Zugg Software :: View topic

Beginner Joined: 19 Mar 2005 Posts: 17 Location: TorilMUD

Hi all, I've got a simple trigger that I can't seem to figure out a way to prevent abuse of!

#trig {^(%w) has just given you * consent.} {group %1}

Now, here's the abuse being committed, via emote:

CertainSomeone ;#trig {CertainSomeone tells you '(%1)'} {%1;#gag}; has just given you his consent.

As you can tell, this sets up a robot to make the person manipulate me any way they see fit.

So, my question of the day is: How do you prevent trigger abuse from within the middle of a trigger text?

SubAdmin Joined: 18 Nov 2001 Posts: 5182

Start by using quotes.
#trig {^(%w) has just given you * consent.} {group "%1"}
The quotes should be stripped when the command is sent by zMud. The quotes will also prevent special character from being interpretted.

In the particular trigger you described, the extra offensive text should not even have been captured. In fact, the trigger shouldn't have even matched. So I can suggest no further improvements there.

Beginner Joined: 19 Mar 2005 Posts: 17 Location: TorilMUD

I am aware of this. Using quotes did not fix the problem either. What this emote is doing is essentially forcing the trigger to fire, breaking it in the middle with a separate creation of a trigger.

I tested the string myself, and it does not match. But it's only not matching the "group %1" command.

Abusing it myself using #say to emulate the emote, here's what I was able to deduce.

#say Someone ;#trig {Someone tells you '(%1)'} {%1;#gag}; has just given you his consent.

The output is:

Someone (cyan ansi from the #say)
<newline>
has just given you his consent. (yellow ansi as though it were a mud command)
Pardon? <-- result of invalid command

I open the triggers section, and sure enough, there's a nice little robot trigger for Someone to tell me to do whatever they want.

Adept Joined: 30 Dec 2003 Posts: 226

It looks like the problem is in your testing. When you do that line, the all the ";" are being evaluated right then. So it's the same as sending:

#say Someone
#trig {Someone tells you '(%1)'} {%1;#gag}
has just given you his consent.

Unless you use ~ in front of them, those semi-colons are getting evaluated in the command line.

Beginner Joined: 19 Mar 2005 Posts: 17 Location: TorilMUD

I'm not trying to abuse a trigger...this trigger is mine, and it's being abused in that manner. I'm trying to figure out how to prevent it, not ask the abuser to use a tilde in front of their semicolons. Razz

Wizard Joined: 15 Jan 2002 Posts: 1644 Location: USA

Until someone figures out a way to get around this I would report this to your mud admins as a form of harrasment. Once is mischief, twice is harrasment and most muds have severe penalties for harrasment.

I will see what I can come up with tommorow but I lack the time right now.

Wizard Joined: 25 Mar 2003 Posts: 1113 Location: USA

As Vijilante said, the pattern you showed in your post, Yasden, wouldn't even match such a message as this emote. The only way I would think it could be abused is if you used the %* wildcard instead, which everyone knows by now is a big no-no.

Beginner Joined: 19 Mar 2005 Posts: 17 Location: TorilMUD

It doesn't match. I already said that. It doesn't match the intended output, which is "group %1".

What it *does* do, though, is read the syntax between the semicolons and sets up a nice little robot trigger.

----------
Normal trigger:

Joe has just given you his consent.
group Joe
----------

----------
Someone abusing the trigger:

Someone ;#trig {Someone tells you '(%1)'} {%1;#gag}; has just given you his consent.

Someone
Pardon?
<insert new trigger code>
has just given you his consent.
Pardon?

Someone tells you 'say i'm a robot now' <-gagged
You say 'i'm a robot now'
Someone tells you 'shout i'm a moron' <-gagged
You shout 'i'm a moron'
----------

That's what I'm trying to prevent.

Once again, my actual trigger is this:

#trig {^(%w) has just given you * consent.} {group %1}

I'm using 7.13, too.

Wizard Joined: 15 Jan 2002 Posts: 1644 Location: USA

I just live tested this with an outside source and cannot reproduce? do you have any other triggers that might cause something like this?

Posted: Thu Sep 01, 2005 1:55 am

I'm with the others in that this should not be happening, since the patterns don't match. But I will propose 4 things here:

1) Perhaps you have another trigger which is actually the one being abused? This seems most likely to me.

2) Try getting a bit more specific in your trigger. I am not sure what MUD you play, what pattern you are matching, but I can't figure out why you've got a wildcard in that trigger. It seems to me that there's not that many combinations of wording you could be replacing that properly fit into that sentence. Perhaps simply putting those words into a string variable, and then matching that? For example:

GURU Joined: 10 Oct 2000 Posts: 873 Location: USA

Apprentice Joined: 10 Feb 2005 Posts: 158

Since the wildcard is the issue remove it and make your trigger more specific.

#trig {^(%w) has just given you {his|her} consent.$} {group %1}

Beginner Joined: 19 Mar 2005 Posts: 17 Location: TorilMUD

I've added the $ to the end, I've edited the wildcard to say {his|her|its}, and I'm still having this problem.

There is no other trigger it's manipulating. I'm using a copy of zMUD from 6-15-05...is that the one prior to 7.13b? Maybe it's a setting in the trigger itself or perhaps in zMUD?

I play TorilMUD (torilmud.org 9999), aka Sojourn.

Just to note, I use a #say in front of that test string (the abusive one) live, while in the MUD, to emulate someone doing it. If a player is actually consenting, it does work.

SubAdmin Joined: 18 Nov 2001 Posts: 5182

To actually emulate someone sending this try using:
#say "Bob ; #trig {Bob tells you '%1'} {%1;#gag}; has just given you his consent."

As Aarolot said: