We have detected that cookies are not enabled on your browser. Please enable cookies to ensure the proper experience.
Results 1 to 10 of 10

Thread: LUA security

  1. #1

    LUA security

    this may be a dumb question but how secure is this? can a key-logger be hidden in a lua script for example? or some other kind of malware? with the posts about hacked accounts i may be a bit paranoid here but i'd feel better knowing more info on this.
    Right now on Landroval there is a MASSIVE chicken run going on, just for fun. http://www.twitch.tv/lotro_abby Things like this are not uncommon...... welcome to the joke that is endgame

  2. #2
    Join Date
    Dec 2007
    Location
    Seattle, WA
    Posts
    7,628

    Re: LUA security

    Quote Originally Posted by Hetweith View Post
    this may be a dumb question but how secure is this? can a key-logger be hidden in a lua script for example? or some other kind of malware? with the posts about hacked accounts i may be a bit paranoid here but i'd feel better knowing more info on this.
    A pure Lua script (that is, those without a helper program) is completely safe. Those are executed in a sandbox that Turbine set up, in exactly a manner defined by Turbine, and cannot break out of their sandbox. The vast majority of plugins fall into this category.

    Anytime you have a plugin that requires a helper program, that is, a plugin that requires another program to be running along side LotRO, are not necessarily safe. As far as I know, all of the helper programs are safe, but this is where the nasty stuff would be. Currently, this is the DPS charts and a few other plugins.

    A general rule of thumb..... if all the plugin needs you to do is unzip it, and plop it in the plugins folder before you can use it, it's going to be a safe plugin. On the other hand, if a plugin requires you to drop it in the plugins folder AND run another program so it can function, then I'd be wary.
    Maley Oakensage, Captain of Elendilmir

    Alas Elendilmir, may you *jingle jangle* forever in the Forgotten West

  3. #3

    Re: LUA security

    Quote Originally Posted by Almagnus1 View Post
    A pure Lua script (that is, those without a helper program) is completely safe.
    The script itself is safe as long as it is pure Lua script. The acquisition of the script may compromise your system and account. The download file may have a infection source included in it. You get a Lua download that not a zip file - instead an installer. Or the zip contains other stuff like flash videos, Office documents or executable files be wary.

    One of the common ways of compromising people's PC is to attack a web site. You can get infected during the page loading process.
    Unless stated otherwise, all content in this post is My Personal Opinion.

  4. #4
    Join Date
    Dec 2007
    Location
    Seattle, WA
    Posts
    7,628

    Re: LUA security

    Quote Originally Posted by Yula_the_Mighty View Post
    The script itself is safe as long as it is pure Lua script. The acquisition of the script may compromise your system and account. The download file may have a infection source included in it. You get a Lua download that not a zip file - instead an installer. Or the zip contains other stuff like flash videos, Office documents or executable files be wary.

    One of the common ways of compromising people's PC is to attack a web site. You can get infected during the page loading process.
    Yeah, but if it's coming from somewhere like http://www.lotrointerface.com/, I would say safe enough not to give security a second thought, because each download is reviewed before it is published. Every plugin I've seen off of that site is a zip file.
    Maley Oakensage, Captain of Elendilmir

    Alas Elendilmir, may you *jingle jangle* forever in the Forgotten West

  5. #5

    Re: LUA security

    Here what I am scared of. Player A Tell other Players You need So so Plug in with Application. Yet unknown to the Other Players. Players A set a Bug or Virus into a good application or Player A think a Safe website downloads it. Says you can download from So and so Site. (Not talking about http://www.lotrointerface.com/) but a unknown site. It Take your User info. Collect all your PW Nick and so on. Or like World of warcraft. Your sent a website. that Looks close to lotro Or the Famus email Your password need to be changed. Go to this Unknown link to change it. Player B go oh ok. Trys to change it. Then the next Day all his Stuff is gone.

    I have tried downloading from http://www.lotrointerface.com had Red flag on programs. Just saying Unknown user.

    Be careful everyone be Safe.
    Last edited by Sammeek; Feb 04 2011 at 06:28 AM.

  6. #6
    Join Date
    Dec 2007
    Location
    Seattle, WA
    Posts
    7,628

    Re: LUA security

    Quote Originally Posted by Sammeek View Post
    I have tried downloading from http://www.lotrointerface.com had Red flag on programs. Just saying Unknown user.
    What did you download? What gave you the red flag?

    There could be a possible user conflict if the author didn't flag user rights correctly (a very rare, but possible problem with Windows).
    Last edited by Almagnus1; Feb 04 2011 at 05:40 PM.
    Maley Oakensage, Captain of Elendilmir

    Alas Elendilmir, may you *jingle jangle* forever in the Forgotten West

  7. #7
    Join Date
    Mar 2007
    Location
    underground
    Posts
    1,151

    Re: LUA security

    There have been virus problems due to downloading plugins for other games. It's just a matter of time before lotro and lotrointerface get targetted, if they haven't already. It's safest to play the game without the plugins.
    [center][COLOR=#00e0ed]WWHBD
    What Would Honey Badger Do[/center][/color][CENTER][FONT=Book Antiqua][SIZE=2][COLOR=cyan]____________________[/COLOR][/SIZE][/FONT][/CENTER]
    [CENTER][SIZE=2][FONT=Book Antiqua][COLOR=cyan] |[COLOR=yellowgreen] [u]Sinea 65 Loremaster[/u][color=black]_[/color] [/COLOR]|[/COLOR][/FONT][/SIZE][COLOR=cyan][/CENTER][CENTER][SIZE=2][FONT=Book Antiqua]|[color=black].[/color][COLOR=yellowgreen][u]Tylwythteg 65 Hunter[/COLOR][/u]|[/FONT][/SIZE][/CENTER]
    [CENTER][U][SIZE=2][FONT=Book Antiqua]|[COLOR=yellowgreen]Windfola [/COLOR]|[/FONT][/SIZE][/U][/COLOR][/CENTER]

  8. #8

    Re: LUA security

    Quote Originally Posted by Almagnus1 View Post
    What did you download? What gave you the red flag?

    There could be a possible user conflict if the author didn't flag user rights correctly (a very rare, but possible problem with Windows).
    Here the url Combat Analysis http://www.lotrointerface.com/downlo...nfo.php?id=502. I wanted to see How much space the Program use on screen. For me being on Two differnt Laptops a Alienware M11x laptop and a gateway 15.6 laptop. It take alot of space. Little room from Viewing for real combat. Guessing by looking at a Raid it would be less space.

    The one program I will be showing a friend becuse he a lotro nitwit is the Buffbar. At least you can adjust the size of the program. Basicly when to use heal pot and Moral pots lol.

  9. #9
    Join Date
    Apr 2007
    Location
    In your basement.
    Posts
    575

    Re: LUA security

    Only once has Lotrinterface been attacked and infected other Authors skins with a trojon horse program but that was immediate taking care of and since then they have installed security measure's.

    Since then there haven't been a compromise to the site or user plugins or skin mods since then.

    The only site that I can think of that gets more attacks is their wowinterface section but this is only my opinion.
    [LEFT][SIZE=4][FONT=comic sans ms][URL="http://www.youtube.com/user/Brygard2009"][COLOR=#696969]------------------------------------------------My Youtube Channel----------------------------------------------[/COLOR][/URL][/FONT][/SIZE]
    [IMG]http://s11.postimg.org/yiy6esbw3/Arken_Sn_H.png[/IMG]
    [/LEFT]

  10. #10

    Re: LUA security

    We have been running our sites for 8+ years now (since 2002) and have only once had a problem with a malicious upload becoming available to the public. This was in 2007. It was a complete fluke and we immediately informed the public as to the problem, as well as putting into place additional security measures beyond everything we had previously. The malicious files were removed from the site in less than 15 minutes from when we were first made aware of the problem, within 3 hours of them having gotten through our protections. Also, please note that the malicious files were ONLY on our WoWInterface site, nothing was actually compromised on any of our other sites, including LotROInterface.

    Every file that is uploaded to our site, whether new or update of an existing file, is manually checked by myself or one of our staff to verify what types of files are in the upload, as well as running virus checks on it, before they are released for download by the public. As well, we have automatic virus scans that run on our complete database every night.

    As mentioned by others, a pure addon can not hack your account. They are nothing more than text files, and potentially graphic files depending on the addon. In order for there to be something that can attack your account, it requires some form of an executable file. If all it has in it is .lua, .xml, .doc or .txt, .png or .tga files, they can't hurt your system. It would have to be .exe, .vbs, etc in order for it to put a malicious file on your system.

    All of that said, you should always be careful when using addons. Make sure you only ever download from reputable sites. Run your own virus check on any files you download. Be extremely careful if you choose to use any form of executable files.
    Last edited by Cairenn; Feb 15 2011 at 01:26 AM.
    [B]Cairenn[/B]
    [I]Credendo Vides[/I]
    Co-Founder & Admin: [URL="http://www.lotrointerface.com"]LotROInterface[/URL]
    Proud member of Turbine's [URL="http://www.lotro.com/community/fansitelistings/125-fansite-listing"]Premier Fansites[/URL]

 

 

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •  

This form's session has expired. You need to reload the page.

Reload