David: Chat Room threat

Warrior · Post by **Warrior** » Tue Jul 24, 2001 4:12 pm

David: Please, please, please limit access to the Chat Room to people who are registered with Matrix. We are getting too many outsiders who just surf in. Some are obviously hacker kids looking for a secure place to trade info with their delinquent friends. We don't need this sort of visitor, and it can pose a threat to Matrix itself. If one of these vandals decide to launch a Denial of Service attack against Matrix, it could put the servers off-line for an indefinite period. I strongly suggest checking Steve Gibson's (of Gibson Research) report on how this is accomplished: http://grc.com/dos/intro.htm.

This is no joke! Not for Matrix, and not for me as a user. I will not use the Chat Room unless I feel it is secure, and that's a shame, because it really is great to have that available.

[ July 24, 2001: Message edited by: Warrior ]

Waylander · Post by **Waylander** » Tue Jul 24, 2001 5:30 pm

I tend to agree, if a security guru like steve gibson can get into so much trouble because a kid decided he had insulted his friends then who knows.
The XP security topic was also a bit alarming.

regards
Freddie

Warrior · Post by **Warrior** » Tue Jul 24, 2001 10:03 pm

Hoping this won't fall off the page.

Wild Bill · Post by **Wild Bill** » Tue Jul 24, 2001 10:07 pm

Me too, Warrior. We'll keep it up there. ...WB

Paul Vebber · Post by **Paul Vebber** » Tue Jul 24, 2001 10:17 pm

Unfortunately the nature of teh internet and IRC chat makes it impossible to allow access to everybody, and keep undesiables out. All we can do is kick them out as the opportunity forces us to.

If you have a password, how do we get it out to those who want access, without making it publically avaialable? IT defeats the whole pupose to make it "too secure".

We ahave safeguards against denial of sevice attacks, though folks are constantly testing us as a recent virus attack attempt this past weekend can attest.

We work hard to maintain a public, hospitable site and services, unfortunately that means those lacking social graces and understanding of civilty can abuse it.

As in the real world, we just have to live with it.

sven · Post by **sven** » Tue Jul 24, 2001 10:55 pm

Originally posted by Paul Vebber:
Unfortunately the nature of teh internet and IRC chat makes it impossible to allow access to everybody, and keep undesiables out. All we can do is kick them out as the opportunity forces us to.

If you have a password, how do we get it out to those who want access, without making it publically avaialable? IT defeats the whole pupose to make it "too secure".

We ahave safeguards against denial of sevice attacks, though folks are constantly testing us as a recent virus attack attempt this past weekend can attest.

We work hard to maintain a public, hospitable site and services, unfortunately that means those lacking social graces and understanding of civilty can abuse it.

As in the real world, we just have to live with it.

I spoke with David during our little 'visit' from the 'gentleman' in question. Matrix Games IMPORTANT data was never threatened. The best thing to do was what we did which was ignore him and establish that we were the ones in control of the situation.

Regards,
Frank

Wild Bill · Post by **Wild Bill** » Tue Jul 24, 2001 11:00 pm

On a personal note, in the last week I've been getting strange e-mail from unknown people, totally unknown who ask me to "look" at their files.

They offer no explanation whatsoever as to who they are or even offer their real names.

Their files are not explained. I have replied to them asking for more information. They never respond to my reply.

My recommendation is that if any of you receive such correspondence, simply delete it.

Some folks evidently do not like us or what we are trying to do. But that will not deter us from our goals.

We will continue to strive to bring you quality gaming, open discussion and a listening ear to what you want. We will not be stopped no derailed from our goals.

Fabs · Post by **Fabs** » Tue Jul 24, 2001 11:52 pm

Wild Bill, that happens all the time. Some of these guys are just spammers, others are more sinister in that they are trying to spread viruses.

I don't know what makes these idiots tick, but i have a very simple rule: if I don't know the sender or if I am not expecting an e-mail, I can them.

Touch wood, so far I've managed to avoid trouble.

mpenfold · Post by **mpenfold** » Wed Jul 25, 2001 12:30 am

Originally posted by Wild Bill:
On a personal note, in the last week I've been getting strange e-mail from unknown people, totally unknown who ask me to "look" at their files.

They offer no explanation whatsoever as to who they are or even offer their real names.

Their files are not explained. I have replied to them asking for more information. They never respond to my reply.

My recommendation is that if any of you receive such correspondence, simply delete it.

Some folks evidently do not like us or what we are trying to do. But that will not deter us from our goals.

We will continue to strive to bring you quality gaming, open discussion and a listening ear to what you want. We will not be stopped no derailed from our goals.

Bill,

Another option is to send an e-mail to abise@<theirdomain>, so if for example they were pigshit@thierisp.com, send a copy of the e-mail to abise@theirisp.com. Will not stop them, but it may just slow them up a little.

gbotto600 · Post by **gbotto600** » Wed Jul 25, 2001 12:52 am

yea, i was watching TechTV (a channel all about computers and the internet) and they spoke with Gibson about what happened to his site, i think people should only be able to access in with their forum name and forum password, that would keep those random spammers and hacker losers out

ectizen · Post by **ectizen** » Wed Jul 25, 2001 1:06 am

Originally posted by Wild Bill:
On a personal note, in the last week I've been getting strange e-mail from unknown people, totally unknown who ask me to "look" at their files.

This is a new email worm/trojan/virus/thingy that's been doing the rounds lately. When these things are activated (by opening the attachments), they tend to spread to other users in their host's address book. It's unlikely that this is a directed attack against you or Matrix.

Interestingly, the amount of this kind of email you get can be used to gauge your popularity. If you're something of an internet personailty and are in a lot of people's address books, you'd receive a lot of this. If, like me, you're a relative nobody, you'd get very little of this. I personally have never received one of these, although we got one at work on monday.

In short, you're getting these things because you're popular.

sinner · Post by **sinner** » Wed Jul 25, 2001 1:14 am

Wild Bill:

This is serious. No kidding, no fun things here.

What you are getting is a virus!

Never open those files, and, if you use Outlook Express as a mail reader, you are probably infected too.

This is the virus SirCam.

If hides itself in several places, like renaming needed DLL files from your System folder, inside your TrashBin, it sends (and deletes!!!) any kind of file that you can have inside your "My Documents" folder...

Please, check for the newest anti-virus releases, specifically ones that can fight "SirCam virus".

It cames, at least, in English and/or Spanish.

I recomend that first you get an update for your anti-virus, then send a polite mail message to the people that "send you" the files (it was the virus) and tell them that they are infected with SirCam and, if possible, avoid using Outlook Express. Try other e-mail systems: Eudora, Netscape Messenger...

Try, for example http://www.mcaffee.com/ and check for they Alert:
http://www.mcafee.com/anti-virus/viruses/sircam/default.asp?cid=2360

Of course, this virus was all inoffensive against my "KoenigTiger" called Linux.

But I have gotten so far around a dozen of those e-mails.

11Bravo · Post by **11Bravo** » Wed Jul 25, 2001 2:40 am

Originally posted by Matt Penfold:

Bill,

Another option is to send an e-mail to abise@<theirdomain>, so if for example they were pigshit@thierisp.com, send a copy of the e-mail to abise@theirisp.com. Will not stop them, but it may just slow them up a little.

Do you mean abuse@theirisp.com?

Wild Bill · Post by **Wild Bill** » Wed Jul 25, 2001 3:06 am

I'm still clean. No, this is not paranoia. E-Mails are coming with names of people I work with closely as being the sender.

Someone has to know this stuff to personalize it like that.

I have McAfee installed and updated. So far, so good...Wild Bill

gbotto600 · Post by **gbotto600** » Wed Jul 25, 2001 3:11 am

this same thing happened with me, i got emails like it from my best friend and some other close online pals, but i then checked my message board at www.squad600.hk.st and someone posted a message about the virus and i didn't open them luckily

Banjo · Post by **Banjo** » Wed Jul 25, 2001 3:55 am

So far, the only person I have attached files in an email to is Wild Bill. They were a few maps that I was working on, and hope to make a scenario into. One of these days!!!

I will only send attached files upon prior consent to the recipient. There will be no attached files from me before then.

I say this in lieu of the recent occurrences. A friend had some relatives affected the last few days.

So if you don't hear from me first that I will be sending an attached file, I didn't send you one. Email is Minstrilbob@aol.com

Bill, I'll get that finished yet!!

madflava13 · Post by **madflava13** » Wed Jul 25, 2001 4:08 am

My father works for a newspaper in the midwest that has been hit in the last few days by viruses spread through emails such as the ones Wild Bill described. What happens is the virus infects your system, replicates itself and sends itself to everyone in your "Contacts" and "address book" files. After it does that, it erases or seriously damages your Hard Drive. The newspaper was forced to shut down its servers for some time until the files could all be cleaned. This virus is effective precisely because it comes from people you know. They have no knowledge of the messages being sent, by the way. The most common subject or message is "Take a look at this file" or something to that effect. Be careful when you get messges like this, everyone...

BruceAZ · Post by **BruceAZ** » Wed Jul 25, 2001 4:23 am

Bonzo · Post by **Bonzo** » Wed Jul 25, 2001 4:46 am

I too have been recieving odd files for the last couple of days, these being a text file and an attached file with a name structured XXX.DOC.VBS. My Zonealarm firewall catches them & renames them so I can recognize the Visual Basic script. Never was brave (stupid?) enough to open unsolicited files.

I tried emailing the sender, but the e-mail bounced. I've had about 15 of these messages in the last 2 days, all with the same text file but from a couple of different e-mail addresses and different XXX.DOC.VBS file names & sizes. I just delete them without looking now.

I have a number of e-mail accounts & a couple of aliases for my main account but every one of these messages came to my nwbattalion.com account.

chanman · Post by **chanman** » Wed Jul 25, 2001 5:34 am

In this day of many people trying to impress their friends by taking down websites and writing viruses, a little paranoia is a good thing. Check the mail program you use for the option to hide filename extensions. Turn it off. Check for unknown extensions, if you see them, delete the message. Running an executable sent to you via email is risky behavior. As the previous poster pointed out, he received a xxx.doc.vbs file, which is an executable file and probably a virus. A personal firewall did the job for him, and for the rest of you Win9X, WinNT, WinME users out there that is probably a good idea. I would go further and make sure that while you are messing around in cyberspace that any network cables to the rest of your home networks be disconnected. This is called an airwall and is one of the best ways to isolate an infection or assault if you happen to fall victime to one.

In the case of Matrix, I strongly urge that your webserver have an airwall between it and the rest of the company jewells. Transfer data from the development machines to the download servers using some removeable media such as a zip disk or cd/rw. Network connectivity is nice, but can burn you if your site gets compromised. These days, sizeable removable media is cheap and readily available.

For the rest of us, one final comment. I use an older pc to browse the net when I am at home. I sanitize it regularly and never connect it to my home network until it has been cleaned, and never when I am online. If that machine becomes infected, I scrape the operating system off and start over. I only use Win98 on that machine as I haven't located a DSL driver for linux.

Linux is actually a better solution for a browsing machine as it is immune to most of the attacks and email viruses roaming the ether. Note that linux is not really a "consumer" operating system, but based on the level of comments I have seen on the matrix boards, I would say that many of you are "geeky" enough to tackle the learning curve. If any of you try linux and get stuck, send me email and I will attempt to help you.

Hope these comments prove useful to someone.

Chanman

[ July 24, 2001: Message edited by: chanman ]