Jump to content

Griefers...

Teagan Tobias
 Share
You are about to reply to a thread that has been inactive for 4028 days.

Please take a moment to consider if this thread is worth bumping.

Recommended Posts

Teagan Tobias

Teagan Tobias

Posted
Posted

I've not been doing much lately but I am still in groups for a number of artists. I have been seeing a lot of griefing lately and just the other day I was watching the chatter from one group and before the show was half over the sim was crashed by a griefer. It was so bad they just gave up and canceled the rest of the show.

So here is my question, are the griefers that good, or, is LL that bad.

Link to comment
Share on other sites
jwenting

jwenting

Posted
Posted

of course a lot of people will not restrict others as a public service. Think people living near public roads and waterways, who should not block passage for travelers (sadly a lot do, making sailing and driving almost impossible these days. Terribly inconsiderate).

At the very least set a reasonably autoreturn rate, and monitor your land frequently for stuff that doesn't belong there. Installing a system that logs all arriving and departing avatars can help, allowing you to see when potential troublemakers were there.

Link to comment
Share on other sites
Qie Niangao

Qie Niangao

Posted
Posted

Rather than start another thread about this, I thought I'd tack onto this one that's only a day old.

At the Server User Group yesterday, a sizable contingent of venue owners and event talent expressed extreme concern about some very serious griefing of popular sims. They described griefing far beyond the usual stuff of crashing all the viewers connected to the sim or crashing the sim itself or getting some object returned, but rather damaging and deleting sim contents necessitating sim state rollbacks. This, reportedly, even with scripts disabled by Estate Tools at the Region level (i.e., not merely at the parcel level familiar to regular Mainland and private landowners), which strongly indicates that the damage is done by rogue viewer(s).

Some of those present at that meeting were more technically savvy than others, of course, and some better understood that a meeting of server developers wasn't a productive forum for trying to get specific griefer-alts banned (something, apparently, that months of ARs by a host of reporters has been utterly unsuccessful in achieving).

Dealing with this is difficult. Banning individual accounts doesn't work because alts are free; banning by IP and/or MAC address is quite ineffective (although the pretense has been enormously profitable for the snake-oil industry); restricting access by account age has no effect on persistent griefers (the threats I'm discussing here), and requiring Payment Info On File screens out too many "upright citizens" to be a viable measure for event venues.

Making sims invulnerable to such attacks is, of course, an ongoing cat-and-mouse game that the Lab developers have been playing for years. It's the same issue for every piece of software accessible by internet. The Lab must keep doing it, forever, but they'll always be playing catch-up with the latest exploits.

What if connection to Agni were only possible via registered TPVs? By "registered" I don't necessarily mean listed in the directory; I'm not sure what the criteria needs to be other than those that have not been found to support viewer-based exploits. What I have in mind is a secret given to each of these registered TPVs that they must absolutely protect because if it leaks out, a rogue TPV using their secret would result in nobody being able to connect with the registered TPV either. (There's lots of technicalities about key management, whether the crypto module is open source, etc., but for discussion purposes, just stick with a "secret" known only to the appointed member(s) of the TPV dev team, magically checked at user login.)

This wouldn't address standard-issue script-based griefing. Although scripted objects remain griefing vectors, they're generally manageable (or would be, given a reasonable level of resource commitment by the Lab--and ridding the grid of viewer-based exploits may free up some resources for this).

It also wouldn't help landowners ban annoying people and their alts. I see no possible way to do that effectively without multi-factor authentication including biometrics. (Talk about screening out too many "upright citizens"!)

This is only intended to address griefing by rogue viewers.

My question: Is it worth pursuing this further, or would such a change trigger a "sky is falling" response among SL users and TPV devs?

Link to comment
Share on other sites
Dresden Ceriano

Dresden Ceriano

Posted
Posted

Wouldn't it be easy for someone who knows what they're doing to spoof a "registered" viewer?

Why would LL want to piss off everyone that uses a particular TPV just because someone used a rogue version of it?

What about people that like to rework some viewer code for their own personal use?

...Dres

Link to comment
Share on other sites
Dillon Levenque

Dillon Levenque

Posted
Posted

Qie Niangao wrote:

Rather than start another thread about this, I thought I'd tack onto this one that's only a day old.

 

What if connection to Agni were only possible via 
registered
 TPVs?
By "registered" I don't necessarily mean listed in the directory; I'm not sure what the criteria needs to be other than those that have not been found to support viewer-based exploits. What I have in mind is a secret given to each of these registered TPVs that they must absolutely protect because if it leaks out, a rogue TPV using their secret would result in nobody being able to connect with the registered TPV either. (There's lots of technicalities about key management, whether the crypto module is open source, etc., but for discussion purposes, just stick with a "secret" known only to the appointed member(s) of the TPV dev team, magically checked at user login.)

This wouldn't address standard-issue script-based griefing. Although scripted objects remain griefing vectors, they're generally manageable (or would be, given a reasonable level of resource commitment by the Lab--and ridding the grid of viewer-based exploits may free up some resources for this).

 

My question: Is it worth pursuing this further, or would such a change trigger a "sky is falling" response among SL users and TPV devs?

 

I'm a bit unclear on how it would be discovered that a rogue viewer was using a key from a registered TPV (mostly because I know nothing about the ways LL can see what viewers are in use where and what those viewers are doing). Presumably there would be some interval between the time the rogue viewer was ID'd and the time that key was disabled, thus disabling all the registered TPV's users.

Other than that, it seems like a good idea to me. The only 'sky is falling' I can imagine is that for some reason a virtuous and popular viewer might not want to or be able to become registered, which would be a major problem for anyone using it. I'd think that an unlikely scenario but since I know almost nothing about all the viewers that are out there I'm hardly qualified even to guess.

Link to comment
Share on other sites
Perrie Juran

Perrie Juran

Posted
Posted

Qie Niangao wrote:

 

My question: Is it worth pursuing this further, or would such a change trigger a "sky is falling" response among SL users and TPV devs?

Once upon a time there was only the Official Viewer.................................

 

Which I am very glad today is not the case. 

Basically I would echo what Dres said:

"Why would LL want to piss off everyone that uses a particular TPV just because someone used a rogue version of it?

What about people that like to rework some viewer code for their own personal use?"

The problem with a 'hidden' authentication code is this:  Registered TPV's have to maintain a publicly viewable repository of their work.  So how do you hide this and keep the repository public?  Have the final code viewable only by LL?  It becomes an issue.

I have been present a few times when these Griefer initiated crashes have happened and it sucks.

IP bans are bad on face value because innocent users can get caught by them.  MAC bans are better but determined Griefers can easily get around them.

LL of course remains silent on their Security efforts and this is somewhat understandable.  I was pretty convinced by the griefer attack on my SIM that a security hole had been exploited.  Like you said, on the Internet it is going to happen.

Linden Lab needs to act swiftly and decisively on these Griefer accounts.  While it may not eliminate the problem, failing to do so makes it easier on the Griefers.

As far as triggering a "Sky Is Falling" response, I'll just say I understand the need to do something. 

We don't know how much LL is investing in Security efforts on their end.  If it is below industry averages/standards then they need first to increase it on their end.  If it is above industry averages/standards then Kudos to them. 

 

Link to comment
Share on other sites
Jadeclaw Denfu

Jadeclaw Denfu

Posted
Posted

Qie Niangao wrote: "What if connection to Agni were only possible via registered TPVs? "
Doesn't work. Since it is software, a registered viewer can be spoofed.
There is only one workable solution: Fix the server code. The server code should block all unauthorized accesses,
regardless of the viewer used. There is a rule for server side web applications: Never trust input from the client side,
always clean it up on the server side before handing it over to the application/data process.
And this rule should be fully applied to SL as well. Residents, especially those with a business, have sometimes three, four
figure US$-amounts in their SL-accounts. It is therefore absolutely necessary, that the security of all parts of SL is on a level
you would expect from a bank.

That a griefer is able to remove/destroy objects owned by someone else points to some serious security holes in the server code.

 

Link to comment
Share on other sites
Qie Niangao

Qie Niangao

Posted
Posted

Jadeclaw Denfu wrote:

Qie Niangao wrote: "
What if connection to Agni were only possible via 
registered
 TPVs?
"

Doesn't work. Since it is software, a registered viewer can be spoofed.

There is
only one
workable solution:
Fix the server code
. The server code should block
all unauthorized
accesses,

regardless
of the viewer used. There is a rule for server side web applications:
Never
trust input from the
client
side,

always clean it up
on the server side
before
handing it over to the application/data process.

And this rule should be fully applied to SL as well. Residents, especially those with a business, have sometimes three, four

figure US$-amounts in their SL-accounts. It is therefore absolutely necessary, that the security of all parts of SL is on a level

you would expect from a bank.

That a griefer is able to remove/destroy objects owned by someone else points to some serious security holes in the server code.

 

Unfortunately, I now think you're probably right. I'm no expert in security, but I now realize that it would be very difficult--probably impossible--to obscure the secret because the viewer executable has to be distributed, so even if the transmission of the secret were cryptographically secure, it could be obtained by inspecting the binary. I don't know of any way around that, so my apologies for the distraction. :matte-motes-crying:

Link to comment
Share on other sites
Dillon Levenque

Dillon Levenque

Posted
Posted

Qie Niangao wrote:

Unfortunately, I now think you're probably right. I'm no expert in security, but I now realize that it would be very difficult--probably impossible--to obscure the secret because the viewer 
executable
has to be distributed, so even if the
transmission
 of the secret were cryptographically secure, it could be obtained by inspecting the binary.
I don't know of any way around that
, so my apologies for the distraction. :matte-motes-crying:

Well, crap. I assumed you did. Too bad, it seemed to me like a promising suggestion.

Link to comment
Share on other sites
Perrie Juran

Perrie Juran

Posted
Posted

Qie Niangao wrote:

 

Unfortunately, I now think you're probably right. I'm no expert in security, but I now realize that it would be very difficult--probably impossible--to obscure the secret because the viewer 
executable
has to be distributed, so even if the
transmission
 of the secret were cryptographically secure, it could be obtained by inspecting the binary. I don't know of any way around that, so my apologies for the distraction. :matte-motes-crying:

There is no need for you to apologize.

We would all welcome a Viable solution.

Maybe more than the fact that they are getting griefed is the fact that these Venue Owners feel like LL is not do anything to address the Issue.  When they see the same Griefer Account continue to act with impunity it boggles their brains.  Especially when at some Venues it has gone beyond Griefing to Extortion.

Link to comment
Share on other sites
Jadeclaw Denfu

Jadeclaw Denfu

Posted
Posted

A few additional thoughts about signed software and registered clients:
The problem with 'registered' client software is:
You need to certify each file, that contains executable code, not only the main executable. You have to recheck these files
everytime the client is started. You know, how fast the client usually starts up? Double that time. Plus you have to setup the
certification infrastructure to handle that. And that still doesn't prevent altering the code in the main memory of the pc. And we're still not there. To handle all that certification nightmare, new protocols need to be implemented. And that's all only for the
official viewer. Where does that leave the third party viewers? Yep, multiply all that effort by the number of different viewers and you will see, that this is an unworkable solution. It can be handled in a controlled environment, e.g. in a local network with
a few hundred computers in an office building, but surely not for the whole planet.

This leaves the only controllable environment in this scenario: The server side.
In other words: It is Linden Lab's duty to fix the server code.

Oh, and reinstating a fully functioning Abuse-Department is the other pressing issue here.


Qie Niangao wrote: "Banning individual accounts doesn't work because alts are free; banning by IP and/or MAC address is quite ineffective (although the pretense has been enormously profitable for the snake-oil industry); restricting access by account age has no effect on persistent griefers (the threats I'm discussing here),"

Banning individual accounts does work to a certain level - if it is done quickly AND grid wide, as that would take out the fun.
Restricting access by account age also works, as it would prevent using quickly created alt accounts.
Banning by IP and / or MAC-Address is indeed quite useless, both can be quickly circumvented.
Finally banning by hardware profile, using serial numbers and component properties is harder to circumvent,
but it can be done as well, so that's not a permanent solution either.

In other words: We're back to square one: It is Linden Lab's duty to fix the server code. And to get the AR-department functioning properly again.

 

Link to comment
Share on other sites
TundraFire Nightfire

TundraFire Nightfire

Posted
Posted

I've been on SL now for years & never had a problem with griefers until recently. I usually just ban/mute/ignore them but lately I've noticed more bullying behavior by avatars who are only a few hours or days old and appear to be getting multiple accounts on the same day and staking out a particular area. I see them targeting particular avatars for bullying as opposed to griefing a whole area. You ban one and another one pops up seconds later to take over. Maybe I've just been lucky up until now but I had trouble with 5 seperate day-old avatars the other night before I could TP out of the area. 

Link to comment
Share on other sites
Jewel Laurasia

Jewel Laurasia

Posted
Posted

There seem to be waves of this activity. That is only my perception though. When I joined late 2006 I lived in Azure Islands. There was quite a bit of griefing going on at that time in those Sims. But it passed. Occasionally you found a troublemaker but it wasn't a big deal.

 

Maybe World of Warcraft needs to release newer content and expansions quicker :D

Link to comment
Share on other sites
jwenting

jwenting

Posted
Posted

Jadeclaw Denfu wrote:

Qie Niangao wrote: "
What if connection to Agni were only possible via 
registered
 TPVs?
"

Doesn't work. Since it is software, a registered viewer can be spoofed.

There is
only one
workable solution:
Fix the server code
. The server code should block
all unauthorized
accesses,

regardless
of the viewer used. There is a rule for server side web applications:
Never
trust input from the
client
side,

always clean it up
on the server side
before
handing it over to the application/data process.

 

 

and the simplest, indeed only, way to do that is to create a closed viewer that needs to use a complex algorithm to verify its credentials with the server every few minutes at random intervals while logged in.

That means NO TPVs at all, only 1 official client stuffed to the gills with security code that detects hacking, making it extremely slow.

And even then griefers will find ways around it, as they do and have done with every single online game/community that has ever existed.

Link to comment
Share on other sites
jwenting

jwenting

Posted
Posted

Perrie Juran wrote:

 

 

 There is no need for you to apologize.

We would all welcome a Viable solution.

Maybe more than the fact that they are getting griefed is the fact that these Venue Owners feel like LL is not do anything to address the Issue.  When they see the same Griefer Account continue to act with impunity it boggles their brains.  Especially when at some Venues it has gone beyond Griefing to Extortion.

the only viable solution is social, users stopping to pay any attention to griefers whatsoever, except for reporting them dilligently to those responsible for ousting them.

Users should not create countless forum threads about it, should not abandon their land if they get attacked (yes, it's happening, I've some indication at least some griefers are actually paid by unscrupulous land barrons to drive people off their land even), and do nothing else that gives the griefer the satisfaction of seeing his actions mentioned as such only vindicates him.

 

 

Link to comment
Share on other sites
Perrie Juran

Perrie Juran

Posted
Posted

jwenting wrote:

Perrie Juran wrote:

 
 There is no need for you to apologize.

We would all welcome a Viable solution.

Maybe more than the fact that they are getting griefed is the fact that these Venue Owners feel like LL is not do anything to address the Issue.  When they see the same Griefer Account continue to act with impunity it boggles their brains.  Especially when at some Venues it has gone beyond Griefing to Extortion.

the only viable solution is social, users stopping to pay any attention to griefers whatsoever, except for reporting them dilligently to those responsible for ousting them.

Users should not create countless forum threads about it, should not abandon their land if they get attacked (yes, it's happening, I've some indication at least some griefers are actually paid by unscrupulous land barrons to drive people off their land even), and do nothing else that gives the griefer the satisfaction of seeing his actions mentioned as such only vindicates him.

 

I do report diligently.

But until Linden Lab responds diligently to the reports the threads are going to continue.  And the threads are going to continue to be a thorn in Linden Lab's side until they respond diligently.

I wasn't able to use my own place for three days because of a griefer attack.  Linden Lab didn't credit me for the three days I was not able to use my property.

Junk Yard Blues has been crashed so bad that on a few occasions they had to wait for someone at Linden Lab to get in the office to bring it up on line.  And despite the AR's they saw the accounts continuing as active.

I like to take new folks to visit Governor Linden's Mansion and the Ivory Tower of Primitives.  Two days after reporting a Griefing attack there it was still going on.   I don't know if it was in response to it but I sent a note to Torley Linden about how embarrassing it was to be trying to take someone there and the attack was not being dealt with.  The next day it was cleaned up.

There was a thread here a few months ago by someone who had reported pornographic griefing prims spread over a multi SIM area.  Nothing had been done about them despite multiple AR's.  It was almost two weeks after he started the thread here before that garbage was cleaned up.

So while I know that the Griefers tend to love the attention and that they get their jollies from doing what they do,  I will continue to speak up until I see Linden Lab responding promptly and decisively.

Rodvik bemoaned the fact that they couldn't retain new users.  He should be more worried about retaining old users because we are the ones who provide the content the new users enjoy.**

I will not allow it to be swept under a carpet.  Maybe I'm dumb for it, but like many others, I actually care about Second Life.

 

**I haven't been able to confirm it but I think we may have just lost the twin Alpha & Omega SIM's, two of the most incredible builds I have ever seen in SL.  That hurts everybody.

Link to comment
Share on other sites
You are about to reply to a thread that has been inactive for 4028 days.

Please take a moment to consider if this thread is worth bumping.

Please sign in to comment

You will be able to leave a comment after signing in



Sign In Now
 Share
Go to topic listing
×
×
  • Create New...