Graal Forums - Server Security and You

Graal Forums (https://forums.graalonline.com/forums/index.php)

- PlayerWorlds Main Forum (https://forums.graalonline.com/forums/forumdisplay.php?f=15)

- - Server Security and You (https://forums.graalonline.com/forums/showthread.php?t=68948)

Server Security and You

A lot of problems have been popping up lately, dealing with the hijacking of staff members' accounts.
Someone with malicious intent could log one of your staff's accounts and ask for their IP to be updated.
Do you take precautions to verify that the person asking for the IP change is who you think they are? No, very few (if any) people do.

To prevent giving RC access to hijackers, follow these steps to ensure the person on the account is who you think they are:

Compare their old IP(s) to their new IP using a who-is tool such as ARIN WHOIS. If the ISP has suddenly changed or teleported across the country, something is probably wrong.
Compare their computer ID to their old computer ID. There's no way to see previous computer IDs they logged on with, so it's a good idea to list their regular computer ID somewhere such as comments.
Talk to them and ask questions only they would know. If their typing seems to be strange (i.e. someone who normally uses punctuation and grammar not using it) or they can't answer your questions, it should be obvious they aren't the account's owner.

If you check all of these things over and something is wrong, inquire about it.
For example: if their ISP doesn't match, ask questions such as why they changed ISPs and what their old ISP was.

If you follow these steps to verify the person, your server should stay safe from account hijackers.

I hqve a feeling that this wont work out

Hmm.. Is this actually Yen? I've never heard him talk so much ****.. :\

I like it, nice Yen :}

Yeah, no offence to anyone on Era though but all I had to do was ask if they
could add my computer ID (I was on mom's computer) to the list and they did
it without question ;o

this is a good idea.

Quote:

Originally Posted by Jackel9 (Post 1222028)

I hqve a feeling that this wont work out

It's actually a very intelligent idea and something nice to write and it should help out alot of people if they pay attention and use their brains. Alot of things you say irritate the **** out of me. :mad:

Quote:

Originally Posted by Yen (Post 1221996)

Compare their old IP(s) to their new IP using a who-is tool such as ARIN WHOIS. If the ISP has suddenly changed or teleported across the country, something is probably wrong.
Compare their computer ID to their old computer ID. There's no way to see previous computer IDs they logged on with, so it's a good idea to list their regular computer ID somewhere such as comments.
Talk to them and ask questions only they would know. If their typing seems to be strange (i.e. someone who normally uses punctuation and grammar not using it) or they can't answer your questions, it should be obvious they aren't the account's owner.

This is something that has been preached in graal for year on in that always was denied and made playerworlds more vital to those hackers waiting for the right opportunity. In any case if they lack the interest to keep there playerworld secured its there own blame for the inconsistency of there own arrogance.

Quote:

Originally Posted by Jackel9 (Post 1222028)

I hqve a feeling that this wont work out

You don't even know what he said. You just randomly typed LOL IT WUN WORK because you don't understand it.

There's nothing in that post that needs to "work out". It's common sense stuff that staff should use to prevent hijackings and such.

:noob: :noob: :noob: :noob: :noob: