I am happy to announce the merger of the competitive palace-pserver
and palace-server groups but due to limitations placed on directly
adding members to groups I can't just add everybody to the palace-
server list. So if your not already on it please join as I will be
disabling the incoming message features on this group and setting it
into archive mode this friday.

Welcome to a new era of cooperation in the online palace community.

Palace-Server-subscribe@yahoogroups.com
http://groups.yahoo.com/groups/palace-server/

Bond

  Greetings one and all:
It seems all of my palace pallets seem to be faulty now. I've tried
5 different palletes, and even gone so far as to delete and re-unzip
them, but to no avail. I am at a loss, and would appreciate any help
with getting the palettes back and working


We do not allow unsolicited, bulk, commercial email and actions will be taken against those posting anything that is not Palace related.cial email and actions will be taken against those posting anything that is not Palace related.

Yahoo! Groups Links

To visit your group on the web, go to:
 http://groups.yahoo.com/group/palace-pserver/

To unsubscribe from this group, send an email to:
 palace-pserver-unsubscribe@yahoogroups.com

Your use of Yahoo! Groups is subject to:
 http://docs.yahoo.com/info/terms/

Greetings one and all:
It seems all of my palace pallets seem to be faulty now. I've tried
5 different palletes, and even gone so far as to delete and re-unzip
them, but to no avail. I am at a loss, and would appreciate any help
with getting the palettes back and working

To stop the fast connection type of flood attack, turn `poundprotect on and `poundcheckinterval to 1. As for the other types of flooding, I wasn't aware of those but if they are indeed actual floods, it would be much easier just to make fixes to Plugall or set limits on the use of those commands (i.e., once every 30 seconds or whatever).
 
Let Bill know of the plugin problems with Plugall:
 
frantz@...
 
Cheers,
Doug
 

----- Original Message -----

From: Cyberflow

To: palace-pserver@yahoogroups.com

Sent: Sunday, January 04, 2004 11:11 PM

Subject: Re: [palace-pserver] GateLogon Suggestion ...

Hi there to you,

When creating new plugins, it created new possibility of flood too. I think it could be a 'plus' to have that plug-in modified to be more improved, it won't do any harm if he makes it a 'multi-facated plugin' ....

Fast reconnection type of flood attack, with sometimes a few addons like changing prop, or using the chatgoto in plugall, these function in plugall : setcolor, setface, gpage, setpos, nakend, dress, move ... and i'm maybe forgetting some ..

Thanx for the time.

We do not allow unsolicited, bulk, commercial email and actions will be taken against those posting anything that is not Palace related.cial email and actions will be taken against those posting anything that is not Palace related.


Yahoo! Groups Sponsor
ADVERTISEMENT
 

---

Yahoo! Groups Links

• To visit your group on the web, go to:
• http://groups.yahoo.com/group/palace-pserver/
•  
• To unsubscribe from this group, send an email to:
• palace-pserver-unsubscribe@yahoogroups.com
•  
• Your use of Yahoo! Groups is subject to the Yahoo! Terms of Service.

----- Original Message -----

From: Cyberflow

To: palace-pserver@yahoogroups.com

Sent: Sunday, January 04, 2004 11:11 PM

Subject: Re: [palace-pserver] GateLogon Suggestion ...

Hi there to you,

When creating new plugins, it created new possibility of flood too. I think it could be a 'plus' to have that plug-in modified to be more improved, it won't do any harm if he makes it a 'multi-facated plugin' ....

Fast reconnection type of flood attack, with sometimes a few addons like changing prop, or using the chatgoto in plugall, these function in plugall : setcolor, setface, gpage, setpos, nakend, dress, move ... and i'm maybe forgetting some ..

Thanx for the time.

This has been suggested by someone named Ritchy on the Palace Plugins message board, but I don't think it's worthwhile. GateLogon was not intended to be an advanced, multi-facated plugin. It was created as a simple plugin to force all sign-ons in the gate. It was patterned after nowizlogon.
 
It's not really a security plugin, so it is classified as optional and you don't have to use it. However, with all the plugins we have now, we've eliminated every form of flood there is. What "flood attack" are you referring to?
 
Cheers,
Doug
 

----- Original Message -----

From: Cyberflow

To: [Palace-Pserver]

Sent: Sunday, January 04, 2004 7:08 PM

Subject: [palace-pserver] GateLogon Suggestion ...

Hi there,

Just wanted to know what the creators think about my suggestion of creating a list for the plugin that allows those in the list to log somewhere else with the plug-in activated during a flood attack or something ....

Btw Doug, no one responded on your forum.

Ciao ...

Happy New year btw :) ...

________________________________

?Cyberflow ©¿

Palace.Giganetweb.Com

Administrateur

Web: http://www.palace.giganetweb.com/

Email: cyberflow@...

We do not allow unsolicited, bulk, commercial email and actions will be taken against those posting anything that is not Palace related.cial email and actions will be taken against those posting anything that is not Palace related.


Yahoo! Groups Sponsor
ADVERTISEMENT

---

Yahoo! Groups Links

• To visit your group on the web, go to:
• http://groups.yahoo.com/group/palace-pserver/
•  
• To unsubscribe from this group, send an email to:
• palace-pserver-unsubscribe@yahoogroups.com
•  
• Your use of Yahoo! Groups is subject to the Yahoo! Terms of Service.

----- Original Message -----

From: Cyberflow

To: [Palace-Pserver]

Sent: Sunday, January 04, 2004 7:08 PM

Subject: [palace-pserver] GateLogon Suggestion ...

Hi there,

Just wanted to know what the creators think about my suggestion of creating a list for the plugin that allows those in the list to log somewhere else with the plug-in activated during a flood attack or something ....

Btw Doug, no one responded on your forum.

Ciao ...

Happy New year btw :) ...

________________________________
?Cyberflow ©¿
Palace.Giganetweb.Com
Administrateur
Web: http://www.palace.giganetweb.com/
Email: cyberflow@...

Thanks Doug for the kind  thoughts!  Yes, this is a very special time
for Barbara's Colorado and NetherCastle!
Regards,
Barbara

----- Original Message -----
From: "Doug Mehus" <doug@...>

> Hi Barb:
>
> This is great news! I'm glad to see that two beautifully designed
Palaces, NetherCastle and Barbara's Colorado, are officially "together"
at last. I'm sure it will continue to ensure the longevity of these
Palaces now that they reside in one location. The long-term stability of
the Palace Chat community has been strengthened with this move.
>
> Please keep us informed of your "doings," ventures, and other tidbits.
I, and I'm sure many others, love hearing from you. So thanks again. :)
>
> Cheers,
> Doug

> ----- Original Message -----
> From: "Barbara Eisner" <barbeisner@...>
> To all our friends in PalaceSpace--
>
> It gives me great pleasure to announce, as of now, the Merger of
> "Barbara's Colorado" with "NetherCastle"!!
>
> This merger has been in the works for some  time now.  It will bring
> together two palaces that have always been closely connected as many
of
> you may already know!
>
> To get to Barbara's Colorado, simply log on to "NetherCastle"
> (131.211.150.181:9998) and click on the sign "To Barbara's Colorado".
> That's all!  Essentially now we're together on Peter's server in
> Holland!  Wish us luck!
>
> Oh yes,  you may also find me in ActiveWorlds.  I have a world named
> Amberlin and it's a "tourist-friendly" world.  I'd love to have you
> visit--if you need help, please email me and we'll have you fixed up!!
>
> Warm regards,
> Barbara Eisner
> aka Lady Barbara

Hi Barb:

This is great news! I'm glad to see that two beautifully designed Palaces,
NetherCastle and Barbara's Colorado, are officially "together" at last. I'm sure
it will continue to ensure the longevity of these Palaces now that they reside
in one location. The long-term stability of the Palace Chat community has been
strengthened with this move.

Please keep us informed of your "doings," ventures, and other tidbits. I, and
I'm sure many others, love hearing from you. So thanks again. :)

Cheers,
Doug

P.S. The Script Barn mailing list no longer exists, so you might to remove it
from your e-mail program's address book. Also, the PUG Announce address is
actually pug-announce@yahoogroups.com. I'm not sure if Yahoo! Groups still
forwards @egroups.com mail to @yahoogroups.com. If it does, you're most likely
on moderation on PUG Announce and I strongly urge Bond to remove the
aforementioned moderation.

----- Original Message -----
From: "Barbara Eisner" <barbeisner@...>
To: "Scriptbarn" <scriptbarn@...>; "PalacePioneers"
<PalacePioneers@yahoogroups.com>; "PalDevGroup" <PalDevGroup@yahoogroups.com>;
"Palace--Announce" <pug-announce@egroups.com>; "Palace--Pserver"
<palace-pserver@yahoogroups.com>
Sent: Wednesday, November 19, 2003 12:18 PM
Subject: [palace-pserver] Barbara's Colorado Merged With NetherCastle!!

To all our friends in PalaceSpace--

It gives me great pleasure to announce, as of now, the Merger of
"Barbara's Colorado" with "NetherCastle"!!

This merger has been in the works for some  time now.  It will bring
together two palaces that have always been closely connected as many of
you may already know!

To get to Barbara's Colorado, simply log on to "NetherCastle"
(131.211.150.181:9998) and click on the sign "To Barbara's Colorado".
That's all!  Essentially now we're together on Peter's server in
Holland!  Wish us luck!

Oh yes,  you may also find me in ActiveWorlds.  I have a world named
Amberlin and it's a "tourist-friendly" world.  I'd love to have you
visit--if you need help, please email me and we'll have you fixed up!!

Warm regards,
Barbara Eisner
aka Lady Barbara

To all our friends in PalaceSpace--

It gives me great pleasure to announce, as of now, the Merger of
"Barbara's Colorado" with "NetherCastle"!!

This merger has been in the works for some  time now.  It will bring
together two palaces that have always been closely connected as many of
you may already know!

To get to Barbara's Colorado, simply log on to "NetherCastle"
(131.211.150.181:9998) and click on the sign "To Barbara's Colorado".
That's all!  Essentially now we're together on Peter's server in
Holland!  Wish us luck!

Oh yes,  you may also find me in ActiveWorlds.  I have a world named
Amberlin and it's a "tourist-friendly" world.  I'd love to have you
visit--if you need help, please email me and we'll have you fixed up!!

Warm regards,
Barbara Eisner
aka Lady Barbara

Greetings,

I have a question, please.

Is there a way to write a global script, or to modify my existing
global censor script, so that if a person says one of the words in
the script, they will automatically be tossed out or "killed" from
the chat?

Thanks for your help.

@-->-->--

Ali-Co Palace Tools has been down for awhile. The "ali-co.com" domain name
expired and is about to enter Redemption Grace Period, if it hasn't already.
However, it looks like Alissa purchased "ali-co.org" and is planning on
bringing the website back up at that address.

Right now, it's just the default Apache Web server template site, but keep
your bookmarks up to date with:
http://www.ali-co.org/

Also, you might try e-mailing Alissa at alissa@....

Cheers,
Doug

----- Original Message -----
From: "For me to know and you to find out" <ghost_dog3055@...>
To: <palace-pserver@yahoogroups.com>
Sent: Friday, October 31, 2003 1:11 AM
Subject: [palace-pserver] Ali-co

I have been trying to look for the ali-co program and I cannot seem
to find it -- all the links are dead. Does this site still even exist?
And why isn't there any 98 plugins for Palace?

I have been trying to look for the ali-co program and i cannot seem
to find it, all the links are dead. Does this site still even exsist?
And why isn't there any 98 plugings for palace?

----- Original Message -----

From: Doug Mehus

To: palace-pserver@yahoogroups.com

Sent: Tuesday, October 14, 2003 9:48 PM

Subject: [palace-pserver] Re: MESSAGE TO GROUP FROM BOND

Hi Folks:

The situation has been taken care of. Bond is the owner of this group
(and other groups); Moonshine continues as moderator.

I was temporarily administering the groups with authorization from
Fink and it was mutually understood between us that if he ever wanted
control of his groups back, it would be done in an instant. Bond has
assured me that he will continue that promise and return the groups
to Fink should he ask.

I have the utmost confidence in Bond as owner and that he will
continue Fink's legacy. You're now returned to your regularily
scheduled mail (or spam, whichever comes first).

Cheers,
Doug


------------------------ Yahoo! Groups Sponsor ---------------------~-->
Buy Ink Cartridges or Refill Kits for your HP, Epson, Canon or Lexmark
Printer at MyInks.com. Free s/h on orders $50 or more to the US & Canada.
http://www.c1tracking.com/l.asp?cid=5511
http://us.click.yahoo.com/mOAaAA/3exGAA/qnsNAA/JHFolB/TM
---------------------------------------------------------------------~->

To unsubscribe from this group, send an email to:

palace-pserver-unsubscribe@yahoogroups.com

We do not allow unsolicited, bulk, commercial email and actions will be taken against those posting anything that is not Palace related.

Your use of Yahoo! Groups is subject to http://docs.yahoo.com/info/terms/

Hi Folks:

The situation has been taken care of. Bond is the owner of this group
(and other groups); Moonshine continues as moderator.

I was temporarily administering the groups with authorization from
Fink and it was mutually understood between us that if he ever wanted
control of his groups back, it would be done in an instant. Bond has
assured me that he will continue that promise and return the groups
to Fink should he ask.

I have the utmost confidence in Bond as owner and that he will
continue Fink's legacy. You're now returned to your regularily
scheduled mail (or spam, whichever comes first).

Cheers,
Doug

I am calling for the resignation of Doug Mehus. I do not recognize his
authority over this group reguardless of what the moderator list
shows. The last inappropriate post on Palace-Client was allowed due to
his access through unauthorized ownership status, all security
measures within Palace-Client, Palace-Iptscrae, and Palace-PServer
have been compromised till further notice from me.

I will stand for his actions and I will will not back down.

Bond

I will reply to you privately, given the sensitivity of this problem. Please
expect a response from me.

Thanks,
Doug

Doug Mehus (doug@...)
Executive Director
The Palace Legacy Project
http://www.palacechat.us/

----- Original Message -----
From: "DollieGirl" <dolliegirl@...>
To: <palace-pserver@yahoogroups.com>
Sent: Monday, September 15, 2003 4:39 AM
Subject: [palace-pserver] buffer overflow vulnerabilities?

Greetings,

Does anyone know of any history of buffer overflow vulnerability
attacks against palace server?

Twice within the last week, I have tried to log in to my hosted
palace, only to find the god password has been changed.  I did not
change the password, my host did not change the password.  There are
no password changes indicated in the log.

However... what I do see in the log - over the course of the week -
is that one particular person keeps spawning instant palace session
after instant palace session after instant palace session...

They keep doing this even after the server has noted that the maximum
number of duplicate IP address sessions permitted has been exceeded.

Other than these attempts, the person never tries to log on, they
don't spend any time actually chatting, they have no history of
having been a regular visitor.

I confess I have not yet gotten my CISSP but I do have a few years of
infosec training and work on my resume, so it seems to me that the
behavior patterns indicate an attempt to exploit a buffer overflow
vulnerability.

I don't know if those attempts are related to the god password having
been changed, but it appears to be a likely cause.

Any ideas along either path?  Of god passwords mysteriously changing,
or of people attempting to use excessive instant palace sessions to
achieve a buffer overflow, and thereby giving them access to the
server?

I have banned the person in question, but no doubt if they are
serious about what they are trying to do, they will probably just get
themselves a fresh IP address and try it again...

Ideas, thoughts, info will be much appreciated.

(please use elf_spirit@... or dollieden@... if you
want to reply to me personally rather than to the group, I shut down
my dolliegirl@... email address several weeks ago as I
grew tired of waiting on Norton's to filter through hundreds of
blaster related emails - Nortons does a good job getting rid of it,
but you still have to wait while it does its thing)

Blessings and *hugs*

DollieGirl
elf_spirit@...

mycartoondolls.palacebox.com : 9999
*hugs*

Greetings,

Does anyone know of any history of buffer overflow vulnerability
attacks against palace server?

Twice within the last week, I have tried to log in to my hosted
palace, only to find the god password has been changed.  I did not
change the password, my host did not change the password.  There are
no password changes indicated in the log.

However... what I do see in the log - over the course of the week -
is that one particular person keeps spawning instant palace session
after instant palace session after instant palace session...

They keep doing this even after the server has noted that the maximum
number of duplicate IP address sessions permitted has been exceeded.

Other than these attempts, the person never tries to log on, they
don't spend any time actually chatting, they have no history of
having been a regular visitor.

I confess I have not yet gotten my CISSP but I do have a few years of
infosec training and work on my resume, so it seems to me that the
behavior patterns indicate an attempt to exploit a buffer overflow
vulnerability.

I don't know if those attempts are related to the god password having
been changed, but it appears to be a likely cause.

Any ideas along either path?  Of god passwords mysteriously changing,
or of people attempting to use excessive instant palace sessions to
achieve a buffer overflow, and thereby giving them access to the
server?

I have banned the person in question, but no doubt if they are
serious about what they are trying to do, they will probably just get
themselves a fresh IP address and try it again...

Ideas, thoughts, info will be much appreciated.

(please use elf_spirit@... or dollieden@... if you
want to reply to me personally rather than to the group, I shut down
my dolliegirl@... email address several weeks ago as I
grew tired of waiting on Norton's to filter through hundreds of
blaster related emails - Nortons does a good job getting rid of it,
but you still have to wait while it does its thing)

Blessings and *hugs*

DollieGirl
elf_spirit@...

mycartoondolls.palacebox.com : 9999
*hugs*

I am having trouble hiding my palace server. I can click the Show an
icon and Hide at startup check boxes, but when I click ok and then
shut down the server, and then bring it back up, it won't do it.
When I re-install the server software it will do it, but when I put
my pserver.prp file back in it stops hiding. I would like to know
why or what is wrong with my prp file. I purged the props and still
nothing works. Please Help

Aaron

> But until now, I do not know what version strings Phalanx clients send.

<--- Phalanx sends 350211, I believe. Most likely, it sends this code so that
uneducated Palace owners don't ban it, thinking it is some kind of modified
Palace software.

As I said though, in all cases, when the Palace client is modified, all that can
be modified is the GUI itself. So these threats from this unruly user are
nothing more a bunch of hot air. The only program with the potential of causing
problems for server owners is ProtoKill, and that is blocked by BlockAll.

Cheers,
Doug

At 22.08.03 01:24, you wrote:
>Greetings,
>
>In my logs, all of the people who sign in using the palace client,
>their logins look like this:
>
>08/20/2003 21:55:12 {ABNGGGG} {ZFBNNFBEOF} SignOn
>67.20.104.179 "350211" "32Bit Windows" "Blinky"
>
>See the "350211"?
>
>There is one person who has been threatening to hack my palace, and
>his logins look like this:
>
>08/20/2003 20:55:51 {FDDBNGG} {ZIOEFCDOH} SignOn 64.91.122.66 "820
>0" "32Bit Windows" "CLØÙÐ §trif£®"
>
>See the "820 0"?
>
>This person's logons are the only ones out of hundreds of them that
>show "820 0" instead of "350211".
>
>Anyone have any idea of what that might mean?

This is hacked Palace client Software. Unfortunately the blockall plugin
does not block these kind of Hacks. As you can see in you 'list command
output, the author changed the version String to "820 0" which is different
from any kind of legal palace client. You can see by this string that
without any doubt it is no original legal Palace client.

But until now, I do not know what version strings Phalanx clients send.


Mit freundlichen Grüßen
Regards

amo
--
pgm amoris - Das interaktive Erlebnis im Internet
_________________________________________________
http://ws.pgm.amoris.org

This means that the person is using Palace software not sanctioned or built by
its original owner, Communities.com. It has likely had its GUI (Graphical User
Interface) modified and functionality changed to allow extra character map
characters ("alt codes"). Don't worry, nothing more can be changed to the client
without making its protocol incompatible with the current Palace servers.
Therefore, his threats are nothing more than the usual, "I'm tough! Hear me
roar!" mentality. Essentially, he's blowing hot air from both ends.

If his client has been modified to allow extra character map characters in his
screen name, he can be blocked by adding, or having your Palace host add, the
BlockAll plugin. You're with Palacebox.com so send e-mail to Joe © at
admin@....

Cheers,
Doug

--
Doug Mehus
doug@...

----- Original Message -----
From: "DollieGirl" <dolliegirl@...>
To: <palace-pserver@yahoogroups.com>
Sent: Thursday, August 21, 2003 4:24 PM
Subject: [palace-pserver] question about log-ons

Greetings,

In my logs, all of the people who sign in using the palace client,
their logins look like this:

08/20/2003 21:55:12 {ABNGGGG} {ZFBNNFBEOF} SignOn
67.20.104.179 "350211" "32Bit Windows" "Blinky"

See the "350211"?

There is one person who has been threatening to hack my palace, and
his logins look like this:

08/20/2003 20:55:51 {FDDBNGG} {ZIOEFCDOH} SignOn 64.91.122.66 "820
0" "32Bit Windows" "CLØÙÐ §trif£®"

See the "820 0"?

This person's logons are the only ones out of hundreds of them that
show "820 0" instead of "350211".

Anyone have any idea of what that might mean?

Thanks very much

www.mycartoondolls.palacebox.com:9999