ThreadBoard ArchivesSite FeaturesActiveworlds SupportHistoric Archives |
new list of stolen object passwords circulating (Community)
new list of stolen object passwords circulating // CommunityxelagMar 13, 2004, 10:18pm
World owners, I just received an email with a list of worlds and
their object passwords, allegedely sent by Chritopher Stevens (a new M A T T?). I have sent the full list to abuse at activeworlds.com, here are the names of the worlds: Mutation AD&DRPG AWTeen America Ashmore England FRANCE! Amigos3 Olympe Tarosaki Legenda brasil3d FemZone Taurius AAWR Russian Spanish Aeon Vega I will only send the details to caretakers who can prove they are such. Alex johnfMar 13, 2004, 10:38pm
xelagMar 13, 2004, 10:48pm
Sorry, John, I will only send details to caretakers.
[View Quote] >Wasn't awteen on the last list - or have they changed since? > >~John > [View Quote] xelagMar 13, 2004, 10:53pm
Let me rephrase: it is only the caretaker's business whether the
password has been changed or not. In the case of another world which appears in both lists, I know that the password had been changed recently, and that the password in the new list is the new one. Alex alexthemartianMar 13, 2004, 11:39pm
why is my name first on the To field O.O "alex at virtual-studios.net"??
[View Quote] > World owners, I just received an email with a list of worlds and > their object passwords, allegedely sent by Chritopher Stevens (a new M > A T T?). I have sent the full list to abuse at activeworlds.com, here > are the names of the worlds: > > Mutation > AD&DRPG > AWTeen > America > Ashmore > England > FRANCE! > Amigos3 > Olympe > Tarosaki > Legenda > brasil3d > FemZone > Taurius > AAWR > Russian > Spanish > Aeon > Vega > > I will only send the details to caretakers who can prove they are > such. > > Alex > alexthemartianMar 13, 2004, 11:51pm
hmm.. you always see them stealing op pws, and rarely you see cit pws or
other pws.. is there a reason why op pws are easier to get? [View Quote] > World owners, I just received an email with a list of worlds and > their object passwords, allegedely sent by Chritopher Stevens (a new M > A T T?). I have sent the full list to abuse at activeworlds.com, here > are the names of the worlds: > > Mutation > AD&DRPG > AWTeen > America > Ashmore > England > FRANCE! > Amigos3 > Olympe > Tarosaki > Legenda > brasil3d > FemZone > Taurius > AAWR > Russian > Spanish > Aeon > Vega > > I will only send the details to caretakers who can prove they are > such. > > Alex > cienaMar 14, 2004, 12:18am
ya i just got the email from this dude too with all the pws to those worlds
.. I have also sent it to Bill [View Quote] lady nighthawkMar 14, 2004, 12:22am
elykMar 14, 2004, 12:40am
I received the email too. Yes, I believe they were on the last list
john, not sure though. And I'm sure everyone has changed their ppws :) [View Quote] > Wasn't awteen on the last list - or have they changed since? > > ~John > [View Quote] lady nighthawkMar 14, 2004, 12:42am
Most everyone wouldn't bother, whatz the point. I am sad tho, seems I didn't
rate to get said email even tho my world is listed ... whatz with that eh? LOL LNH [View Quote] lady nighthawkMar 14, 2004, 12:51am
And ya know what else? How totally lame that they would even bother with a
world so insignifant as mine ... that just cracks me up! I can see if they went after the bigger worlds, lotsa pw'd stuff there probably but my world? sheesh LNH [View Quote] lady murasakiMar 14, 2004, 1:29am
Better protection would be php security scripting for the paths. Even if the
get ahold of the object password it makes it extremely difficult to download files to take advantage of it. CodeWarrior wrote an excellent script for this. [View Quote] lady nighthawkMar 14, 2004, 1:32am
xelagMar 14, 2004, 1:35am
well there are php coded object paths in the list. the point is, php
can only check if the referer (AW browser) is correct... and the referer can be spoofed. On 13 Mar 2004 22:29:46 -0500, "lady murasaki" [View Quote] >Better protection would be php security scripting for the paths. Even if the >get ahold of the object password it makes it extremely difficult to download >files to take advantage of it. CodeWarrior wrote an excellent script for >this. > > [View Quote] lady murasakiMar 14, 2004, 1:40am
http://www.ideajuice.com/ for his website. You'll find an email link there
to get in touch with him. He's created a good working script for our path security and I've been very pleased. [View Quote] jermeMar 14, 2004, 6:22am
What's the big secret? It's not like I didn't get the same e-mail,
probably along with half the other well known names here..... ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Jeremy Booker - Owner / Webmaster JTech Web Systems www.JTechWebSystems.com ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ "Therefore do not worry about tomorrow, for tomorrow will worry about itself. Each day has enough trouble of its own." -Mathew 5:34 [View Quote] wizard myrddinMar 14, 2004, 8:23am
Fully agree with you on your point, I don't even bother passwording objects
as it seem to some easy to get hold of the relevant object password, At the end of the day its only a collection of pixels on a screen and as proberly many of the objects on the relevant paths listed have already been downloaded and opened its like locking the door after the dog has got out. Once a value is placed on objects and pixels it will always attract attention, sadly a problem with life in general, It in comparison to Uniservers, high expense so its attractive to some. Again properly why many "pirated" uniservers are out there running privately, and proberly with many of the objects removed from object paths. Share and Enjoy [View Quote] kfMar 14, 2004, 8:34am
There is no "better" protection, there is only "no" or "little" <g>.
When you pretend to be a AW browser, then you can download like aw browser itself do too. One advanced method would be to have a script checking which persons are present in a world and allow access then only to these specific IPs, but it comes with some disadvantages/inconveniences and would also not offer absolute security (shared OPs, remote linking to websites, proxy useage, etc.). There is always the question whether increased security (for whom?) beats reduced convenience and/or rights (for whom?) and/or only offers a wrong felling of security. [View Quote] kfMar 14, 2004, 8:36am
Passwords (or encryption elements) are relatively easy to obtain when
you have identical data in protected and unprotected files. [View Quote] johnfMar 14, 2004, 9:16am
One method to make that harder would be to have the script connect to a bot
in global mode in the world, which tells the script if an IP is present... though obviously this wouldn't stop people standing about in the world stealing objects.. it would stop others. ~John [View Quote] johnfMar 14, 2004, 9:17am
talianMar 14, 2004, 9:22am
The script by Code Warrior that LM speaks of is not a "multipath" script. It
is more like a folder security script that I think is the best security I have seen so far for path protection. I have done everything I can think of to download LM's objects in testing this script to no avail. If anyone wants to truly protect your custom objects, I highly recommend you talk to Code Warrior and your hoster to have this script installed. [View Quote] talianMar 14, 2004, 9:22am
The script by Code Warrior that LM speaks of is not a "multipath" script. It
is more like a folder security script that I think is the best security I have seen so far for path protection. I have done everything I can think of to download LM's objects in testing this script to no avail. If anyone wants to truly protect your custom objects, I highly recommend you talk to Code Warrior and your hoster to have this script installed. [View Quote] lady nighthawkMar 14, 2004, 10:00am
AWI ... what is so hard about pw protecting an op? Is there no way to
protect items we've paid for? I would think this would be your #1 priority no? I mean the truth is, I already *paid for stuff* and am using it, I've done my part by attempting to pw protect them but truly it's the model/object creators that are getting burned here isn't it? Can't you do something about it? Inquiring minds wanna know... LNH <<< *doesn't get it* johnfMar 14, 2004, 10:20am
Sorry, couldn't resist (:-P):
The script by Code Warrior that LM speaks of is not a "multipath" script. It is more like a folder security script that I think is the best security I have seen so far for path protection. I have done everything I can think of to download LM's objects in testing this script to no avail. If anyone wants to truly protect your custom objects, I highly recommend you talk to Code Warrior and your hoster to have this script installed. [View Quote] cienaMar 14, 2004, 10:21am
what about if everyone on that list that runs a bot in their world get
together and see if there is a common cit thats been in all those worlds. can maybe narrow it down on who it might be. maybe from the last 3 months? or at least the last month. anyone that u dont know that comes in your world. It wont prove who it is but at least be a suspect. Any thoughts on this idea? [View Quote] |