Hi Howard,

First of all, I want to let you know this is no criticism of the project. On SETI@home there have been a number of hacks and cheats on it lately, so I thought it would be good to give you an opportunity to talk about what kind of security measures to prevent cheating and hacking?

They've been discussed in various spots in the forums in the past, but I thought a round-up would be a good refresher plus a possible way to convert some of the SETI people who are getting tired of the cheats and hacks in S@H.

Some of the things that could be addressed are: artifical inflating of stats, hacking of the charts, and stealing accounts,. But feel free and encouraged to expand beyond these few suggestions.

Thanks,

RuneStar½

Originally posted by runestar½
Hi Howard,

First of all, I want to let you know this is no criticism of the project. On SETI@home there have been a number of hacks and cheats on it lately, so I thought it would be good to give you an opportunity to talk about what kind of security measures to prevent cheating and hacking?

They've been discussed in various spots in the forums in the past, but I thought a round-up would be a good refresher plus a possible way to convert some of the SETI people who are getting tired of the cheats and hacks in S@H.

Some of the things that could be addressed are: artifical inflating of stats, hacking of the charts, and stealing accounts,. But feel free and encouraged to expand beyond these few suggestions.

Thanks,

RuneStar½
One protection that would prevent the repeated submission of identical structures from being successful is the fact that the top structure for an individual is immediately and publicly available. If someone is producing a huge number of new units, but still has a very poor top protein rms in comparison to other individuals after a substancial period of time, this woud be a red flag that something fishy is likely to be going on with that individual. This protection actually works effectively against most cheats. You can be fairly certain a large producer is definately getting at least most of his production legitimately if he is consistantly getting extremely good protein structures. There really isn't anyway to get great protein structures with any cheating techniques, and this means cheating on a massive scale should be obvious and be releatively easy to catch.

One protection that would prevent the repeated submission of identical structures from being successful is the fact that the top structure for an individual is immediately and publicly available. If someone is producing a huge number of new units, but still has a very poor top protein rms in comparison to other individuals after a substancial period of time, this woud be a red flag that something fishy is likely to be going on with that individual.
Depends upon what you mean by "producing a huge number of new units".

I seem to be missing out on good protein structures. The second upload I did on the current protein established my "best mark" of 10.77. In the weeks since then I have submitted millions of structures -- but my "best mark" is still 10.77.

I hope that you would consider the possibility that I'm having bad luck, before "red flagging" me based on what I am submitting.

mikus (using the Linux gcc client)

Originally posted by Mikus

Depends upon what you mean by "producing a huge number of new units".

I seem to be missing out on good protein structures. The second upload I did on the current protein established my "best mark" of 10.77. In the weeks since then I have submitted millions of structures -- but my "best mark" is still 10.77.

I hope that you would consider the possibility that I'm having bad luck, before "red flagging" me based on what I am submitting.

mikus (using the Linux gcc client)
I'm talking about how people that have produced millions of units per day having good protein structures as their best. If someone has been producing millions of structures per day, but has a best protein structure of 15 rms with the current protein, that would be a red flag. If you pay attention to who makes the top ten list of best protein structures most often, its the top producers. Your protein structure level is within what you expect for your production. If your current best was a 19.6 rms, I would be wondering what was going on.

I have thought about this carefully and there are numerous measures in place in regards to cheating as the accuracy and integrity of the data is important in a scientific experiment such as this. In a general sense firstly, we know (have shown, in fact) that RMSD fits an Extreme Value Distribution. Thus if we plot it at the end of a protein and it fits an EVD, we can be reasonably sure no cheating went on.

On a more individual basis though, there are several factors, which I wont go into great detail about of course (who says security by obscurity doesn't work :D )
For one, servers detect duplicate data that has already been uploaded and will not credit it (surely you know this already if you've tried).
The files you upload are signed and thus cannot be trivially modified to inflate your production, or change your RMSD or they will be rejected by the server. And even if you DID manage to cheat, we'd notice pretty quickly.
The server also rejects any data uploaded that is, lets just say, the slightest bit fishy. If you tried to forge an upload packet, it would have to be flawless in every way (whatever that means :eek: ).
We allow only alpha-numeric characters in usernames, team names, etc. to avoid malicious HTML/Javascript appearing on the stats pages etc.
Your handle is very private and never revealed anywhere on the site, so as long as you keep it secret, it is difficult for someone to hijaak your account. Similarly passwords are stored encrypted so no one can touch them.
Lastly, the server itself is quite robust. I believe it is on its own sub-network so there's no back door machines into it, and if you have already taken the liberty of port-scanning it, well you wouldn't find out much. Web servers always have periodic security threats but as long as these get patched quickly they're generally not a problem.
I honestly don't know if anyone has tried to cheat/hack us so far, but I do know that no one has succeeded yet. (No, thats not a challenge..)

Thanks Brian,

That's a nice little round-up especially for the newer people.

Best,

RuneStar½