Deprecated: preg_replace(): The /e modifier is deprecated, use preg_replace_callback instead in /home/cflynn/public_html/forum/Sources/Load.php(225) : runtime-created function on line 3
IMPORTANT: Beta Signups Suspended
Faery Tale Online Forum
August 21, 2017, 12:59:41 AM *
Welcome, Guest. Please login or register.
Did you miss your activation email?

Login with username, password and session length
News:

Home

 
   Home   Help Search Calendar Login Register  
Pages: [1] 2 3 4
  Print  
Author Topic: IMPORTANT: Beta Signups Suspended  (Read 23533 times)
0 Members and 1 Guest are viewing this topic.
Lumin
Administrator
*****
Posts: 1867

The Architect


View Profile WWW Email
« on: January 31, 2009, 04:17:16 AM »

I am temporarily suspending new player sign-ups as we have far more than enough players than we can handle for the time being.

Also, the game was hacked today by a member of the player base.  This person has been permanently banned from the forums and the website and I have reported him to the FBI.

He sent me a list of things he had hacked into.  It appears that he only toyed with in-game data, but as a precaution, when the game allows user logins again, everyone should immediately change their game passwords.  By the way, passwords are and always have been encrypted.

The site already had security in place to prevent hacking, but obviously I want to spend some more time on it.

I plan to spend the next few weeks leaving no stone unturned to make sure this does not happen again.  Until then, I cannot allow players to log-in or sign-up.  If you have a character in-game, they will be frozen and game time is not progressing.  If you are in the player queue, and waiting to be born, your queue position will not change.

It saddens me that one person has to ruin things for everyone, but perhaps it is better that we solve this now rather than later.  I will not tolerate hacking in any shape or form, whether it be benign or malicious.  It is a breach of the user agreement, and a federal crime and I will not hesitate to immediately report offenders to law enforcement.
« Last Edit: February 01, 2009, 03:54:58 AM by Lumin » Logged

Faery Tale Online
Tell Your Story, Leave Your Legacy
Vatican
Game Moderator
*
Posts: 584


And yet, for some damn reason, I'M STILL HERE

anubis7898
View Profile WWW Email
« Reply #1 on: January 31, 2009, 04:26:40 AM »

there is only one reaction I have to this.

RAAAAGGGGGGGEEEEEEEE  Angry

then again, higher security measures are a must, plus I guess it will give you some time to perfect some things before FTO is live again. till then some of the other players who were able to get in can sit back, compair notes, and probably come up with some decent ideas on how to make FTO even better!

Patience is a Virtue friends!
« Last Edit: January 31, 2009, 04:48:00 AM by Vatican » Logged

While your waiting for that next tick..

patroklos
Feedback
*
Posts: 478


^_^


View Profile Email
« Reply #2 on: January 31, 2009, 04:46:56 AM »

Holy crap! Shocked Shocked Shocked

By all means, take any actions necessary.
Logged



Okay, the creepy is somewhat in abeyance.  I have correspondingly downsized the cute, so instead of one adorable otter pup there is a flotilla of older otters.
Seko
**
Posts: 193


okarrdess
View Profile
« Reply #3 on: January 31, 2009, 04:50:19 AM »

It's a good thing that the vulnerability was discovered but a bad thing that there was a vulnerability in the first place, that someone would choose to abuse it and that the game will have to be unaccessible for so long. Was it some active member of the community or just some lurker?

Also good thing I used a completely different password than on any other site (I have a bad habit of recycling old ones).  Although I'm going to miss my password, it was quite witty and I'd say more secure than my usual passwords.
Logged

Gantolandon
*
Posts: 61


View Profile Email
« Reply #4 on: January 31, 2009, 05:20:19 AM »

Quote
Also good thing I used a completely different password than on any other site (I have a bad habit of recycling old ones).  Although I'm going to miss my password, it was quite witty and I'd say more secure than my usual passwords.

Usually passwords in computer systems are stored not directly as they are, but as hashes. In that case your password is quite safe.

Lumin, did this person tell you how did he hacked the game? In that case it would be the proper person to ask about securing the site. Punishing him instead is quite unfortunate and impractical. If a person discovers a potential security gap, if anything, he should report it immediately. It's not the type of behavior that should be discouraged, even if it seems right.

Shutting everything down for several weeks also seems somewhat unfortunate turn of events. You managed to arouse much interest and the birthing queue itself is long enough to put some people off.

To sum everything up - it's your game and your decision, and you have every right to be upset about this event, but it seems to me as you're blowing it out of proportion.
Logged
SGS

Posts: 8


View Profile Email
« Reply #5 on: January 31, 2009, 06:24:44 AM »

I don't think the person who hacked the website was planning on doing anything to it If he was he probably wouldn't come out and reveal himself.
Logged
Traveller

Posts: 3


View Profile
« Reply #6 on: January 31, 2009, 06:41:00 AM »

Okay, I was waiting for the weekend to sign up so I'm not even in the queue, but... The FBI?  Seriously?  It's a beta, this is kind of what a beta period is for.  Clearly I don't know the whole story here, but as a taxpayer, I kind of resent you wasting the FBI's time.

I take that back.  There's no "kind of" involved, here.  Kid finds a security hole in a web game and tells the admins what he did...that's, like, a misdemeanor of the internet.
Logged
Seko
**
Posts: 193


okarrdess
View Profile
« Reply #7 on: January 31, 2009, 07:10:41 AM »

Well I suppose if someone finds a security hole and reports it that's only a good thing but if they do stuff like changing contents of fields just because they can and not changing them back afterwards, that's vandalism. Of course we don't know what the person did in particular but at least in KoL people were initially encouraged to test the system to find all the wormholes and people even got to keep stuff they gained from hacking just as long as they reported their findings to the developers.
Logged

Inane Wayne
Content Developer
*****
Posts: 317



View Profile
« Reply #8 on: January 31, 2009, 07:45:46 AM »

Eh? Was it that Natso guy?


If it was, I think he was just trying to help, albeit maybe in a misguided attempt Tongue
Logged

"This man stands tall and tan, with flowing black hair and a beard to match. He's wearing a thong, which wedges itself uncomfortably between his ass-cheeks. He sporadically does pelvic thrusts in the direction of random inanimate objects, and prefaces all his sentences with a loud, sexual grunt."
Qwertyuiopas

Posts: 15


View Profile
« Reply #9 on: January 31, 2009, 02:49:49 PM »

It would probably have been fine if he asked if he could test the security first...

But the thing is that it could have simply been his cover story and the truth was that he was stealing passwords.
Logged
greylady
***
Posts: 362


View Profile
« Reply #10 on: January 31, 2009, 05:21:30 PM »

Thank you for letting us know, Lumin. I'm sorry that someone was so innapropriate with your new game... it looks like it's going to be a lot of fun.

Take as long as you need to make everything secure and yourself feel comfortable.

To everyone else;
It's beta. Things will break (or in this case, be broken) and there might be times when you can't play because it's being fixed. That's just the way beta works.
Logged

~True gold fears no fire.~

The problem with Anarchy is that is favors those who care the least... sadly, this is also the problem with Compassion.
Karlito
****
Posts: 570



View Profile
« Reply #11 on: January 31, 2009, 06:39:24 PM »

Eh? Was it that Natso guy?

Must have been, since there's now no member with the username of "Natso" on this forum.
Logged

1) Dead
2) Blind
3) Crippled
4) Cold
Seko
**
Posts: 193


okarrdess
View Profile
« Reply #12 on: January 31, 2009, 07:37:41 PM »

What do you mean, his profile is right there:
http://forums.faerytaleonline.com/index.php?action=profile;u=52
Logged

Hamel
***
Posts: 375



View Profile
« Reply #13 on: January 31, 2009, 07:46:23 PM »

Eh? Was it that Natso guy?

Let us not make assumptions people.
Logged

Bumps in a road make the smooth parts feel all the smoother.
Wiro
*****
Posts: 1950



View Profile
« Reply #14 on: January 31, 2009, 07:48:53 PM »

You... banned him and reported him to the FBI? Way to go banning someone who's obviously trying to help. If he really wanted to fucked up the game, he'd keep quiet so you wouldn't notice. I can imagine the way I would've replied if say.. I'd banned from Cantr after I hacked it. But I wasn't, I received a thank-you instead.

What exactly did he do? It couldn't have been that bad, now was it?

Oh, as for security, the "account" page, where you can change your password... Make it so your password isn't automatically there. Even though it's censored, if you press "Save" and use a program to check the inf oyou send, you can see uncensored password.
Logged

Rest in peace eternally, my bonny darlings!
x. Perished, winsome mother, derailed mind and half-sickening thoughts
x. Forgotten tyrant and bully
x. Lost child, wandered too far
Pages: [1] 2 3 4
  Print  
 
Jump to:  

Powered by MySQL Powered by PHP Powered by SMF 1.1.11 | SMF © 2006-2007, Simple Machines LLC Valid XHTML 1.0! Valid CSS!