Malicious Scripting - RunUO

FallsUpStairs · 07-18-2004, 01:22 AM

Just wondering if this is, or has ever been a problem:

With the large number of scripts that pass through here, it seems to be a possibility that there could be a lot of possibly malicious scripts. I scripted an example for this, but I decided against posting for obvious reasons, but any scripter with any knowledge knows that it wouldn't be difficult at all to disguise a keyword or action to automatically change AccessLevels, or any other numerous activities.

Maybe it's just me, but if this isn't already a problem, it seems like it could be an issue sometime, or at least warrant people checking out their scripts before installation. Oh well, maybe it's just paranoia, but you never know...

evil lord kirby · 07-19-2004, 08:43 AM

well anyone that got caught doing that would be banned im sure and it wouldnt take much to get caught.

Ankron · 07-19-2004, 09:12 AM

Yes caught, but how many times? There are some who can foil most filters to gain access to new accounts. Personaly I think it's better if I script every thing my self so I don't get some one elses bug.

septor · 07-19-2004, 09:19 AM

The fact is, no matter how hard you try, or no matter how many countermeasures you put up, or use, there will always be someone, or a group of someones that will find away around it. There will always be someone out there that gets their jollys off by expoliting every possible exploit they can find, even if it has nothing to do with them whatsoever.

The only thing you can do is hope you don't get stuck with something like this, skim through all the scripts you download looking for anything out of the ordinary. Keep a log of what you've downloaded, by whom, and when you downloaded it. This way you can sort of pin point what's doing it, and then report your problem here and then maybe someone more advanced in C# scripting can look at the script and tell you if it's a possibility.

Arya · 07-19-2004, 09:34 AM

This is one of the reasons why you *need* someone who can at least read C# to check any custom scripts you install.

Phantom · 07-19-2004, 11:07 AM

Don't worry about people using your trust against you.

We look at every script that is posted between the 10 people ( moderators and others ) that are posted.

Not once has anyone used the trust of this community against us. Plus most people who submit a script couldn't do anything to ya, mainly because how runuo is setup to handle additional dlls.

**David** · 07-19-2004, 01:21 PM

...and this is the reason the Dev team has insisted on not supporting pre-compiled dll scripts. All scripts are plain text. It makes hiding something from the community as a whole nearly impossible. Individual Admins may not catch the malicious code, but the community would.

07-18-2004, 01:22 AM	#1 (permalink)
FallsUpStairs Forum Expert Join Date: Oct 2002 Posts: 508	Malicious Scripting Just wondering if this is, or has ever been a problem: With the large number of scripts that pass through here, it seems to be a possibility that there could be a lot of possibly malicious scripts. I scripted an example for this, but I decided against posting for obvious reasons, but any scripter with any knowledge knows that it wouldn't be difficult at all to disguise a keyword or action to automatically change AccessLevels, or any other numerous activities. Maybe it's just me, but if this isn't already a problem, it seems like it could be an issue sometime, or at least warrant people checking out their scripts before installation. Oh well, maybe it's just paranoia, but you never know... __________________ Fueled by Bawls :cool:

07-19-2004, 08:43 AM	#2 (permalink)
evil lord kirby Account Terminated Join Date: Apr 2004 Location: Titusville PA Age: 26 Posts: 975	hmmm well anyone that got caught doing that would be banned im sure and it wouldnt take much to get caught.

07-19-2004, 09:34 AM	#5 (permalink)
Arya Join Date: Mar 2003 Location: Near a lava pool Age: 8 Posts: 1,012	This is one of the reasons why you need someone who can at least read C# to check any custom scripts you install. __________________ Oxygen should be regarded as a drug.

07-19-2004, 01:21 PM	#7 (permalink)
David Moderate Join Date: Nov 2002 Location: USA Posts: 6,598	...and this is the reason the Dev team has insisted on not supporting pre-compiled dll scripts. All scripts are plain text. It makes hiding something from the community as a whole nearly impossible. Individual Admins may not catch the malicious code, but the community would. __________________ David Forum Moderator The RunUO.com Forum Moderator Team Forum Rules and Guidelines RunUO Forum Search Engine Download RunUO 2.0 RC2

Thread Tools
Show Printable Version Email this Page
Display Modes
Linear Mode Switch to Hybrid Mode Switch to Threaded Mode

07-19-2004, 09:12 AM	#3 (permalink)
Ankron Forum Novice Join Date: Feb 2004 Posts: 108	Yes caught, but how many times? There are some who can foil most filters to gain access to new accounts. Personaly I think it's better if I script every thing my self so I don't get some one elses bug.

07-19-2004, 09:19 AM	#4 (permalink)
septor Forum Novice Join Date: Jun 2004 Location: Michigan Age: 26 Posts: 195	The fact is, no matter how hard you try, or no matter how many countermeasures you put up, or use, there will always be someone, or a group of someones that will find away around it. There will always be someone out there that gets their jollys off by expoliting every possible exploit they can find, even if it has nothing to do with them whatsoever. The only thing you can do is hope you don't get stuck with something like this, skim through all the scripts you download looking for anything out of the ordinary. Keep a log of what you've downloaded, by whom, and when you downloaded it. This way you can sort of pin point what's doing it, and then report your problem here and then maybe someone more advanced in C# scripting can look at the script and tell you if it's a possibility.

07-19-2004, 11:07 AM	#6 (permalink)
Phantom Account Terminated Join Date: Sep 2002 Age: 26 Posts: 3,846	Don't worry about people using your trust against you. We look at every script that is posted between the 10 people ( moderators and others ) that are posted. Not once has anyone used the trust of this community against us. Plus most people who submit a script couldn't do anything to ya, mainly because how runuo is setup to handle additional dlls.

Currently Active Users Viewing This Thread: 1 (0 members and 1 guests)