 Leaked admin credentials |
 Jan 20 2020, 08:55 PM
Post
#1
|
|
 Security and Projects  Group: Clan Dogsbody Posts: 4,687 Thank(s): 1098 Points: 2,440 Joined: 31-August 07 From: A Magical Place, with toys in the million, all under one roof Member No.: 1  |
QUOTE (MonkeyFiend @ Jan 20 2020, 08:52 PM)  As I'm sure some of you know the admin password "dancingstar" was leaked to Haich. There's no evidence of hacking of accounts and no login history to the config files or FTP server where the password could be read from configs. It therefore seems likely that the password was leaked from an admin who legitimately had the password. Speaking to Haich, he says that Nexton provided the password. However there is nothing to corroborate this as either true or as a parting attempt to get a member in trouble. Although there's not really much further investigation I can do from a technology perspective, I do believe the password was shared to Haich by an admin who he was friendly with (there's not been any accidental leaks into chat in the time we've had this password) As such the only thing I can do is look through the friend history of Haich (he's recently removed all friends, but I can get a history of this). Any SM members on his friends list, it is my intention to temporarily suspend them from the clan and server. I'll provide a period of time for Haich and others to sort this out, after which assuming we've not got a definitive answer, those who are suspended I'll begin a vote to remove them from the clan and ban from the server. I'm aware that this will potentially include innocent people, but it's the only way I can ensure beyond reasonable doubt that the admin that leaked the password would be included. Given the nature of this leak, a simple ban would easily be evaded (family share/alt accounts) - so any bans made are going to also be via hardware ID and IP range. The former will potentially effect anyone who shares a computer, the latter could include people in a small geographic region or people who've signed in on friends computers, looking at the scripts I suspect LLLL and a handful of others will get caught in this group. While this action is extreme to say the least, I can't see any other way to definitively catch the person who shared the credentials. Perhaps the people involved will come forward, but if not these measures are to protect the clan as a whole, rather than allow the person who leaked the password and ultimately caused numerous innocent bans and unbanning of legitimate players to continue without consequences. If anyone has any alternative suggestions, other than doing nothing, please let me know. As will all things this ultimately rests with the clan members to vote on. Sad times though  thanks, MonkeyFiend p.s. I'll repost this in the public area of the forums too. --------------------  |
 |
 
|
The Following 3 Users Say Thank You to MonkeyFiend For This Useful Post: doreanh, hardworkingcrackwhore, Steelshanks | |
Posts in this topic
MonkeyFiend Leaked admin credentials Jan 20 2020, 08:55 PM
Fightdrug *-* i dont know if its importent so i better say it : ... Jan 20 2020, 09:16 PM
Sir Robin (not so brave) QUOTE (Fightdrug *-* @ Jan 20 2020, 11... Jan 22 2020, 06:23 PM Fightdrug *-* QUOTE (Sir Robin (not so brave) @ Jan... Jan 22 2020, 06:45 PM Steelshanks Somebody went through a lot of effort to hurt this... Feb 17 2020, 02:48 AM  |
|
Lo-Fi Version | Time is now: 18th April 2024 - 11:59 PM |