Griefer issue...

classic Classic list List threaded Threaded
9 messages Options
Reply | Threaded
Open this post in threaded view
|

Griefer issue...

opensiminfo
I see there has been a post about this issue before. My post here is two fold..   One is to apologize to the grids that have been victim to this and to request that other grids do not restrict hypergrid access from my grid.. Also to start a discussion about steps to prevent this in the future..   I have been notified yesterday and this morning I have a griefer registering on the Virtual Realms Grid then going to other grids to grieve them..  I have take steps to ensure this does not happen anymore..  I have restricted new user creations to administrative approval till we have sort out a good practical preventive measure on this type of abuse. And would like to extend an apology to any grid that have been a victim to this by any of the grids users..  I will be looking at ways to prevent this from happening in the future..  To this end any suggestions to help grids prevent this from happening would be welcomed..

Thank you,
Todd Davis
Grid Administrator
Virtual Realms Grid..

_______________________________________________
Opensim-users mailing list
[hidden email]
https://lists.berlios.de/mailman/listinfo/opensim-users
Reply | Threaded
Open this post in threaded view
|

Re: Griefer issue...

Sarge Misfit
Other than banning by IP or MAC address, I don't know.

On Mon, Feb 25, 2013 at 7:51 AM, <[hidden email]> wrote:
I see there has been a post about this issue before. My post here is two fold..   One is to apologize to the grids that have been victim to this and to request that other grids do not restrict hypergrid access from my grid.. Also to start a discussion about steps to prevent this in the future..   I have been notified yesterday and this morning I have a griefer registering on the Virtual Realms Grid then going to other grids to grieve them..  I have take steps to ensure this does not happen anymore..  I have restricted new user creations to administrative approval till we have sort out a good practical preventive measure on this type of abuse. And would like to extend an apology to any grid that have been a victim to this by any of the grids users..  I will be looking at ways to prevent this from happening in the future..  To this end any suggestions to help grids prevent this from happening would be welcomed..

Thank you,
Todd Davis
Grid Administrator
Virtual Realms Grid..

_______________________________________________
Opensim-users mailing list
[hidden email]
https://lists.berlios.de/mailman/listinfo/opensim-users


_______________________________________________
Opensim-users mailing list
[hidden email]
https://lists.berlios.de/mailman/listinfo/opensim-users
Reply | Threaded
Open this post in threaded view
|

Re: Griefer issue...

justincc
Yeah, I think like websites the only thing you can ultimately do is ban by IP for a period.  Otherwise, they could
always just create a new account, change their MAC address, etc.  Of course, they can change their IP too but this is
the most hassle.

On 25/02/13 17:51, Sarge Misfit wrote:

> Other than banning by IP or MAC address, I don't know.
>
> On Mon, Feb 25, 2013 at 7:51 AM, <[hidden email] <mailto:[hidden email]>> wrote:
>
>     I see there has been a post about this issue before. My post here is two fold..   One is to apologize to the grids
>     that have been victim to this and to request that other grids do not restrict hypergrid access from my grid.. Also
>     to start a discussion about steps to prevent this in the future..   I have been notified yesterday and this morning
>     I have a griefer registering on the Virtual Realms Grid then going to other grids to grieve them..  I have take
>     steps to ensure this does not happen anymore..  I have restricted new user creations to administrative approval till
>     we have sort out a good practical preventive measure on this type of abuse. And would like to extend an apology to
>     any grid that have been a victim to this by any of the grids users..  I will be looking at ways to prevent this from
>     happening in the future..  To this end any suggestions to help grids prevent this from happening would be welcomed..
>
>     Thank you,
>     Todd Davis
>     Grid Administrator
>     Virtual Realms Grid..
>
>     _______________________________________________
>     Opensim-users mailing list
>     [hidden email] <mailto:[hidden email]>
>     https://lists.berlios.de/mailman/listinfo/opensim-users
>
>
>
>
> _______________________________________________
> Opensim-users mailing list
> [hidden email]
> https://lists.berlios.de/mailman/listinfo/opensim-users
>


--
Justin Clark-Casey (justincc)
OSVW Consulting
http://justincc.org
http://twitter.com/justincc
_______________________________________________
Opensim-users mailing list
[hidden email]
https://lists.berlios.de/mailman/listinfo/opensim-users
Reply | Threaded
Open this post in threaded view
|

Re: Griefer issue...

John Sheridan
I believe the viewer also adds in a third safe guard in combination with
IP / MAC address.  Long ago while tinkering around with the viewer
logins I remember seeing mentions of an ID0 floating around thats sent
to the login service as part of the login data packet.  If I understood
correctly, this is supposedly the UUID of the user's first hard drive -
which in fact cannot be changed without physically replacing the drive
itself (see http://wiki.secondlife.com/wiki/Current_login_protocols).


On 02/25/2013 06:18 PM, Justin Clark-Casey wrote:

> Yeah, I think like websites the only thing you can ultimately do is
> ban by IP for a period.  Otherwise, they could always just create a
> new account, change their MAC address, etc.  Of course, they can
> change their IP too but this is the most hassle.
>
> On 25/02/13 17:51, Sarge Misfit wrote:
>> Other than banning by IP or MAC address, I don't know.
>>
>> On Mon, Feb 25, 2013 at 7:51 AM, <[hidden email]
>> <mailto:[hidden email]>> wrote:
>>
>>     I see there has been a post about this issue before. My post here
>> is two fold..   One is to apologize to the grids
>>     that have been victim to this and to request that other grids do
>> not restrict hypergrid access from my grid.. Also
>>     to start a discussion about steps to prevent this in the
>> future..   I have been notified yesterday and this morning
>>     I have a griefer registering on the Virtual Realms Grid then
>> going to other grids to grieve them..  I have take
>>     steps to ensure this does not happen anymore..  I have restricted
>> new user creations to administrative approval till
>>     we have sort out a good practical preventive measure on this type
>> of abuse. And would like to extend an apology to
>>     any grid that have been a victim to this by any of the grids
>> users..  I will be looking at ways to prevent this from
>>     happening in the future..  To this end any suggestions to help
>> grids prevent this from happening would be welcomed..
>>
>>     Thank you,
>>     Todd Davis
>>     Grid Administrator
>>     Virtual Realms Grid..
>>
>>     _______________________________________________
>>     Opensim-users mailing list
>>     [hidden email]
>> <mailto:[hidden email]>
>>     https://lists.berlios.de/mailman/listinfo/opensim-users
>>
>>
>>
>>
>> _______________________________________________
>> Opensim-users mailing list
>> [hidden email]
>> https://lists.berlios.de/mailman/listinfo/opensim-users
>>
>
>

_______________________________________________
Opensim-users mailing list
[hidden email]
https://lists.berlios.de/mailman/listinfo/opensim-users
Reply | Threaded
Open this post in threaded view
|

Re: Griefer issue...

Trinity
the hard drive data can be changed as well especially in linux


On Mon, Feb 25, 2013 at 7:10 PM, John Sheridan <[hidden email]> wrote:
I believe the viewer also adds in a third safe guard in combination with IP / MAC address.  Long ago while tinkering around with the viewer logins I remember seeing mentions of an ID0 floating around thats sent to the login service as part of the login data packet.  If I understood correctly, this is supposedly the UUID of the user's first hard drive - which in fact cannot be changed without physically replacing the drive itself (see http://wiki.secondlife.com/wiki/Current_login_protocols).



On 02/25/2013 06:18 PM, Justin Clark-Casey wrote:
Yeah, I think like websites the only thing you can ultimately do is ban by IP for a period.  Otherwise, they could always just create a new account, change their MAC address, etc.  Of course, they can change their IP too but this is the most hassle.

On 25/02/13 17:51, Sarge Misfit wrote:
Other than banning by IP or MAC address, I don't know.

On Mon, Feb 25, 2013 at 7:51 AM, <[hidden email] <mailto:[hidden email]>> wrote:

    I see there has been a post about this issue before. My post here is two fold..   One is to apologize to the grids
    that have been victim to this and to request that other grids do not restrict hypergrid access from my grid.. Also
    to start a discussion about steps to prevent this in the future..   I have been notified yesterday and this morning
    I have a griefer registering on the Virtual Realms Grid then going to other grids to grieve them..  I have take
    steps to ensure this does not happen anymore..  I have restricted new user creations to administrative approval till
    we have sort out a good practical preventive measure on this type of abuse. And would like to extend an apology to
    any grid that have been a victim to this by any of the grids users..  I will be looking at ways to prevent this from
    happening in the future..  To this end any suggestions to help grids prevent this from happening would be welcomed..

    Thank you,
    Todd Davis
    Grid Administrator
    Virtual Realms Grid..

    _______________________________________________
    Opensim-users mailing list
    [hidden email] <mailto:[hidden email]>
    https://lists.berlios.de/mailman/listinfo/opensim-users




_______________________________________________
Opensim-users mailing list
[hidden email]
https://lists.berlios.de/mailman/listinfo/opensim-users




_______________________________________________
Opensim-users mailing list
[hidden email]
https://lists.berlios.de/mailman/listinfo/opensim-users


_______________________________________________
Opensim-users mailing list
[hidden email]
https://lists.berlios.de/mailman/listinfo/opensim-users
Reply | Threaded
Open this post in threaded view
|

Re: Griefer issue...

John Sheridan
Without mucking up your file systems and destroying your operating system install? 

On 02/25/2013 08:45 PM, Trinity wrote:
the hard drive data can be changed as well especially in linux


On Mon, Feb 25, 2013 at 7:10 PM, John Sheridan <[hidden email]> wrote:
I believe the viewer also adds in a third safe guard in combination with IP / MAC address.  Long ago while tinkering around with the viewer logins I remember seeing mentions of an ID0 floating around thats sent to the login service as part of the login data packet.  If I understood correctly, this is supposedly the UUID of the user's first hard drive - which in fact cannot be changed without physically replacing the drive itself (see http://wiki.secondlife.com/wiki/Current_login_protocols).



On 02/25/2013 06:18 PM, Justin Clark-Casey wrote:
Yeah, I think like websites the only thing you can ultimately do is ban by IP for a period.  Otherwise, they could always just create a new account, change their MAC address, etc.  Of course, they can change their IP too but this is the most hassle.

On 25/02/13 17:51, Sarge Misfit wrote:
Other than banning by IP or MAC address, I don't know.

On Mon, Feb 25, 2013 at 7:51 AM, <[hidden email] <mailto:[hidden email]>> wrote:

    I see there has been a post about this issue before. My post here is two fold..   One is to apologize to the grids
    that have been victim to this and to request that other grids do not restrict hypergrid access from my grid.. Also
    to start a discussion about steps to prevent this in the future..   I have been notified yesterday and this morning
    I have a griefer registering on the Virtual Realms Grid then going to other grids to grieve them..  I have take
    steps to ensure this does not happen anymore..  I have restricted new user creations to administrative approval till
    we have sort out a good practical preventive measure on this type of abuse. And would like to extend an apology to
    any grid that have been a victim to this by any of the grids users..  I will be looking at ways to prevent this from
    happening in the future..  To this end any suggestions to help grids prevent this from happening would be welcomed..

    Thank you,
    Todd Davis
    Grid Administrator
    Virtual Realms Grid..

    _______________________________________________
    Opensim-users mailing list
    [hidden email] <mailto:[hidden email]>
    https://lists.berlios.de/mailman/listinfo/opensim-users




_______________________________________________
Opensim-users mailing list
[hidden email]
https://lists.berlios.de/mailman/listinfo/opensim-users




_______________________________________________
Opensim-users mailing list
[hidden email]
https://lists.berlios.de/mailman/listinfo/opensim-users



_______________________________________________
Opensim-users mailing list
[hidden email]
https://lists.berlios.de/mailman/listinfo/opensim-users


_______________________________________________
Opensim-users mailing list
[hidden email]
https://lists.berlios.de/mailman/listinfo/opensim-users
Reply | Threaded
Open this post in threaded view
|

Re: Griefer issue...

Dahlia Trimble
In reply to this post by John Sheridan
the viewer could send a false uuid in place of the hard drive uuid without necessarily modifying the hard drive

On Mon, Feb 25, 2013 at 5:10 PM, John Sheridan <[hidden email]> wrote:
I believe the viewer also adds in a third safe guard in combination with IP / MAC address.  Long ago while tinkering around with the viewer logins I remember seeing mentions of an ID0 floating around thats sent to the login service as part of the login data packet.  If I understood correctly, this is supposedly the UUID of the user's first hard drive - which in fact cannot be changed without physically replacing the drive itself (see http://wiki.secondlife.com/wiki/Current_login_protocols).



On 02/25/2013 06:18 PM, Justin Clark-Casey wrote:
Yeah, I think like websites the only thing you can ultimately do is ban by IP for a period.  Otherwise, they could always just create a new account, change their MAC address, etc.  Of course, they can change their IP too but this is the most hassle.

On 25/02/13 17:51, Sarge Misfit wrote:
Other than banning by IP or MAC address, I don't know.

On Mon, Feb 25, 2013 at 7:51 AM, <[hidden email] <mailto:[hidden email]>> wrote:

    I see there has been a post about this issue before. My post here is two fold..   One is to apologize to the grids
    that have been victim to this and to request that other grids do not restrict hypergrid access from my grid.. Also
    to start a discussion about steps to prevent this in the future..   I have been notified yesterday and this morning
    I have a griefer registering on the Virtual Realms Grid then going to other grids to grieve them..  I have take
    steps to ensure this does not happen anymore..  I have restricted new user creations to administrative approval till
    we have sort out a good practical preventive measure on this type of abuse. And would like to extend an apology to
    any grid that have been a victim to this by any of the grids users..  I will be looking at ways to prevent this from
    happening in the future..  To this end any suggestions to help grids prevent this from happening would be welcomed..

    Thank you,
    Todd Davis
    Grid Administrator
    Virtual Realms Grid..

    _______________________________________________
    Opensim-users mailing list
    [hidden email] <mailto:[hidden email]>
    https://lists.berlios.de/mailman/listinfo/opensim-users




_______________________________________________
Opensim-users mailing list
[hidden email]
https://lists.berlios.de/mailman/listinfo/opensim-users




_______________________________________________
Opensim-users mailing list
[hidden email]
https://lists.berlios.de/mailman/listinfo/opensim-users


_______________________________________________
Opensim-users mailing list
[hidden email]
https://lists.berlios.de/mailman/listinfo/opensim-users
Reply | Threaded
Open this post in threaded view
|

Re: Griefer issue...

John Sheridan
Well, it was worth a try.  Although I'd think that at least in the case of low level trouble makers and script kiddies some combination of blocking IP, MAC, and ID0 should be enough to keep them out.  Besides, if anything its really just another tool at our disposal to make it at least a little bit more difficult for them to get in.  :)
On 02/25/2013 09:16 PM, Dahlia Trimble wrote:
the viewer could send a false uuid in place of the hard drive uuid without necessarily modifying the hard drive

On Mon, Feb 25, 2013 at 5:10 PM, John Sheridan <[hidden email]> wrote:
I believe the viewer also adds in a third safe guard in combination with IP / MAC address.  Long ago while tinkering around with the viewer logins I remember seeing mentions of an ID0 floating around thats sent to the login service as part of the login data packet.  If I understood correctly, this is supposedly the UUID of the user's first hard drive - which in fact cannot be changed without physically replacing the drive itself (see http://wiki.secondlife.com/wiki/Current_login_protocols).



On 02/25/2013 06:18 PM, Justin Clark-Casey wrote:
Yeah, I think like websites the only thing you can ultimately do is ban by IP for a period.  Otherwise, they could always just create a new account, change their MAC address, etc.  Of course, they can change their IP too but this is the most hassle.

On 25/02/13 17:51, Sarge Misfit wrote:
Other than banning by IP or MAC address, I don't know.

On Mon, Feb 25, 2013 at 7:51 AM, <[hidden email] <mailto:[hidden email]>> wrote:

    I see there has been a post about this issue before. My post here is two fold..   One is to apologize to the grids
    that have been victim to this and to request that other grids do not restrict hypergrid access from my grid.. Also
    to start a discussion about steps to prevent this in the future..   I have been notified yesterday and this morning
    I have a griefer registering on the Virtual Realms Grid then going to other grids to grieve them..  I have take
    steps to ensure this does not happen anymore..  I have restricted new user creations to administrative approval till
    we have sort out a good practical preventive measure on this type of abuse. And would like to extend an apology to
    any grid that have been a victim to this by any of the grids users..  I will be looking at ways to prevent this from
    happening in the future..  To this end any suggestions to help grids prevent this from happening would be welcomed..

    Thank you,
    Todd Davis
    Grid Administrator
    Virtual Realms Grid..

    _______________________________________________
    Opensim-users mailing list
    [hidden email] <mailto:[hidden email]>
    https://lists.berlios.de/mailman/listinfo/opensim-users




_______________________________________________
Opensim-users mailing list
[hidden email]
https://lists.berlios.de/mailman/listinfo/opensim-users




_______________________________________________
Opensim-users mailing list
[hidden email]
https://lists.berlios.de/mailman/listinfo/opensim-users



_______________________________________________
Opensim-users mailing list
[hidden email]
https://lists.berlios.de/mailman/listinfo/opensim-users


_______________________________________________
Opensim-users mailing list
[hidden email]
https://lists.berlios.de/mailman/listinfo/opensim-users
Reply | Threaded
Open this post in threaded view
|

Re: Griefer issue...

Mike Chase
In reply to this post by John Sheridan

Or you can simply turn off hypergrid.  It’s pretty much insecure by design.

 

Mike

 

 

From: [hidden email] [mailto:[hidden email]] On Behalf Of John Sheridan
Sent: Monday, February 25, 2013 9:06 PM
To: [hidden email]
Subject: Re: [Opensim-users] Griefer issue...

 

Without mucking up your file systems and destroying your operating system install? 

On 02/25/2013 08:45 PM, Trinity wrote:

the hard drive data can be changed as well especially in linux

 

On Mon, Feb 25, 2013 at 7:10 PM, John Sheridan <[hidden email]> wrote:

I believe the viewer also adds in a third safe guard in combination with IP / MAC address.  Long ago while tinkering around with the viewer logins I remember seeing mentions of an ID0 floating around thats sent to the login service as part of the login data packet.  If I understood correctly, this is supposedly the UUID of the user's first hard drive - which in fact cannot be changed without physically replacing the drive itself (see http://wiki.secondlife.com/wiki/Current_login_protocols).




On 02/25/2013 06:18 PM, Justin Clark-Casey wrote:

Yeah, I think like websites the only thing you can ultimately do is ban by IP for a period.  Otherwise, they could always just create a new account, change their MAC address, etc.  Of course, they can change their IP too but this is the most hassle.

On 25/02/13 17:51, Sarge Misfit wrote:

Other than banning by IP or MAC address, I don't know.

On Mon, Feb 25, 2013 at 7:51 AM, <[hidden email] <mailto:[hidden email]>> wrote:

    I see there has been a post about this issue before. My post here is two fold..   One is to apologize to the grids
    that have been victim to this and to request that other grids do not restrict hypergrid access from my grid.. Also
    to start a discussion about steps to prevent this in the future..   I have been notified yesterday and this morning
    I have a griefer registering on the Virtual Realms Grid then going to other grids to grieve them..  I have take
    steps to ensure this does not happen anymore..  I have restricted new user creations to administrative approval till
    we have sort out a good practical preventive measure on this type of abuse. And would like to extend an apology to
    any grid that have been a victim to this by any of the grids users..  I will be looking at ways to prevent this from
    happening in the future..  To this end any suggestions to help grids prevent this from happening would be welcomed..

    Thank you,
    Todd Davis
    Grid Administrator
    Virtual Realms Grid..

    _______________________________________________
    Opensim-users mailing list
    [hidden email] <mailto:[hidden email]>
    https://lists.berlios.de/mailman/listinfo/opensim-users




_______________________________________________
Opensim-users mailing list
[hidden email]
https://lists.berlios.de/mailman/listinfo/opensim-users

 


_______________________________________________
Opensim-users mailing list
[hidden email]
https://lists.berlios.de/mailman/listinfo/opensim-users

 




_______________________________________________
Opensim-users mailing list
[hidden email]
https://lists.berlios.de/mailman/listinfo/opensim-users

 


_______________________________________________
Opensim-users mailing list
[hidden email]
https://lists.berlios.de/mailman/listinfo/opensim-users