MOO-cows Mailing List Archive
[Prev][Next][Index][Thread]
Re: Logging and Security Hole.
-
Date: Tue, 30 Jan 1996 08:43:49 PST
-
From: "Seth I. Rich" <sir@po.cwru.edu>
-
Content-Type: text/plain; charset="us-ascii"
>Ok, here's the problem, about a month ago we had a guest log in and using
>a loop hole in our Core DB (LambdaCore-1Oct94.db) to get email addresses
>for different players... As far a I can tell we have no players from this
>site that the guest logged in from. Is this a known loop-hole with a
>patch or just some guy who happened to know a few players from other
>sites and thier email makeing me paranoid.. He said it was an easy fix
>but didn't give us any more info than that.. I have no clue how he did
>it, but would like to know..
Uh. I would like to know as well. Do you have any information, any
evidence (any reason to believe this is a true claim he made)?
> Secondly, I'd like a way to log all commands that a grey listed site
>issues into the server log.. I think all I have to do is modify the
>$command_utils:do_huh, but I think that this would be a nice addition to
>the next LambdaCore. Since Greylisting is suppose to be a warning of
>problems, have it log all commands from those sites.. Comments Welcome.
Put it in #0:do_command.
Seth
---------------------------------------------------------------------------
Seth I. Rich - sir@po.cwru.edu no, no quote.
Rabbits on walls, no problem. it's far too cold.
Home |
Subject Index |
Thread Index