05-18-2003, 07:28 PM
|
|
Ex-Graal Global
|
 |
Join Date: Oct 2001
Location: England
Posts: 10,892
|
|
Level Four RC
|
This is a note to every manager. And anyone who works on a PlayerWorld. Level Four RC should be for Managers and maybe Co-Managers only. No staff member other than managers should have Level Four. Its a security risk. And a foolish thing to do. The reason I have posted this now and not with the full security document is that I have recently found out that one PlayerWorld has about 6-10 Level Four RCs when it doesn't have more than 2 Managers. For the moment I'd like for all PWs to have sound rights, IP ranges and active small staff teams (Not like 20 on RC at a time) So.....
I'd like all Managers to go through every staff member they have working for them (List in the 'Staff=' server option) and check all of the rights and take away any rights that shouldn't be there. We all know staff want high rights to feel important and needed on a PW, but unless that right is needed or vital for the day-to-day work on the PW then there is no need for the staff member to have this right, it only creates security risks or problems in the future. While you are looking through the staff= please make sure everyone who is in that list is still active and works for you. While you do this also please add IP ranges. I have made a document about security which AfterShock has and he was doing something with it, so I wont post that all just yet.
Creating an IP range:
There are many ways to get your IP, such as IRC chat, AIM, tools and programs which display it etc... For dial-up users your IP endings will change, but the start should stay the same, or only have 2-3 startings. Once you have found a way to get your IP address, you need to write down all the IPs you have. Ideally you should get about 15-20. Note: IP Changes when Dial-Up users connect to their ISP servers. And it sometimes changed for always on connections, but you can get an IP range.
Lets say I have the following IPs (Which i do not}
64.124.42.44
64.124.88.52
64.74.963.25
64.123.67.32
78.642.96.34 [The first thing to do is put them in numerical order, so 64.*.*.* > 78.*.*.*]
78.642.46.34
78.642.45.32
64.124.85.32
Once you have put them in order, you need to look at what changes and what doesn't. In this case its the first and some of the second parts of the IP address. Which means this IP range for someone with those IPs would be:
64.124.*.*
64.74.*.*
64.123.*.*
78.642.*.*
Now many people will just do the following: 64.*.*.* (if the other numbers seem to change alot) Idealy if you can have a tighter IP range such as: 64.124.*.* then it will be more secure. The reason I suggest multiple recordings of IPs is to get the full range of what your IP could be. Ideally you should take IPs over 2-3days so that it is a greater IP range. REMEMBER: You can always edit or change the IP range, but you can't always get back the Levels and NPCs deleted by an intruder.
I will speak to AfterShock to see if its okay to post the whole document |
__________________
--Spark911
|
|
|
|
Threaded Mode