DDOS attacks on servers, is anything being done to limit outside HTML requests outside SL/TPV?

[JT Eyre]

Several sims have been frequently under attack from an outside program easily available to the public. I will not list what program here, to prevent others from being able to find it and use it, but the point is that it takes an IP address and port range and fires off thousands of HTML requests, enough to flood and lag the server to the point that no one can move. There does not need to be an avatar on sim for the attacks to occur. Is something being done to patch this exploit? I know of paying sim owners ready to abandon their land due to these blatant DDOS attacks.

[Lindal Kidd]

See this information on how to report a security issue or exploit.

 

Reporting security issues

Important: Issues pertaining to the security of Second Life should be reported to Linden Lab using only the procedures described below. Please help us keep Second Life secure by ensuring that possible security exploits aren't broadly advertised.

If an issue poses any of the following threats to Second Life, its Residents or content, then it is an exploit and should be reported:

• Exposes real life Resident identity without consent.
• Destroys content.
• Permits unauthorized access to Second Life/Linden Lab resources.
• Compromises a client or server host subjecting it to remote control.

When reporting an exploit, please provide as much detail as possible, Including the environment used (e.g. Windows XP Service Pack 2, Nvidia 6800 etc ) and the complete reproduction case. Linden Lab offers a L$10,000 bounty for each previously unknown exploit that can be verified. Please report issues as soon as they are discovered!

Filing issues

There are two ways to file security reports:

• In the SEC project on jira.secondlife.com (PREFERRED). It's VERY IMPORTANT that you file issues in the SEC project, which is the only project set up so that only the reporter and Linden Lab can view the issue.
• Via email: security@lindenlab.com.

Warning: The SEC project (and security mailing list) is ONLY for reporting security exploits that might compromise a Residents identity or the Second Life Grid. All other requests including account issues and account security via this address will not be addressed.