Restrict your ClientRC NOW

Inverness · #1 06-12-2007, 06:23 AM

Put in Server Options:

PHP Code:


			
restrictclientrctoweapons=comma seperated list of weapon names

Example:

PHP Code:


			
restrictclientrctoweapons=ClientRC,System

This is how its set on Aeon and I absolutely never give anyone access to those weapons.

If you pay attention to updates you people would know this, stop getting hacked by noob script kiddies, jeeze >_>.

Edit: And another thing, if you have access to the admin account of your playerworld and do not know how to access the admin panel, freaking find out right now.

Twinny · #2 06-12-2007, 08:24 AM

I warned people so long ago but no-one listened

http://forums.graalonline.com/forums...ad.php?t=72431

For a while, only -Playerlist could access clientrc. Which effectively nullified it :P

Pimmeh · #3 06-12-2007, 08:37 AM

WHy not make that option default?
Nudge @ stefan

Ohnstad · #4 06-12-2007, 08:41 AM

*knows a way to work around this*

tatata do what you will.

Inverness · #5 06-13-2007, 03:43 AM

Quote:

Originally Posted by Ohnstad

*knows a way to work around this*

tatata do what you will.

Of course that what you'd want us to believe.

Twinny · #6 06-13-2007, 06:25 AM

Another lovely thing: don't give your NPC-Server rw */* rights! Just letting peeps steal/delete whatever npc-server can access.

coreys · #7 06-13-2007, 07:05 AM

Quote:

Originally Posted by Twinny

Another lovely thing: don't give your NPC-Server rw */* rights!

haha

Pimmeh · #8 06-13-2007, 08:32 AM

Why would one give the NPC server rw */*?
Complete useless! Its not like the NPC server does anything with it...

Inverness · #9 06-14-2007, 05:20 AM

Quote:

Originally Posted by Pimmeh

Why would one give the NPC server rw */*?
Complete useless! Its not like the NPC server does anything with it...

Shows how much you know.

coreys · #10 06-14-2007, 07:39 AM

Quote:

Originally Posted by Inverness

Shows how much you know.

Yes, because the NPC server is secretly a real player! ;o

I kid with you, Inver, you know I'm not that stupid

Twinny · #11 06-14-2007, 09:37 AM

You should learn more about NPC-Server. It needs rights to access/write to files on the server. I currently have:

PHP Code:


			
rw mudlib/*

rw mudlib/*/*

Although it will soon be r only. Basically, before you can load files into your scripts: you need to give NPC-Server rights to the files you wish it to access.

Inverness · #12 06-15-2007, 02:31 AM

Stefan's brain had too much coding information in it, so we had to cut parts of it out to prevent his head from exploding. This is how the NPC-Servers were born.

coreys · #13 06-15-2007, 06:07 AM

Quote:

Originally Posted by Inverness

Stefan's brain had too much coding information in it, so we had to cut parts of it out to prevent his head from exploding. This is how the NPC-Servers were born.

True story, I was there.

NicoX · #14 06-15-2007, 02:17 PM

Well yeah because of that **** Esteria got hacked yesterday too
Fortunately I have backups so it is not really bad just need a High Admin to restore my Server and so on.....But it is annoying really
Just little 13 years old kids are messing with graal because they dont get love in reality
Nubs

Crow · #15 06-15-2007, 02:32 PM

Hah, Nico...Angelu told me about it, and I want to tell you some things too.
First, it was most likely your fault. Why? Because you hired him, so Esteria would be done faster. You didnt even know him I guess.
Second, thats not really "hacking". Its just a large abuse of Graal.
And last, those guys are not 13 year old, and they are also not "nubs". You cant look at some tutorial and BAM destroy a server. Such things require lots of skills, you know.

NicoX · #16 06-15-2007, 02:35 PM

Yeah I hired him but how I know that he is that hacker guy ??

He wanted to apply as NAT and I said okay I didnt thought about it but whatever it happens
I know it was not hacking they just updated scripts which I saw and then got disconnected
Well we have backups so it is not that bad..Just loosing time
Well I shut down Esteria I just need FULL RC rights again so I can restore it myself nothing more...

bscharff · #17 06-16-2007, 12:29 AM

yeah... This is the exact bug that hackers or exploiters used to destroy Element/Playerworld141 (Same Thing)
Luckily, I Had Backups :P

zokemon · #18 06-16-2007, 12:38 AM

Quote:

Originally Posted by bscharff

yeah... This is the exact bug that hackers or exploiters used to destroy Element/Playerworld141 (Same Thing)
Luckily, I Had Backups :P

Element? That server died when Slash disappeared ever so long ago...
Unless you are talking about that "Elemental Kingdoms" server.

Admins · #19 06-17-2007, 04:52 PM

The restrictclientrctoweapons option has been modified now to only allow -ScriptedRC when it is empty / not set.

Crono · #20 06-17-2007, 05:04 PM

Quote:

Originally Posted by zokemon

Element? That server died when Slash disappeared ever so long ago...
Unless you are talking about that "Elemental Kingdoms" server.

heh...

Little does the world know, Outlaw was working on a server called "Element" back in 2001. Got my first LAT position on it, we almost got a dev server too!

coreys · #21 06-17-2007, 07:40 PM

Quote:

Originally Posted by Stefan

The restrictclientrctoweapons option has been modified now to only allow -ScriptedRC when it is empty / not set.

yay, go you

trevor987 · #22 06-20-2007, 04:49 AM

Client RC IS NOT SECURE EVEN WHEN RESTRICTED.

Somehow someone who didn't even have NC access but did have Client RC managed to have the admin client RC account give him level 4, so he changed admin account pass, etc. Yeah...

CLIENT RC IS NOT SECURE EVEN WHEN RESTRICTED.

Inverness · #23 06-20-2007, 05:33 AM

If ClientRC is so insecure then just delete it and live with regular RC. If you don't have windows, sucks for you then, you're not worth the insecurities.

Infernix · #24 06-20-2007, 05:49 AM

Quote:

Originally Posted by Inverness

If ClientRC is so insecure then just delete it and live with regular RC. If you don't have windows, sucks for you then, you're not worth the insecurities.

WOOOOORRRRRRRRRDDDDDD, thx you for saying that before I did.

Skyld · #25 06-20-2007, 09:12 AM

Quote:

Originally Posted by Inverness

If ClientRC is so insecure then just delete it and live with regular RC. If you don't have windows, sucks for you then, you're not worth the insecurities.

Touchy!

coreys · #26 06-20-2007, 09:41 AM

Quote:

Originally Posted by Skyld

Touchy!

He's got a good point, though.
ClientRC is so silly anyways, there isn't much need for it. I mean, sure it's kinda convenient, but I'll always prefer the good ol' remotecontrol.exe

Twinny · #27 06-20-2007, 10:21 AM

Quote:

Originally Posted by coreys

but I'll always prefer the good ol' remotecontrol.exe

Which isn't available on Mac. Which is why Skyld made his version clientrc.

Pimmeh · #28 06-20-2007, 10:22 AM

I dont have ClientRC because I have no idea how I can activate it....and now I restricted it to -playerlist

If only my server would be online....argh

coreys · #29 06-20-2007, 10:57 PM

Quote:

Originally Posted by Twinny

Which isn't available on Mac. Which is why Skyld made his version clientrc.

Maybe Skyld should smack around Stefan until he makes one, then? :O Just a though

Inverness · #30 06-21-2007, 04:22 AM

Quote:

Originally Posted by Twinny

Which isn't available on Mac. Which is why Skyld made his version clientrc.

Like I said, if you have a Mac you chose to be in the minority. Either get Windows or suck it up, I'm not going to allow a security risk just because you want to use a Mac. "You" being any Mac user that brings up this argument, not you Twinny, unless thats your argument too

Twinny · #31 06-24-2007, 05:33 AM

Another handy idea!

PHP Code:


			
public function destroy()
  echo("Nice try, nubcakes");

Overrides the default destroy() command where it's added so anti-graals fool can't delete/destroy your NPC from other NPCs. Just add it to anything serverside.

Now, if Stefan added my protected variables idea, all NPCs variables could be set to private by default. This would save objects from accessing/writing to remote objects variables.

zokemon · #32 06-25-2007, 10:40 PM

Quote:

Originally Posted by Twinny

Another handy idea!

PHP Code:


			
public function destroy()

  echo("Nice try, nubcakes");

Overrides the default destroy() command where it's added so anti-graals fool can't delete/destroy your NPC from other NPCs. Just add it to anything serverside.

Now, if Stefan added my protected variables idea, all NPCs variables could be set to private by default. This would save objects from accessing/writing to remote objects variables.

Yeah I was thinking about that...
You could just do like:

NPC1:

NPC Code:

function onCreated() {

  public this.myvar = "Hello!";

  NPC2.getMyVar();

  private this.myvar;

  NPC2.getMyVar();

}

NPC2:

NPC Code:

function getMyVar() {

  echo("Test Results: " @ NPC1.myvar);

}

Echoed text:

NPC Code:

Test Results: Hello!

Test Results:

Color coded to show you the format of the code too ;P
(You would use public and private much like you use new, if, else, while, do, etc.)