Playerworld Security Report (Winter '04) *Please Read*
 

Last report: [Click Here]

Here it is again, some stats on how many insecure RCs were in the staff= serveroptions on the Graal playerworlds, until they were removed.

Like last time I've been server hoping and removing those bad RCs with an IP range of *.*.*.*. Since the last time I have seen a considerable decrease in the amount of bad doings on playerworlds, due to a general increase in security of playerworlds - preventing some attacks.

There is, however, room for improvement as always. It's good to see it has improved though, and the same amount of servers are basically online, so it's easy to compare last times data to this. So on with the stats and graphs!


1. How many RCs had an IP range of *.*.*.*?
170RCs had an IP range of *.*.*.* compared to 339RCs last time.
This is a good decrease, and hopefully next time it would be nice to see it lower than 100 RCs, as it should be very low as there is no real reason to allow an insecure RC into staff= and leave it there.

2. How many playerworlds were 100% Secure?
By secure, I mean all RCs in staff= had an IP range set.



This is a good increase, however it should be alot more. I am happy to see that most servers had only 1/2 insecure RCs and that it's a few playerworlds that let down the amount of insecure RCs with practically all of them insecure.

3. What level RCs were in the staff= server option with an IP of *.*.*.*?
Number of level4s: 57/170 (33%)
Number of level3s: 26/170 (15%)
Number of level2s: 15/170 (9%)
Number of level1s: 44/170 (26%)
Number of level0s: 28/170 (17%)

Below is a graph to show the general decrease in all the insecure RCs over all the RC levels:


4. Which playerworlds were 100% secure?
Classic playerworlds 100% Secure: 6/9 (66% -30% last time)
Hosted playerworlds 100% Secure: 2/8 (25% - 30% last time)
Other playerworlds 100% Secure: 32/82 (39% - 21% last time)

Okay, enough with the graphics and stats on with the points:

Odd Points:

• NO RC should have an IP range of *.*.*.*
• IP ranges should be checked every so many months, to make sure they are all set

If your a manager:

• Make sure you check the Admin-Playerworld accounts IP range, because this doesn't need to be in staff=, so you may forget it.
• Never add anyone to the staff= serveroption without an IP range, make them give you the IP range first.
• Don't give high rights to new staff.
• Give staff only the rights they need

If your a staff member:

• Check your IP range is always set
• Remind the Manager/Admin to set your IP when they add your RC

Punishments:
1) Those with big RC levels on player accounts, in the Hosted tab, have been removed for up-to 10days.
2) Those with lots of insecure RCs this time, as well as last time will later have their playerworlds disabled for a week.

How to set an IP range: [Click Here]

Thank you.

Wow, you spent a lot of time on that didn't you...

He probably likes Excel

u going to say which playerworlds were secure, which weren't?

lol, I don't think saying which weren't would be so wise. But i'll list those that were later on. Stefan is going to add something that wont allow *.*.*.* anymore, so once that is done i'll say which were secure.

But I won't advertise servers, incase people just add them back without IPs again >_<

Will talk to robert about rewarding those that were secure this time, and were last time too. No real reward can be given to classic, but maybe I can get the control panels finally added :cool:

Spark, you logged on my server and disabled one of my staff's accounts while I was about to change their IP. :whatever:

Bad timing I guess >_<

how many RC's are there total? and can you make a Pie chart of Arkland Empires RC's to total Graal RC's. id like to see that one lol.

What exactly is wrong with an IP range of *.*.*.*? You people seem to make a big deal over it. People buy a server, let them run it the way they want to run it. It is their fault if it gets hacked.

Spark, if you going to remove people from rc who has an ip range like that, then why don't you just manage my server? You seem to of made yourself a "Global Manager" ... "Global Owner" in some cases.

Its a waste of our time when we have to run around and get backups, restore it to the owner, clear up all the crap left behind by an attack etc...

When it could not happen at all. Eitherway it will be stopped fully in a week or two, as you wont be able to set, or log on with an RC with a range of *.*.*.*

lol nice graphics spark xD
some highstaff deleted the ip range of one of my staffs donno why, i warned him x-x now we are off hosted lol whatever xD

Wow - Instead of "Wasting your time", just draw up a new agreement by the buyer that all takeovers of a server is their fault and nothing will be backed up to them if something happens due to a bad IP range. If the server is "hacked" just whipe all the data from the server and give rights back only to the adminplayerworld account thingy.

It's hard to be secure when the password changer is broken...:whatever:

Yup.

Clearly removing loads of insecure RCs, clearly showing a decrease in playerworld attacks since it was first done, clearly showing that more people are setting the ranges, clearly showing less people are giving level4s away isn't a waste of time.

And no, if you read the post you'd clearly understand that I have got Stefan to now not allow *.*.*.* anymore, which is clearly more secure and useful than any clear agreement that could be written that people would clearly not follow.

and in the event that a server gets taken over, it an be publicly viewed and, depending on what the hackers do, there could be some illegal content or worse...SWEAR WORDS MADE OUT OF TILES!!! *GASP!!!!* it just makes Graal Online look bad.

Spark is the Global Playerworld Admin, so yeah, that is part of his job security. And the big deal is when these servers get hit they take out sometimes the ones on the computer with them. So just because one idiot manager didn't set an IP or two, you think then the rest of the servers on that computer should suffer? Nah, didn't think so.

Hmm, well the new Gserver prevents the IP range of *.*.*.* - so thread closed.