Grids defend themselves against hackers

In light of several griefing incidents on OpenSim grids over the past few days, grid owners are starting to consider taking proactive steps to protect themselves against future attacks.

Multi-grid nuisance

On FleepGrid, a griefer dropped colored spheres all over the grid, which brought down the entire world.

“It’s taken a little time to figure out how to clean everything up since the griefer objects cause the sims to crash after a few minutes,” said Chris Collins, a project manager in Instructional and Research Computing at the University of Cincinnati. Collins, also known as “Fleep Tuque” in-world, is the owner and founder of FleepGrid.

“I use phpMyAdmin to poke around in the Opensim database, so it was easy to go to the ‘useraccounts’ table and look up the UUID for that user and then delete the items from the prims table,” Collins explained in a detailed blog post about cleaning up after the attack.

Griefer spheres on FleepGrid. (Image courtesy Chris Collins.)

According to Kai Ludwig, owner and manager of the Open Neuland grid andCEO of OpenSim hosting company TalentRaspel virtual worlds Ltd., there is a five-step process grid owners — or their hosting companies — should follow if they find themselves in the same situation:

  • stop all regions
  • select UUID of the griefer from the database
  • delete all his prims and primshapes from the database
  • lock his account
  • start all regions

“The above is a fast and easy procedure to fix the problem and completely works around slowed down or crashed regions or having to use autoreturn — which may not fix the problem when regions have high load,” he said. “We had an attack of the griefer in Neuland on April 10 and fixed the problem with the above procedure within minutes after we got aware of it.”

However, Ludwig warned against giving griefers press, since these children are often just seeking attention. “A grid owners-only mailing list would be much better,” he said.

The same griefer hit the Hyperica grid, but fortunately deleting the objects in-world was sufficient.

In both cases, the griefer teleported in from the CyberWrld grid.

“We have been under attack for weeks lately,” CyberWrld grid founder and CEO Timothy Rogers told Hypergrid Business. The grid has since instituted IP bans, eliminated public building everywhere except on sandboxes, turned on email confirmation for new account registrations, and reached out to residents to help them use the estate access lists.

At the DaseinWorld grid, the attack brought it down for ten hours.

“I made DaseinWorld very accessible in the spirit of friendliness and cooperation,”  DaseinWorld founder Alexander Duncan told Hypergrid Business. “So a person opened an account, calling themselves Samantha Stick, with a false email address. They entered the world and proceed to create a fairly large number of self-replicating physical prims, which populated the region and the regions immediately adjacent with tens of thousands of physical prims until the world crashed on my PC. My PC itself was not affected. I had to go in and delete them all using parcel return, which took several hours to do. I also had to disable scripts since they were running hundreds of scripts that also slowed DaseinWorld to a crawl. I was barely able to login, even running it on my computer.”

Since then, Duncan has turned on autoreturn and turned off scripting rights, and will be working on setting up group-based authorization.  Meanwhile, the griefer has returned.

“I don’t understand how he can do those things,” Duncan said. “It allowed him to rez 1,448 physical objects, where the limit per sim is set to ten. And then when I try to use ‘Region/Estate’ or ‘Show’ in ‘About Land’ to remove them, they don’t work. Last time, resetting the autoreturn to one minute worked. This time, it didn’t. This guy knows exactly what vulnerabilities to exploit.”

It’s not just the small startup grids that are affected. Griefers have hit even the largest grids, like OSGrid, as well as mid-sized grids.

The 115-region French-language Logicamp grid has been hit by the same griefer who attacked FleepGrid, CyberWrld, DaseinWorld and Hyperica, said grid founder Didier Preud’homme.

“His attack is not very severe and may be evicted by configuring correctly autoreturn objects on the land properties,” Preud’homme told Hypergrid Business. “But I know that it is not always easy to correctly configure each region, especially when you have a lot of regions. Maybe it would be interesting to ask Justin [Clark-Casey, OpenSim core developer] to adjust the automatic return by default to 5 or 10 minutes for new region creation.”

The same griefer attacked Virtual Worlds Grid, said grid founder Myron Curtis, but in a more insidious way.

“The attack was deployed in regions where building and scripting were available only to administrators,” Curtis told Hypergrid Business. “Another attack seems to have destroyed the links between inventory items and their asset entries in the database, and that has been a nightmare. After almost two months, I am finally getting stable performance, but I have not been able to repair the database without losing a significant amount of work my residents have done. I will get it done, but it is going to be the hard way.”

The commercial social world 3rd Rock Grid has seen three major attacks since 2010. The first was where a group of griefers used open land permissions and an OpenSim exploit to destroy and rearrange objects, and create self-replicating prims, The solution was a combination of IP banning, and restoring regions from backup. The second attack used an unpatched web server vulnerability which brought down a region server. Those regions were moved to another server, everything was reinstalled, and the grid saw no downtime. The third attack was simple, using just self-replicating prims, moves and deletes. The solution was IP bans. In response, 3rd Rock Grid also added the ability to instantly find, kick, ban, or IP ban any user right from the grid dashboard.

Self-defense league

Gudule Lapointe, owner of the Speculoos grid, has proposed creating a multi-grid blacklist service — similar to an anti-virus subscription — that would help grids keep out griefers.

“This is getting really annoying,” Lapointe told Hypergrid Business. He suggested a system under which grid owners could voluntarily get together to create and maintain a list of griefers and their identifying information — and institute a process for getting people taken off the list if they are added inadvertently.

“I just hope we can discuss this rapidly,” he said.

CyberWrld’s Rogers is in favor of a multi-grid effort, as well.

“I think something of this nature is a must at this time,” he said. ” It is really hard for us up and coming grids to deal with this with no knowledge of these people’s origins, or how to protect ourselves from their monstrous attacks on out communities. If we could just have a blacklist or warning list viewable only to grid or standalone owners who want access to it, it would be the best buyable solution we could have till someone creates a better module server side to help.”

Rogers is also working on a project to bring grid owners together, called HG Connection.

“I like the idea of an IP blacklist your could subscribe to, created by a trusted source,” said John Lester, chief learning officer at ReactionGrid, Inc., which runs the ReactionGrid OpenSim grid, and also provides hosting for private-label grids. Lester, who is known as Pathfinder in-world, also recommended turning off open building rights.

A simple IP blacklist might not be enough to defend against some extremely determined attackers, however, said Tho Millgrove, co-owner of 3rd Rock Grid.

“We have used IP blacklisting, but it is of limited value against a determined and savvy attacker,” Millgrove told Hypergrid Business. “A shared blacklist might help a bit, but I don’t see huge value in it, as IP addresses are almost throwaways for some.”

Another approach would be to look for suspicious behaviors, she suggested.

“I do like the concept of intrusion detection, perhaps using some sort of pattern detection heuristic,” she said. “For example, we’ve found that attackers tend to follow similar patterns, such as flying from region to region, selecting everything that’s movable, and tossing it several meters up. So, a tool that could detect edit operations in multiple regions over a short period of time might be useful.”

” Having an intrusion-detection service sounds like a good idea,” added Anthony Gill, founder of the YourSimSpot grid and hosting company. “But it will take some effort to come up with a good one,” , as for IP blacklisting this would just be  a minor annoyance for most and can be easily gotten around.

Instead of a blacklist, another option would be to create a whitelist, said Klaus Klingner, founder of The World of Begabungs educational grid.

“An IP blacklist is a problem,” he told Hypergrid Business. “Quite often the attacking servers are hacked themselves and will only be used for a short moment. Once you blacklist a server the attacker will just jump to another system and resume the attack from there. A white list might work better but requires more effort since systems have to be authorized separately.”

Virtual Worlds Grid’s Curtis said that he’s interested in both vendor-driven and community-driven solutions.

“It would help if there were vendors who were dedicated to developing security systems tailored for virtual worlds,” he said. “But intrusion detection, as it is usually defined, and blacklists would be relatively useless unless they were managed by an AI system that was robust enough to recognize and react to attacks. I do believe that can be built. Most grid owners do share security ideas with each other to a limited extent. Expanding on that would be an excellent idea.”

Until then, grid owners are doing their best to battle the issues on their own.

“For the grid, we do have some self-made protection,” said Taisjan Quintin, technical lead at the Dutch OpenSim hosting and development company Tharidos International. The company also runs the public grid Your Alternative Life. “Our grid also has an IP blacklist, and some other options.”

Quintin added that she was interested in finding out more about the attacks, and in offering help where it is wanted and needed.

At Littlefield Grid, new users are required to register and be approved before they can enter the grid, said founder Walter Balazic. The grid also has IP blocking implemented at the firewall level, he told Hypergrid Business. “It is the most logical alternative for us, and if it enhances the safety and well being of the residents I don’t find why that’s an issue.”

Security checklist

Here’s some advice from 3rd Rock Grid about keeping a virtual world safe:

Protect your web server. That means a firewall and intrusion detection. “No new technology needs to be invented here, but its doubtful many grids use such things.   At 3rd Rock Grid, we do some simple filtering, as well as penetration testing of our web servers.   We see script kiddie penetration attacks multiple times a day. In addition, firewalls that protect web servers can also protect both full grids using ROBUST and mini-grids using WIFI against distributed denial of service attacks.

Protect region servers. Regions communicate in two ways — using standard responses on the main ports, and UDP traffic to the viewers. A web server firewall can protect the first kind of traffic. Protecting the UDP traffic would require a dynamic rate-limiting filter.

Protect content. No parcels should allow public building, except for individual sandboxes, and those sandboxes should be located in separate instances of OpenSim, on isolated regions.  That way, if an attacker hits a sandbox with self-replicated prims, only that one region would be affected.

Set up automated throttling. In the future, OpenSim should add configurable throttling limits — spammers who create large numbers of prims or instant messages using automated tools would see their scripts slow down substantially after they hit a certain point, to keep the region from crashing. Other functions which should be throttled include email, HTTP requests, and similar script commands.

“I think throttling and other control on the individual simulator or grid level does need to improve and patches for that are very welcome,” said OpenSim’s Clark-Casey. “This will probably remain as fairly straightforward stuff. I should think anybody with sophisticated security requirements should look to third party addons or other parts of the network –throttling or blocking on firewalls, etc.”

maria@hypergridbusiness.com'

Maria Korolov

Maria Korolov is editor and publisher of Hypergrid Business. She has been a journalist for more than twenty years and has worked for the Chicago Tribune, Reuters, and Computerworld and has reported from over a dozen countries, including Russia and China.

  • The issue was also discussed today at the OpenSim developers meeting on OSGrid. 

    Chat transcript here:
    http://opensimulator.org/wiki/Chat_log_from_the_meeting_on_2012-04-17 

    • Nathan Adored

      Interesting read there.  The actual discussion on this begins at the 10:53 mark.

    • Nathan Adored

      Interesting read there.  The actual discussion on this begins at the 10:53 mark.

    • Walterbalazic

       As I told you in the e-mail Maria, that’s about the reply I expected from a majority of the community.  Scanning people’s IP’s is something nobody wants.  It’s a giant privacy issue for people.  You can obtain way too much information about people that way that can be used for negative things (stalking, harassment, etc..) that can follow people into RL. 

  • Fred Leftwich

    Too bad Phlox is proprietary :/  I think its design mitigates these type of griefing attacks.

    From: http://inworldztech.com/techblog/
    The design of Phlox separates the runtime state and the compiled
    script code into separate independent pieces. Using a custom built
    virtual machine, we always have everything we need to do a complete
    state save available to us. Even if your script is in an infinite loop
    calling functions we can suspend it at any time and know that the
    current state of the script will be entirely preserved. That makes
    region crossings with active scripts smooth and straightforward. This
    design also enables bytecode sharing, whereby loading the same script 40
    times in 40 separate objects only results in one copy of the script in
    memory.

    The virtual machine also allows us to easily track the amount of
    memory being used by a script, and kill it if it goes over it’s quota
    (currently 32kb). Memory usage for each script is minimized by small
    bytecode since we don’t add features we don’t need. State saves are
    compact and quick.
     

  • Licu Rau

    Hi Maria
    This stupid guy we are talking of is not a hacker, maybe a young boy who
    has no better way to spend his time. He is the same Jack Marioline who
    attacked some grids some months ago. He is from Italy and does not use
    anything to hide his real IP that is always from Vodafone Italia, a mobile
    connection. I think Craft has been the first grid attacked by this
    griefer, always the same method… he rezzes physical balls or moves
    things that have the permission to be moved by all people. We learned soon
    how to defend by this guy, closing all sandboxes in the continent and
    checking the permissions of all objects, he can only rezz in the
    sandbox, that is an island without neighbouring sims around.
    Additionally we have developed our own system for registration, and we
    have put some traps just for him based on a few things we know about him. He registered an avatar called Jackett Marioline just yesterday, but thanks toa filter we have put just for him, he could register but couldn’t enter.
    We have also seen he entered Craft from NewWorld and CyberWrld lately, but
    he didn’t find any place where to rezz things or objects to move.
    Well, as i said, this is not a hacker, against a hacker (or a cracker) who
    is able to hide his IP (using Tor as an example) and who possibly knows
    the openim weaknesses… there is really nothing to do… just understand
    where the opensim weakness was and correct it… and …. make OARs make
    OARs make OARs and make OARs.
    greetings
    Licu Rau (Raffaele Macis)
     

    • Licu Rau

       Thinking better of these attacks, the one who attacks with replicant prims is not Jack Marioline, he is another guy who entered in Craft more than one year ago but didn’t make too bad damages… in the same period he attacked Logicamp… the method is different and a bit more “refined” than Marioline. I have no data about this other guy, he didn’t attack Craft anymore.

    • Licu Rau

       Thinking better of these attacks, the one who attacks with replicant prims is not Jack Marioline, he is another guy who entered in Craft more than one year ago but didn’t make too bad damages… in the same period he attacked Logicamp… the method is different and a bit more “refined” than Marioline. I have no data about this other guy, he didn’t attack Craft anymore.

    •  For what it’s worth I keep everything locked down in my OSgrid sims and a my off-world standalone. I save oars nearly every other day or same day if I have been building stuff. Travelers can visit but can’t rez an object or run a script unless they have been invited to our group.

      This kind of griefer is all too familiar in Second Life too and poses real problems for the many role play sims that need to allow rezzing objects such as bullets and arrows to do damage when genuine RP raiders arrive from others sims. Not being able to allow this wrecks the gaming so the sims owners try to stay on top of the roaming griefer’s.

      It would be helpful if the developers came up with a solution to allow temporary rez and force die so a bullet or arrow could at least hit a target while general building would remain blocked. Additionally, I don’t see why someone who just bought clothes or skin from a vendor can’t wear to an special attachment point designed to allow the box to be opened and content placed in inventory ready to wear as if it had been rezzed in world (no need to rez object on the ground. If fact you can already deal with it in a crude way by wearing the box on the hand, editing and dragging contents from the content tab to a folder in  inventory so why can’t this be formalized in some way.)

      It is very often our needs that give the griefer’s the opening. We want to make it easy for genuine visitors to experience our world and buy from our vendors or play our games. I have long thought that there are ways to do this with out allowing full rezzing or running of scripts. but, you know, developers can be terribly blinkered to real issues. You only have to read the last Open sim developer meeting log to see how Gudule Lapointe tried to get them talking about the issue and all the devs could say is they are apposed to black list. I didn’t see too much there that offered hope that the devs would help much. In fact it was a disappointing read altogether when you learn what they had to say about the Xengine!

      It really needs the developers to come up with bright solutions to the security issues that Opensim faces. All we can do as owners is block access, struggle to make things work under those restrictive circumstances and try to stay on top of the griefer and content thief menace and just hope and pray the dev Gods hear our prayers.

      • The latest version of OpenSim has the ability to add people automatically to a group, via scripting.

        Maybe you can have things set no-rez for the general public, but the minute they buy something (with real money), they get added to a “customer” group that allows them sandbox building rights…. 

        And if they pass some kind of quest test — or a third-party check from a security vendor — or login with Facebook — or do something else that griefers wouldn’t want to do — then they get access to a more high-powered group that allows more rights.

  • Interesting round table about this tricky matter.

    I don’t feel comfy being cited under the title “Self-defence league”. I really don’t call for another justice league, and creating a project that would multiply the powers of a grid owner (by propagating automatically his decisions to other grid) would be quite dangerous.

    On the other side, I think we really need to think about possible solutions to enhance security. Among the 285 current (known) grids, how many did implement some sort of security? How many don’t have the knowledge to implement it? How many did just open the box and push “start”?

    Currently, the typical scheme is to start a grid with all doors wide open and then, later, think about closing some.

    If there was a tool, as easy to install or setup as the OpenSim distribution is, probably a lot of small or starter grid would be safer. If there were some more security tools included in OpenSim core and derivated distributions, they could be set “On” by default, and it would be the grid owner’s choice to open the door wider.

    I don’t know the best solution. I just know several grid suffered same kind of attacks in a row, and they would probably have benefited of some kind of information sharing.

    I was talked about a black list and the first thougth i shared was that it would need “several people of some trusted organizations” to maintain such a list. This is to avoid making each grid owner an über-god.

    And my conclusion was globally “let’s talk together about it”. In half a day, I already heard dozens of points of view, which just proves me that a private initiative in this matter would be the wrong way.

    So, let’s have a meeting about this, see what are the pros and contras, and try to figure if something can be done and how.

  • Silveryon
  • Hi Maria… The best thing a Opensim grid owner can do to help protect themselves.. is to switch to Aurora-Sim. 🙂 
    I know, not what you wanted to hear, but it is much better with security than opensim. 

    While I am sure its not perfect Aurora-Sim has:
    IP/Mac/Viewer banning 
    Secret passwords for a region to talk to the grid server that change ever 24 hours
    It also has things to protect the regions from overbearing scripts that drag a region down (technically it should be impossible to drag a region down with scripts, but I have never tried)
    There is also a protection module built in, which does a lot more, but this is what I can remember off the top of my head
    and Asset write protection (can’t overwrite existing assets)But if things do go wrong theres:
    Auto backups as well of region data
    Auto backups of Assets with Blackhole assets enabled
    With Blackhole assets are stored on the disk drive so you have a MUCH smaller database (100mb for GayNations)
    No being down 8 to 10 hours, take minutes to restore a backup copy database
    command in the region instance to revert back to the last backup
    or manually do it by just copying a small file out of the backup folder and renaming itOne of the biggest advantages I love… With Blackhole assets (Developed by GayNations.org and released to the public in Aurora-sim) you have a tiny backups. Most Opensim database I am sure are anywhere from 10gigs to 100gigs. Which is most likely why that grid was down so long, they were restoring a huge backup. Heck files that large it can take 3 hours just to copy over a backup from another computer.. But with blackhole assets, the database is tiny only 100MB at gaynations, and it takes us minutes to copy from another computer.. and minutes to restore.. not hours… 

    But really, unless something really super bad happens you don’t need to restore an entire database with Aurora-sim… if someone comes and ruins a region, you can just restore it along.. and that really is as simple as copying a file..

  • When I first saw the litter on my Hyperica grid — and the moved-around chairs — I likened it to having to nail down the chairs in a restaurant. I wanted a nice place, where people could move their own chairs around, and the griefer ruined things for everybody.

    But then I rethought this. I’ve worked in restaurants, and, at the end of the day, we put all the chairs away and lock up. If we had left the restaurant’s doors open, and the place unattended, then chances are local kids would have shown up and moved our chairs around, too! 

    So, in the future, when we hold meetings of the Hypergrid Entrepreneur Club, I’ll allow move rights when the group is in session, then shut them off when we leave for the night. If someone shows up and starts causing trouble then — as in real life — I’d just kick them out. 

    Meanwhile, I contacted Crista Lopes — aka Diva Canto — the woman who invented the hypergrid and created the Diva Distro. I asked her what I could do if I wanted to give some people the ability to build on my private mini-grid. My company grid has group supported because it’s professionally hosted, but my personal grid is run on New World Studio (based on the Diva Distro) and groups don’t come standard.

    She said that there’s an option in the latest version of OpenSim — including the latest Diva Distro — that allows you to add individual users to the “Allowed Access List” in the “Land” panel. 

    “There’s absolutely no reason for having open-for-all build areas in these virtual worlds, unless in very constrained situations,” she said.

    For more information, see here: https://lists.berlios.de/pipermail/opensim-dev/2012-March/011046.html

    Finally, I want to add that no security system is perfect. And yes, folks can get around IP bans. But the vast majority of the problems out there are caused by idiots. If these were smart, goal-oriented people, they’d find ways to spend their time constructively — or, at the very least, get paid for their hacking. 

    For a smart grid admin, getting around an IP ban might be trivial. But, say, for me — if I wanted to grief a competing grid (Sanctuary — you think you can put up a hyperport? I’ll show you a hyperport! Bwa ha ha ha!) — I wouldn’t be able to reset my IP address. I don’t know how. And I’m too lazy to Google it (and probably wouldn’t understand the solution if I did). I’d have to drive to Panera Bread. And, frankly, I have a short attention span. I’d probably forget what I was there for. Plus, surfing grids on a Wifi connection is slow! Really, not worth the effort. 

    • SilverDay

      Getting around an IP ban does not require much skill. Basically your internet provider will do it for.All you have know is to disconnect and reconnect your connection, amd often your connection will be reset automatically every 24 hours. With each reconnect you will be assigned an ip adress out of a big pool.

      Thats why I propose a trusted grid infrastrucure, rather than a blacklist ….

      • Jigs

         Thats a ratehr LONG 24 hour wait every time just to reset your ip to do stupid things…

  • We also were hit by this griefer this past Sunday. For approx. one hour we spent removing physical spheres from various regions on the grid as many of our residents had rezzing open to the public. It has since been resolved and this persons account deleted and IP banned.

    As mentioned by one person in your article, blacklisting IP’s is of little value
    as many of these troublesome people are familiar with methods of spoofing IP’s and machine MAC addresses but that is certainly a start. In addition to using an IP blacklist on my regions (Using the IPBan module built into the Opensim software) I also have a mechanism on my web site that reads an IP ban list that I periodically upload to my web server. If your IP is on that ban list, you are unable to create a new account.

    I am very open to the idea of a cross grid collaborative effort to share a global IP blacklist that is updated regularly and distributed by a trusted source.

    I would be very willing to participate in such an effort.

    Thank You,
    Karl Dreyer (Damean Paolino)

  • Deana_Later

    Jack Marioline aka “tossed salad boy” is in fact a teenager from Italy who has been griefing the OSG on and off for a lil over 3 yrs. His modus operandi has usually been attaching multiple prims to a rotation script and leaving them on regions where build IS enabled. Or for social distraction attaching the rotating prims to himself in Lbsa Plaza. While he is a nuisance, he isn’t able to cause any real damage as long as the region owner has responsibly backed up their OARs.
    For those who wish to not have to deal with reloading an OAR, the simple solutions are: 

    Set your region to group only, with enrollment by invitation only enrollment.

    Lock down all items on your region.

    Allow script use and build privileges only to those members of the group who are completely trusted.

    If we have learned nothing else from SL, we should have learned that there will always be attention seeking griefers. How we react to them need not effect the Hyper Grid or intrude on people’s privacy. All we have to do is protect our selves responsibly with the tools already at our disposal.

  • JoJa Dhara

    Indeed a good idea that collective open sim owners would make the
    hackers difficult.

    And we are talking about the hackers with such a silly sport to destroy peoples creation for nothing.

    Honest we most not give them a stage but just a line of “wow.. are
    you proud of youselve now” in sarcastic way.

    Hacking wil always be happening… on the world wide web, in our
    mother earth Second life on our grids etc.

    Other thing indeed is preventing.

    I think it would be a great article and brainstorms about preventing hacking.

    Thks
    to Dreamland where AviWereld has its place there is a simple button
    to make an OAR file.

    A golden tip that also Linda Kellie mentioned on her blog or my former comment maker Licu Rau.. make an OAR file and store it safely.

    Not only for hackers.. it will always remain technic. I mean how
    many times it happens that beautifull things are created like in
    second life and sudden your inventory goes down….

    On the other hand… these distructive hackers I would love to make
    a fool out of them!!

    Yesterday I had a meeting about Next MetaMeets and this topic came up and instead of let them bully our work with them will be the general idea 😉
    and I mean work with fun hackers.

    Keep you posted 😉

    JoJa

  • Deana_Later

    Jack Marioline aka “tossed salad boy” is in fact a teenager from Italy who has been griefing the OSG on and off for a lil over 3 yrs. His modus operandi has usually been attaching multiple prims to a rotation script and leaving them on regions where build IS enabled. Or for social distraction attaching the rotating prims to himself in Lbsa Plaza. While he is a nuisance, he isn’t able to cause any real damage as long as the region owner has responsibly backed up their OARs.For those who wish to not have to deal with reloading an OAR, the simple solutions are: 

    Set your region to group only, with enrollment by invitation only enrollment.

    Lock down all items on your region.

    Allow script use and build privileges only to those members of the group who are completely trusted.

    If we have learned nothing else from SL, we should have learned that there will always be attention seeking griefers. How we react to them need not effect the Hyper Grid or intrude on people’s privacy. All we have to do is protect our selves responsibly with the tools already at our disposal.

  • Alteredillusionz

    While i do understand the artivcle, and the issues involved.
    One thing i feel the need to say though.
    This can not all be blamed just on the hacker, griefer.
    The security, permissions needed for them to do the things they do, falls on the region and sim operators.
    After having used secondlife for years, i know the basic common sense of making sure my permissions are set correctly.
    So while we talk about creating lists and everything else.
    We fail to bother really talking about what YOU the creator, and operators have got to do before hand to insure this does not happen.
    First thing i do after creating a region is to insure i have land permissions set to not allow this to happen.
    It is just plain common sense, we are on the internet, not much different than dealing with real life.
    A little common sense goes a long way.
    Just because we host these servers and regions on our own home computers, or even hosted vpns doesnt mean we should let common sense fly out the window.
    I used to do tech support for a living, and you might be surprised how many just dont use the needed common sense.

  • That’s why I <3 Kitely. We don't have that problem. No access without paying up front…which would require PayPal which requires legitimate identification and actual money. Hackers don't qualify! Hah.

  • Jigs

    On FleepGrid, a griefer dropped colored spheres all over the grid, which brought down the entire world.”

    THIS is why you never set a region to allow public scripts OR build/rez permissions. If the regions are set properly a griefer simply CANT rez, or drop anything, nor can they use anything with scripts.
    Leaving regions set to allow either is like parking your new car in san francisco  with the windows rolled down and the keys left in the ignition.

  • Hi this guy he is just a pest and a regular visitor to many worlds.   He does not hack its just people who leave build permissions on.  Anyways I took a trip from my new NWS install to fleepgrid and it appears fleep has had another visit.   Does he have build on his landing area because in all honesty this particular guy is easily stopped.  

  • Jonny Vayro

    Jack is BACK!

    Jack Marioline came to Another World yesterday and attacked every single region. He was using this account Jack.Marioline @speculoos.co.uk:8002

    I would recommend banning this user from your worlds. I did already speak to Olivier van Helden of Speculoos who has now deleted the account.

    He also goes by these names ….
    ebcd7168-c7b6-457c-a6fe-77f9dd5367ef Jack Marioline @vibe.bio-se.info:9000 5572077b-72df-49c3-a405-003f5b7589a9 Jack Marioline @rp.opensim.nl:28002
    964062ad-b798-462a-9cd4-64799178f616 Jack Marioline @grid.suboceana.fr:8002
    7bbd86c0-840f-4fda-a2dc-a0c7b9924208 Jack Marioline @grid.aire-mille-flux.org:8002
    Im not entirely sure if those accounts are still active. (Provided by Speculoos)
    Just a heads up.