MUD Security checklist for MUDs

Verify the MUD process runs under a dedicated user account with no sudo privileges and restricted shell access.

Disable root login, enforce SSH key-based authentication, and move the SSH port from the default 22.

Configure iptables or ufw to drop all incoming traffic except for the game port, SSH port, and necessary web ports.

Deploy Fail2Ban to monitor game logs and SSH logs for brute-force patterns, automatically banning offending IPs.

Enable unattended-upgrades for the host OS to ensure kernel and library security patches are applied automatically.

Replace all instances of strcpy, strcat, and sprintf with strlcpy, strlcat, and snprintf to prevent buffer overflows.

Compile the codebase using GCC flags -fstack-protector-all and -D_FORTIFY_SOURCE=2 to detect stack smashing.

Ensure every command input buffer has a hard character limit that matches the MAX_INPUT_LENGTH defined in the headers.

Run the MUD through Valgrind in a staging environment to identify and fix invalid memory writes and leaks.

Audit all log and send_to_char calls to ensure user-provided input is never used as the format string argument.

Migrate from plaintext or MD5 passwords to Argon2 or bcrypt with unique per-player salts.

Set player file (pfile) directory permissions to 700 and file permissions to 600, owned by the MUD service user.

Encrypt sensitive player data like email addresses at rest using AES-256 if stored in the pfile or database.

Strip ANSI escape sequences from player-provided strings like titles or descriptions to prevent terminal hijacking.

Ensure the 'quit' command explicitly clears sensitive session data from memory and properly closes the socket.

Implement a limit on the number of concurrent connections allowed from a single IP address to prevent socket exhaustion.

Throttle the rate of new connection attempts to the game port to mitigate automated connection flooding.

Enable Telnet over SSL/TLS (MUDTLS) to protect player credentials from packet sniffing on open networks.

Set a timeout for Telnet negotiations; drop connections that fail to complete the handshake within 10 seconds.

Route game traffic through a proxy or GRE tunnel to hide the origin server's IP address from public view.

Verify that item 'give', 'get', and 'put' operations use atomic logic to prevent duplication via interrupted transactions.

If using system() or popen() for external scripts, escape all shell characters or use execv() with an argument array.

Implement an automated save of both the source and target player files immediately following a high-value item transfer.

Enforce a maximum nesting depth for containers to prevent stack overflow crashes during recursive inventory lookups.

Apply global rate limits to resource-intensive commands like 'who', 'where', and global socials to prevent CPU spiking.

Log every command executed by players with elevated privileges (Wizards/Immortals) to a read-only external log.

Create an automated alert for any gold or currency transfer exceeding 25% of the average player wealth.

Automate a nightly encrypted backup of player files and world data to a geographically separate storage location.

Configure the OS to restrict core dump access to the admin group to prevent memory inspection by unauthorized users.

Maintain a list of SHA-256 hashes for game binaries and critical data files to detect unauthorized modifications.