How many times did we all hear the story from one of our friends:
"Yeah man, I go away for a weekend, I come back, and my char is gone."
I thought about this a while back, and I figured a measure could be taken to prevent (not 100%) some of the character hacking.
1. Install an email system upon char creation, whereas anyone in new character generation *must* enter their email address.
2. Upon logging in your char, whether it be reconnecting a linkdead connection, or from renting/camping, the machine does a DNS/site comparison and if there isn't a match, the system sends an email directly to the address listed, informing the player by giving them the DNS of whomever logged in their char.
3. This, in essence, could be flagged so that the gods could see this as well and perhaps intervene, *plus* the player could report it as well if it occurred during say...late at night.
I know it won't prevent *all* hacking, if the person comes from the same school or ISP, but it could prevent a great deal of it in the future.
If any of you godly folks wanna pick my brain on this a little more, feel free to email me at yasdenvassant@hotmail.com.
Just my two cents,
Yas
Anti-Hacking Measurements
Was never a problem for me, and I suspect as a well-known name Mplor might have been a target. It always seemed that when someone got 'hacked' it was because they gave out their password, or their home machine was set to auto-log them on, allowing a 'friend' to see the password in the script. I honestly have never heard of a single case of packet sniffing or other actual case of 'hacking' a pw.
As someone who is specializing in Cryptology, I can safely say that, while well intentioned, your idea will not work for the following reasons:
1) Trouble with site comparisons: lets say that you resove all incomming IP Addresses into their respective domains, choping off the least significant so that the person can change IP addresses on the same network. Now lets say that I log on from my home computer (running mindspring) and from two different school computers (which are each on their own LAN). I will be *bombarded* by email and have to deal with the admins regularly. Since I am logging in from the school networks, further, the most likely people to hack the account ARE ON MY NETWORK.
2) IF the person *constantly* comes from the same ISP it *might* prevent something. More likely, however, is that someone hacks the account from somewhere else, says that they are using a different network (perhaps they are logging in from a friends house?) when queried about it by the admins.
This would not even provide the additional ability to catch hackers over what good server logs would provide. The cost to privacy is just too much for how little benefit we would get from it.
A better method of catching hackers would be to either 1) require/allow ssh as a login shell and/or 2) filter out bad passwords using a library and keep them hashed on the handdrive using SSHA
1) Trouble with site comparisons: lets say that you resove all incomming IP Addresses into their respective domains, choping off the least significant so that the person can change IP addresses on the same network. Now lets say that I log on from my home computer (running mindspring) and from two different school computers (which are each on their own LAN). I will be *bombarded* by email and have to deal with the admins regularly. Since I am logging in from the school networks, further, the most likely people to hack the account ARE ON MY NETWORK.
2) IF the person *constantly* comes from the same ISP it *might* prevent something. More likely, however, is that someone hacks the account from somewhere else, says that they are using a different network (perhaps they are logging in from a friends house?) when queried about it by the admins.
This would not even provide the additional ability to catch hackers over what good server logs would provide. The cost to privacy is just too much for how little benefit we would get from it.
A better method of catching hackers would be to either 1) require/allow ssh as a login shell and/or 2) filter out bad passwords using a library and keep them hashed on the handdrive using SSHA
I was "hacked" once, but that was a simple case of using a friend's comp to logon and them checking the command history for my password. I've never heard of nor been seriously hacked before (my friend was spending a bit of my cash, but I smacked him around and managed to get the cash back in return for the goods he bought from another player).
The big problem I see with having people register and then logging their IP's and doing comparisons at logon is that I can't play from anywhere but home. Pfah. Forget that Just use common sense, make your password good and don't give it out or be very careful if you use it on other computers (read: I learned my lesson .
Harthorm/Twiblin
[This message has been edited by Harthorm (edited 02-06-2001).]
The big problem I see with having people register and then logging their IP's and doing comparisons at logon is that I can't play from anywhere but home. Pfah. Forget that Just use common sense, make your password good and don't give it out or be very careful if you use it on other computers (read: I learned my lesson .
Harthorm/Twiblin
[This message has been edited by Harthorm (edited 02-06-2001).]
Who is online
Users browsing this forum: No registered users and 22 guests