MOO-cows Mailing List Archive


Logging and Security Hole.

Ok, here's the problem, about a month ago we had a guest log in and using 
a loop hole in our Core DB (LambdaCore-1Oct94.db) to get email addresses 
for different players... As far a I can tell we have no players from this 
site that the guest logged in from.  Is this a known loop-hole with a 
patch or just some guy who happened to know a few players from other 
sites and thier email makeing me paranoid..  He said it was an easy fix 
but didn't give us any more info than that..  I have no clue how he did 
it, but would like to know..  

  Secondly, I'd like a way to log all commands that a grey listed site 
issues into the server log.. I think all I have to do is modify the 
$command_utils:do_huh, but I think that this would be a nice addition to 
the next LambdaCore.  Since Greylisting is suppose to be a warning of 
problems, have it log all commands from those sites..  Comments Welcome.

In Him, for Him
        Night Stalker          |  telnet 7777
          Tory Moo             |
           KD4MZU              |  email:


Home | Subject Index | Thread Index