseworthy, then, uh, more power to you? :stare: :wink:

But any harm that is done in a hurry, can be undone in a hurry, too. Also, this all hinges on the assumption that an in-game admin character even has the power to do a lot of harm. On my game, my admin character has very limited power. About the most damaging thing someone would be able to do with my admin character is screw with some areas, and that would take more time and effort than it would take me to just restore them from a backup.

Aside from causing damage to areas, my (level 60) character would be able to do irreversible harm to players. It would take me hours to undo a bunch of random mass slaying, setting, loading, banning, stringing, etc. It wouldn't be the end of the world, but someone could easily rack up hours of work for me.

To be responsible, I'd never log on my Immortal under circumstances I don't have enough control over.

That said, we're talking about a situation where the MUD in question had a decent player base and very few people to help clean up from issues like these.

Irreversible? In what manner is anything irreversible, unless you're referring to psychological harm? Also, you're saying it would take you a longer amount of time to undo than the amount of time it took to do? That's absolute insanity!

Umm, isn't it enough to simply accept that some people don't care about their imms being logged into by strange people, and some people do care a lot? I'd have thought it kind of obvious that different MUDs let admins do different things, some of which are a lot more painful to fix than others. :shrug:

I would definitely care if my admin character was logged into by a strange person. It would bother me immeasurably. That's not the point, though. I'm only arguing the inconvenience factor (in terms of time it takes to correct damage caused) for having a player character hijacked versus having an admin character hijacked. My argument for player character hijackings being more inconvenient is based on a simple assumption: the admin character has shell access (where a different password is used), and any power the admin character has in-game is necessarily less powerful than what is available via shell access.

An additional point - maybe I'm failing to account for the time window that the hijacking is noticed within. If it took awhile (more than an hour?) to detect that the admin character had been hijacked and damage had been caused, then I agree it could be very, very serious (players quitting and never coming back?). I guess I made the possibly invalid assumption that every other MU* admin stays glued to his or her game 24 hours a day like I do with mine. Or maybe I just have no life?

All I'm trying to say is that you can't estimate how much damage can be done in x minutes on somebody else's MUD unless you know what kind of commands are available to admins on that MUD. Maybe you don't care too much because damage is easy to reverse for your game (because as you have said the admin commands are somewhat limited), but I don't understand why you think everybody else would have the same opinion given that many of us are likely to have our own set of administrative commands.

I am very familiar with a couple of codebases. If I were
inclined to harm, I would need less than one minute to
do damage so serious it required a full restore from backup.

I think I'd mention, though, that password theft for the
purpose of vandalism is not what I would be trying to
prevent with the disclosure I requested.

-Crat
http://lpmuds.net

PS I'm not sure whether it would hurt more to be trampled
by a horse or a camel. I think a camel would be smellier
and grosser, but a horse with those hooves could
break the skin more easily. Then again, camels are
heavier. It's very hard to say, really.

The real lesson to be learned here:

Keep backups of active production games. Don't be like most computer users and put off doing this for months or years at a time. Password gets stolen? No problem. Shut down, restore backup, change password, start up. If you're diligent enough, costs you maybe a week? A day if you're truly serious about backups?

I'm not basing my argument on commands available. I'm thinking about it at the lowest level. Let's say that an admin character can affect one of two things: world elements and player elements. Let's also say you keep sufficient logs of admin commands used and keep daily backups of world elements. Any damage done to world elements can be restored by backup. Damage to player elements would likely be confined to players who were online at the time of the hijacking. Let's say this is 100 players (a generous number). You start by isolating the affected players and read the log to see what damage was caused. You look for a pattern. There are some basic tenets of attacker psychology that you can go by. If the attacker wanted to maximize damage per unit of time, the commands used would likely have been scripted. This would result in a uniform pattern of damage that can be uniformly undone by another script. If the attacker caused damage randomly, the amount of damage done would be minimized. In this case, the time requirement for repairing the damage would be maximized, but should still be proportional to the time it took to cause the damage. This argument is not limited specifically to MU*s. It applies to any system. It's covered in Intrusion Detection and Response within the field of Information Security. This is part of my graduate work in Computer Science.

Backups are great, but even with daily backups, players may lose a lot of experience, gold, items, or progress in general depending on the timing. Of course when I ran my MUD, we kept backups.

Nonetheless, if somebody says, "Asy, someone logged on an Immortal and purged half my eq, slayed me, and booted me from my cabal." (which takes a few seconds), it's going to take me quite a few minutes to verify that is true, figure out what exactly happened (do I take their word for it they had the uber sword of slaying 29 minutes ago?), and correct all the affects of that slay.

After doing a bit of research, I would have to type in a number of commands in the MUD as well as tweak some values in their pfile as well. Even if you're right, I bet between researching the problem, fixing it, and handling the PR with my playerbase, I've invested more time than the "attacker".

Even an Imp can't screw things up as bad as Crat described on my old MUD (though I can see how that's possible, if certain kinds of commands existed), I can say beyond doubt that a malicious user could cause me to spend far more time fixing their actions than it took them to do them.

I don't necessarily think that would ever happen, but I'd rather be safe than sorry.

No, this is not true. You are assuming that commands have an equal and opposite "anti-command", or that there is some kind of perfect audit trail of all changes. How do you "undelete" a character whose pfile has been wiped from the disk? You have to go to backups. But what do you do with the progress the player made in between the backup and the incident? I don't think that saying "too bad" would be very acceptable to the player. Losing players on an active game would be some of the worst damage that could be done.

Regardless, I still think it's silly to tell people that they shouldn't be unhappy about the time it would take to fix a security breach in their game. In the end of the day, the level of tolerance people have for somebody getting inappropriate access will differ from person to person.

That's the purpose of having the admin command logs.



I'll concede my point on time to fix damage vs. time to cause damage if you're factoring in PR. Player-types are so needy (at least the ones on my game are). I almost forgot about that…

Can we end the argument now? I'm getting too worked up over this. It's not good for my stress level!

There's a big difference between knowing that something happened and being able to undo all of its consequences…


I'm all for ending this argument :tongue:

Urge…to…counter…points…high… *twitches*



Yep… let's just end the argument here.

Surely Gents, its simply good manners that if you're going to offer a service and allow players to connect to a mud from your site. That you tell them they're not connecting directly.

As has been said, not everyone knows what a proxy is nor do they know the fallibility of the telnet protocol.. After all not all users.. and more specificaly the END USER thats being aimed at with such a website. The novice. The Newbie.