OpenSimWorld is the directory of 3D Virtual Worlds based on OpenSimulator and connected through the HyperGrid. Learn More
New Members
IsaIDora, Timburton, Siddhipatil, BeeDebevec, DakotaSkye, Naish, Jhon Rider, XennLygon, JhonRider, Grambel, Starr Paramour, Sapphirehades, Captain_Ahab, LeightonWhite, Daniella, RoccoHills, Dragansvarg, Julisa, Livio, JillMooreLikes
Through the grapevine (thanks Jimmy) I am hearing of a script that is going around destroying assets and killing grids. I think it's at least attacked 2 grids that I know of, one of which we managed to rescue.
If you have this set to true in your Robust.ini you are vulnerable to it I think. I'm guessing as I've not seen the script itself.
; Allow all assets to be remotely deleted.
; Only set this to true if you are operating a grid where you control all calls to the asset service
; (where a necessary condition is that you control all simulators) and you need this for admin purposes.
; If set to true, AllowRemoteDelete = true is required as well.
; Default is false.
AllowRemoteDeleteAllTypes = false
This is in your Robust.ini
I know I'll probably get shouted down - this is just a hunch that this is what is causing this issue.
If you have this set to true in your Robust.ini you are vulnerable to it I think. I'm guessing as I've not seen the script itself.
; Allow all assets to be remotely deleted.
; Only set this to true if you are operating a grid where you control all calls to the asset service
; (where a necessary condition is that you control all simulators) and you need this for admin purposes.
; If set to true, AllowRemoteDelete = true is required as well.
; Default is false.
AllowRemoteDeleteAllTypes = false
This is in your Robust.ini
I know I'll probably get shouted down - this is just a hunch that this is what is causing this issue.
Liked by: 
Comments
Thanks for posting this. We are setting up the new grid now and I will check these things before we go public. I feel like I'm going crazy trying to make sure everything is secured lol
like(1)
I will try to explain how the "virus" works
The ultimate goal of the attack is to gain access to the server's console, or at least to the Robust server. Unfortunately, many of the servers directly allow access to ports 20, 22, 139, 8003, 3306, 3389. Some change the port number to "non-standard" hoping to hide it - naive! Passwords? Are you joke????????
For those who make this mistake, the attack ends here - successfully and with unlimited damage. Read this: https://opensimworld.com/post/105787
What if you did protect yourself? The hacker tries the next step:
Each OpenSIM server exchanges assets with the others. This happens when you "wear" or when you "rez" object on the ground. This allows you to use things created on other servers and see the avatars of visitors. This is very nice but....besides the "normal" assets opensim servers also exchange an asset of type "LSLBytecode" (opss what code?) and "Link" (hmmmmm Where does this link point to and what is being loaded?)...
Whatever the hacker wants!
Uploaded script start to work like proxy between hacker and local machine. I cannot understand more, because hacker try to attack Robust, SQL and SSH some time and leave (in my server all these is not accessible this way)
A defense against that?
1.NEVER allow to visitors or users to BUILD!!!
2.NEVER rez or wear in "god mode"!
3.NEWER allow to script to rez anything!
And again USE ROUTER! If you is on datacenter use TCP Wrappers! Firewall NOT WORK against proxy already inside....
like(0)
The ultimate goal of the attack is to gain access to the server's console, or at least to the Robust server. Unfortunately, many of the servers directly allow access to ports 20, 22, 139, 8003, 3306, 3389. Some change the port number to "non-standard" hoping to hide it - naive! Passwords? Are you joke????????
For those who make this mistake, the attack ends here - successfully and with unlimited damage. Read this: https://opensimworld.com/post/105787
What if you did protect yourself? The hacker tries the next step:
Each OpenSIM server exchanges assets with the others. This happens when you "wear" or when you "rez" object on the ground. This allows you to use things created on other servers and see the avatars of visitors. This is very nice but....besides the "normal" assets opensim servers also exchange an asset of type "LSLBytecode" (opss what code?) and "Link" (hmmmmm Where does this link point to and what is being loaded?)...
Whatever the hacker wants!
Uploaded script start to work like proxy between hacker and local machine. I cannot understand more, because hacker try to attack Robust, SQL and SSH some time and leave (in my server all these is not accessible this way)
A defense against that?
1.NEVER allow to visitors or users to BUILD!!!
2.NEVER rez or wear in "god mode"!
3.NEWER allow to script to rez anything!
And again USE ROUTER! If you is on datacenter use TCP Wrappers! Firewall NOT WORK against proxy already inside....
Also make sure this line is set to false not true and you find it in Robust.HG in outworldz/bin folder in dreamgrid in this line
AllowRemoteDelete=false
like(2)
AllowRemoteDelete=false