|
About
Palace security and Fears
Opening your own Palace can expose you to multiple dangers that may impair
your project. If you keep it private, your risks are minimal but the day you
go public it becomes a whole new ball game. I will explain some potential
hazards and suggest simple solutions to better protect your Palace server. I
can’t make any warranties that this will cover every aspect of Palace
security because there are no ways to be perfectly shielded against malicious
attacks.
Setting
protection on your computer
You cannot aspire to gain traffic if no one knows where to find you.
Unfortunately by advertising yourself, you are exposing the location of your
system to everyone. If you are using a hosting service, it is their
responsibility to protect your account against attacks from the outside world.
Be sure that such protection is included in your service contract and that
they take appropriate measures to enforce it. Once you have been provided with
the right tools, you are responsible for the administration and operation of
your own Palace. If you are hosting yourself then you should consider a
firewall. The specifics of firewalls are beyond the scope of this article.
However, if you want to know more read “Firewall
and Proxy Server HOWTO”. Any protection comes with a certain cost and
may affect the general performance of your computer but it is better than
waking up in the morning with a freshly reformatted hard drive.
Be
careful with your inner organization
Manage
those you select
Hackers
do not always perform Palace damage. It is more often the result of a lack of
Palace ownership “hygiene”. Borg flooders, ban jumpers and social misfits
are wrongly called hackers even if they never cause any real damages that
proper Palace maintenance can’t prevent. They can be very difficult to get
rid of and trying to deal with them can be nerve cracking. But they are more a
social problem than a real security issue.
Getting
organize
As soon as traffic starts to pick up, most Palace owners will build a team to
help them in the administration and surveillance of their server. If some
collect operators (wizards) like baby spoons, others are careful in their
selections and for good reasons. Appointing anyone as a wizard involves a
privilege access to commands that can prove very damaging for your precious
pat file. The latest version of the Palace server running on Linux gives you
the opportunity to confine your wizards to some selected commands. To see the
ranking of the commands just use `showranks where 0 = guest, 1 = member, 2 =
wizard and 3 = god. You can learn more about the setrank command by consulting
the Palace online help by typing `help `setrank. Also, It would be a good
practice to use the password lock in all the rooms where important scripts are
installed.
Password mishandling has
been involved in the destruction of many Palaces in the past. Only the owners
should transmit any password and it should never be done in public where
misleading identities can be so easily used. If you are running your server
under Linux, it is a very good idea to install, or ask your hosting service to
install, the gatekeeper or hostkeeper
plugins. It will help you to manage your staff list by restricting password
privilege to those who are listed, diminishing the consequences of password
being transmitted to the wrong hands. Unfortunately, at the time of
publishing, no such plugin was available for the Mac and the Windows versions
of the server.
Carefully
choosing scripts
Once we feel that we are
secure enough, we tend to play some magic tricks to impress the crowd. Most
Palaces offer the allscray-scripting feature to move guests around, send them
to rooms or other Palaces. It can be fun to use for those who share that kind
of humor, it can be useful sometimes in helping others and it can turn a
Palace owner into a puppet against his own server. In the last year, allscray
usefulness has diminish because of the wide distribution of anti-allscray
borgs. Allscray was designed to work only for users wearing the exclusive
wizard’s star and should remain that way. If you have to keep allscray at
your Palace, you should take some easy measures to prevent any improper use.
Every owners or gods should be protected with an anti-allscray script in their
borg. They are available everywhere and some can be turn on and off at will.
To provide an overall protection at your Palace without adding anti-allscray
in all your staff’s borgs, you should had a look at Allscray
Security Fix and apply the simple but
efficient solutions that are suggested.
Tempering with scripts, your own or borrowed, can be very tricky and open some
dangerous doors since it can put you into deep trouble. Any measures intended
to manage and control guests on your Palace will have the same effect on you
if you don’t embed exceptions for gods and wizards. It makes you wonder how
many Palace owners have sent by their staff to “kids nation” (giggles).
Improving
your overall protection
Legends
or proven facts?
It’s always been the fear
of all Palace owners that someday some uncontrollable beast would destroy
their home. I used to laugh at all those ICQ messages telling the tales of
their sightings and the damages they have caused. From a definition point of
view, the
so-called hacker is more likely to be writing computer programs for
enjoyment instead of performing illegal acts. If crackers would be the right
way to call them, the name got confused in the Internet legend and hacker is
now used indifferently. Legends or proven facts, they are to be taken
seriously and simple measures can help you to prevent some unpleasant
experiences.
A
world without the benefits of plugins
For owners running their servers under Windows or Mac Os, you have to be aware
that you are pretty much on your own since there is no more support available
from Communities.com. Therefore, you will need to detect all the suspicious
behaviors that are associated with troublemakers and act upon them as swiftly
as you can. There is no written rule against the login from non-designated
dropzones and the command to achieve it is simple and well explained in the
Palace user guide. However, for most Palace owners, entering in such a manner
is considered as a possible attack and apply immediate ban on anyone doing so.
Restricting borg use in public rooms may help to prevent intensive borg users
to lag your guests off. It is to the owners to determine what is acceptable on
their Palaces and to act accordingly. If no plugins are available, some
scripts are easy enough to find and will offer some protections.
Plugins
for the Linux Palace server
For owners running their Palace on Linux, some help is available to manage
Palace security in the form of plugins. However, everyone seems to have his
own recipe of combine plugins and settings making the whole issue a lot more
confusing than it should be. For clarity purposes, lets talk about the tree
main plugins available for the Linux Palace server.
GateKeeper Server plugin, and its sibling hostkeeper, as I mentioned earlier
is designed to block the access to the owner and operator privileges to those
who haven’t been designated.
Plugall Server plugin is useful to limit the number of events a user can cause
and reduce the actions of flooders and borg abusers. The parameters that are
controlled are the following; prop
drop, spoofing, chat (whispered or to the whole room), repeated chat
(whispered, to the whole room, and duplicate `page), room messages, face /
color changing, movement, sliding, spotstate changing. All of the above can be
limited or totally stopped by setting the right parameters in a configuration
file. It may require some skills from the owners and you should make sure.
Sound Limit Plugin’s main purpose is to put limits to the use of sound
commands that might cause certain clients to crash.
Of course there is a lot more Palace security issues than those mentioned
here. It is obvious that in the near future we will see more people causing a
lot more damages for no valuable reason. Our hope lies in the hands of a few
brave plugin developers left on Palace.
~=MOON=~
Many thanks to
maart and Glide for their inputs and to ~=Anick=~, Karen, =Sa7ra= and Lynley
from The Midnight Rambler for their help and support.
Originally
publish at The Palace Planet.
HOME
|