Time To Limit Free Accounts RE: Grid Attacks??

This is like the 4th major grid attack within a relative short period. There seems to be a correlation to this type of attack and the introduction of the 'free accounts' last year. I would be interested to know how many of the grid attacks were initiated by members gaining access to the SL grid via free accounts.

Perhaps some strict limitations on what free account holders can do inworld in terms of scripting, building, etc..... like with many other 'Demo' applications and games... ???

Just a thought.

You cant do that.

An enormous part of SL population is on free accounts. and its probably only here because its free. i know i am... i wouldnt be here if i had to pay for it.

and thats the tought behind it. if they kill the free accounts, they will be literally killing SL popularity, and they dont want that.

and you cant actually ban them. since all you need is a Dynamic IP, and even IP bans will do nothing... all he gotta do is pay 10 bucks, and create another account.
So unless they find a way to make the servers automatically respond to GAs (Grid Attacks)
like, having it store the land at a certain period of the day, then reset it to that stored state if something goes critical, or something like that. Well just have to wait till they clean it up manually each time.

I still put money into the game and I am on a resident account, but since my girlfriend and I own land no need for me to pay to membership when it can go to cold linden =)

Note that it resulted in a huge increase in population, which is just as likley an attractor as a free account. Attacks will always happen in open environments, just like they do on the internet.

Aye.
Can you say "Taliban"?

I want to know what is being done about it. As far as I know NOTHING is being done to prevent, or punish people who do this. Lindens have a "policy" of not releasing information regarding these types of attacks, so how can we be assured that something is actually being done?

I think you're not going to stop these grid attacks even if you restrict free account holders.

These people will attack the grid regardless. It's a sad reflection of the times we live in as people who cannot have fun make sure no one else can!

Well I personally wouldn't like to see free accounts limited in what you can do, and neither would LL. (Limited accounts mean less customers) However I did think of a possible alternative to that, not sure whether it's completely feasible and I don't know whether it's been suggested before but...

Linden Lab could create some sort of script watcher which can pinpoint scripted objects that are likely to be causing trouble. It could kind of home in on an area where the server load is above a certain level, check for the objects that are causing the excessive load and then temporarily prevent those scripts from working, and automatically send a message to the object owner saying that the script(s) on their object(s) have been halted. Surely LL are able to find a specific script and flip the switch to off, so to speak. The load threshold would have to be set at a level which is clearly a threat to the grid, so that genuine scripts are allowed to run even if they do cause a high(but not grid-threatening) server load.

It would prevent self-replicating objects from replicating to such a level as to bring the grid down. It would only need to look at the effects of the script and not analyse the script code itself.

Maybe it could be called the Script Watchdog.

You can bet your ass those people are getting what they deserve, in form of a ban. Theres nothing else they can do.

And, all you gotta do it pay 10 bucks to get another account, so its just another "Go away pleeeeeease!" situations.

You're thinking in IRC terms. This is a corprate entity. If an attacker is attacking using a dynamic IP then you can simply contact said ISP that you had a DoS attack on a multimillion dollar business from that IP. They'll look into it and with help from the proper authorities obtain the personal information. If the ISP refuses to cooperate, then they too can recieve hell in the courts over harboring a cybercriminal. Usually though, in the case of Cracking/DoS attacks, ISP will cooperate with the authorities with personal info and will usually terminate the account otherwise.

Lots of scripts use functions that are harmless to what they created, but could also be used to GAs, theres no way to have an automatic system for that. and putting people to do that is just way beyond slow, expensive and stupid.

There already are limitations to building. Free accounts can't make permanent objects. The objects disappear by themselves after a time.

There are people like me who are on a free account and learning things in preparation for going on a paid account. If you limit scripting then you hamper the learning process also.

Limitations are a double edged sword.

I'm actually suspecting that the perpetrator is not on a free account. If he were then the items should be disappearing on their own after the character is logged out.

Dynamic IP or not. IF,, and underline IF they REALLY did report the person to authorities, and something was actually done about it, you think the person would have access to a computer, let alone SL after being prosecuted for internet crimes? I really dont think they would.

Banning someone for this type of attack is pointless, ACTUALLY reporting to authorities/ISP might stop it

I doubt that the ISP could have that information. im not an expert in this kind of thing, but the dynamic IP, makes your IP completly literally random, sinc eit will change to another number in seconds.

What could you do? Go to them and say: Hey i got X harassment from THIS IP. but said ip doesnt exist anymore, so the griefer would be completly masked.

i think

That, and also not to mention that the person could probably be in a lan house. That way you could hack the CIA and they would have no way to trace YOU.

Stopping free accounts won't help. Greifers attack all the MMORPGs that require a monthly fee, and they pay to play so how would stopping free acounts help any?

Well you may think that, but...

I know that there's harmless scripts that can be used for grid attacks. As long as they're kept to harmless use then nothing will happen. If they start to cause a critical amount of server load which will inevitably result in the grid crashing then those scripts will be stopped temporarily and the owner notified. If they can resolve the situation peacefully then the scripts could be turned back on.

How expensive is it for LL to recover from grid attacks in the long run, in terms of extra staff working time, loss of service, potential loss of customers? A one time expense may well be better than months or years of cleaning up after hackers.

How do you know there's no way to have an automatic system to do that? Unless you have access to the source code for SL and know exactly how it all works then you can't know.

How do you know it would be slow? All it would be is just a small server process scanning for areas of excessive server load at regular intervals. 99.9% of the time it would hardly have to do anything.

And what is stupid about trying to cure grid attacks?

A dynamic IP is simply a different IP when you relog.

DSL has this, each time you log on DSL you have a new IP within the range of your ISP's numbers. You can easily be tracked down with a dynamic IP, it wont mask you , if you start going through internet proxies then you have a chance of being hidden, but that is also not 100% secure, i have traced an IP down to an ISP that was run through proxies.

Doesnt matter where you are, everyone needs some sort of ISP to connect from, each ISP has records of connections etc..
Unless you're on a laptop, on the highway, picking up a wireless signal, and playing SL through it, then you'd be hard to find.

You can actually track a dynamic IP? that sounds neat. i tought they were completly impossible to track

Actually sugested something to lindens today that would help with these kind of attacks, and help vendors/scripters keep thier object updated.

Discussion: /13/f6/103620/1.html

Vote for it: Proposition 1337

Yep, I agree, but you gotta remember, every internet action leaves a footprint. It just takes a bit of time to find where they lead.

I voted for it because it's LEET*




*If you don't understand the joke then good for you

A Static IP means you only have 1 IP, usually with cable.

Dynamic IP simply means new/varying IP. (on re-log mostly)

It doesnt change many times while you're surfing, all it is, is a new IP when you relog.

If you're IP kept changing while you were browsing you'd suffer connection issues and would have a hard time to keep connected to anything.

and every single IP out there leads back to an ISP. Unless its proxied it may lead to another website/server/lan etc..

So lets consider this:
The guy goes, hacks a computer, then relogs.

could him be traced?

Yes, Dynamic ip's can be tracked. THe ISP's DO have account login/logout info and DHCP records. Each network interface also has a MAC address, these can be used in tracking as well.