MOO-cows Mailing List Archive


Re: Logging and Security Hole.

>Ok, here's the problem, about a month ago we had a guest log in and using 
>a loop hole in our Core DB (LambdaCore-1Oct94.db) to get email addresses 
>for different players... As far a I can tell we have no players from this 
>site that the guest logged in from.  Is this a known loop-hole with a 
>patch or just some guy who happened to know a few players from other 
>sites and thier email makeing me paranoid..  He said it was an easy fix 
>but didn't give us any more info than that..  I have no clue how he did 
>it, but would like to know..  

Uh.  I would like to know as well.  Do you have any information, any
evidence (any reason to believe this is a true claim he made)?

>  Secondly, I'd like a way to log all commands that a grey listed site 
>issues into the server log.. I think all I have to do is modify the 
>$command_utils:do_huh, but I think that this would be a nice addition to 
>the next LambdaCore.  Since Greylisting is suppose to be a warning of 
>problems, have it log all commands from those sites..  Comments Welcome.

Put it in #0:do_command.

Seth I. Rich -                         no, no quote.
Rabbits on walls, no problem.                          it's far too cold.

Home | Subject Index | Thread Index