IPB





Welcome Guest ( Log In | Register )

 
Reply to this topicStart new topic
> Leaked admin credentials
MonkeyFiend
post Jan 20 2020, 08:55 PM
Post #1


Security and Projects
**********

Group: Clan Dogsbody
Posts: 4,574
Thank(s): 828
Points: 2,327
Joined: 31-August 07
From: A Magical Place, with toys in the million, all under one roof
Member No.: 1




QUOTE (MonkeyFiend @ Jan 20 2020, 08:52 PM) *
As I'm sure some of you know the admin password "dancingstar" was leaked to Haich. There's no evidence of hacking of accounts and no login history to the config files or FTP server where the password could be read from configs.

It therefore seems likely that the password was leaked from an admin who legitimately had the password.

Speaking to Haich, he says that Nexton provided the password. However there is nothing to corroborate this as either true or as a parting attempt to get a member in trouble.

Although there's not really much further investigation I can do from a technology perspective, I do believe the password was shared to Haich by an admin who he was friendly with (there's not been any accidental leaks into chat in the time we've had this password)

As such the only thing I can do is look through the friend history of Haich (he's recently removed all friends, but I can get a history of this). Any SM members on his friends list, it is my intention to temporarily suspend them from the clan and server.
I'll provide a period of time for Haich and others to sort this out, after which assuming we've not got a definitive answer, those who are suspended I'll begin a vote to remove them from the clan and ban from the server.

I'm aware that this will potentially include innocent people, but it's the only way I can ensure beyond reasonable doubt that the admin that leaked the password would be included.

Given the nature of this leak, a simple ban would easily be evaded (family share/alt accounts) - so any bans made are going to also be via hardware ID and IP range. The former will potentially effect anyone who shares a computer, the latter could include people in a small geographic region or people who've signed in on friends computers, looking at the scripts I suspect LLLL and a handful of others will get caught in this group.

While this action is extreme to say the least, I can't see any other way to definitively catch the person who shared the credentials.
Perhaps the people involved will come forward, but if not these measures are to protect the clan as a whole, rather than allow the person who leaked the password and ultimately caused numerous innocent bans and unbanning of legitimate players to continue without consequences.

If anyone has any alternative suggestions, other than doing nothing, please let me know.

As will all things this ultimately rests with the clan members to vote on. Sad times though sad.gif

thanks,

MonkeyFiend

p.s. I'll repost this in the public area of the forums too.



--------------------

Go to the top of the page
 
+Quote Post
The Following 2 Users Say Thank You to MonkeyFiend For This Useful Post:
doreanh, hardworkingcrackwhore
Fightdrug *-*
post Jan 20 2020, 09:16 PM
Post #2


Filthy Peasant


Group: Members
Posts: 9
Thank(s): 7
Points: 9
Joined: 20-June 19
From: Germany
Member No.: 5,553




i dont know if its importent so i better say it : for a few weeks there was a fake admin that called tully the profile is not longer on steam sadly :/ but as i sayed it TimTheSorcerer he sayed it could be nexton ( but not sure ) with a fake profile we were not sure if that tully guy was speedhacking


--------------------
[

Coffee, Cookies and a Fire more i dont need
Go to the top of the page
 
+Quote Post
Sir Robin (not s...
post Jan 22 2020, 06:23 PM
Post #3


Knight Errant
*******

Group: Veteran SM Members
Posts: 680
Thank(s): 293
Points: 680
Joined: 9-March 16
From: Bulgaria
Member No.: 4,846




QUOTE (Fightdrug *-* @ Jan 20 2020, 11:16 PM) *
i dont know if its importent so i better say it : for a few weeks there was a fake admin that called tully the profile is not longer on steam sadly :/ but as i sayed it TimTheSorcerer he sayed it could be nexton ( but not sure ) with a fake profile we were not sure if that tully guy was speedhacking

Is that the profile? http://steamcommunity.com/profiles/76561198850921818
Go to the top of the page
 
+Quote Post
The Following 1 Users Say Thank You to Sir Robin (not so brave) For This Useful Post:
Fightdrug *-*
Fightdrug *-*
post Jan 22 2020, 06:45 PM
Post #4


Filthy Peasant


Group: Members
Posts: 9
Thank(s): 7
Points: 9
Joined: 20-June 19
From: Germany
Member No.: 5,553




QUOTE (Sir Robin (not so brave) @ Jan 22 2020, 07:23 PM) *


yeah thats the one ohmy.gif the picture is a other now and the name but the profile description is the same


--------------------
[

Coffee, Cookies and a Fire more i dont need
Go to the top of the page
 
+Quote Post
Steelshanks
post Feb 17 2020, 02:48 AM
Post #5


Squire
***

Group: Trusted non-SM
Posts: 113
Thank(s): 66
Points: 113
Joined: 21-February 15
From: my Campervan
Member No.: 4,604




Somebody went through a lot of effort to hurt this community and its members, A very sad and grim turn of events. If anyone knows who it is, or better yet the person who did it themselves have the courage and decency to come forward you will make it easier to fix, dont be a chucklefuck and have the guts to admit it was you.

This isnt something i would ever of thought to see on SM.


--------------------
Whatever you do, Do NOT click on this LINK
Go to the top of the page
 
+Quote Post
The Following 3 Users Say Thank You to Steelshanks For This Useful Post:
Fightdrug *-*, hardworkingcrackwhore, Sir Robin (not so brave)

Reply to this topicStart new topic

 



RSS Lo-Fi Version Time is now: 24th February 2020 - 07:19 AM
Sneaky Monkeys Clan :: MonkeyFiend.com