Printable Version of Topic
Click here to view this topic in its original format
Sneaky Monkeys Forum _ Public Discussion _ Leaked admin credentials
Posted by: MonkeyFiend Jan 20 2020, 08:55 PM
QUOTE (MonkeyFiend @ Jan 20 2020, 08:52 PM) 
As I'm sure some of you know the admin password "dancingstar" was leaked to Haich. There's no evidence of hacking of accounts and no login history to the config files or FTP server where the password could be read from configs.
It therefore seems likely that the password was leaked from an admin who legitimately had the password.
Speaking to Haich, he says that Nexton provided the password. However there is nothing to corroborate this as either true or as a parting attempt to get a member in trouble.
Although there's not really much further investigation I can do from a technology perspective, I do believe the password was shared to Haich by an admin who he was friendly with (there's not been any accidental leaks into chat in the time we've had this password)
As such the only thing I can do is look through the friend history of Haich (he's recently removed all friends, but I can get a history of this). Any SM members on his friends list, it is my intention to temporarily suspend them from the clan and server.
I'll provide a period of time for Haich and others to sort this out, after which assuming we've not got a definitive answer, those who are suspended I'll begin a vote to remove them from the clan and ban from the server.
I'm aware that this will potentially include innocent people, but it's the only way I can ensure beyond reasonable doubt that the admin that leaked the password would be included.
Given the nature of this leak, a simple ban would easily be evaded (family share/alt accounts) - so any bans made are going to also be via hardware ID and IP range. The former will potentially effect anyone who shares a computer, the latter could include people in a small geographic region or people who've signed in on friends computers, looking at the scripts I suspect LLLL and a handful of others will get caught in this group.
While this action is extreme to say the least, I can't see any other way to definitively catch the person who shared the credentials.
Perhaps the people involved will come forward, but if not these measures are to protect the clan as a whole, rather than allow the person who leaked the password and ultimately caused numerous innocent bans and unbanning of legitimate players to continue without consequences.
If anyone has any alternative suggestions, other than doing nothing, please let me know.
As will all things this ultimately rests with the clan members to vote on. Sad times though
thanks,
MonkeyFiend
p.s. I'll repost this in the public area of the forums too.
It therefore seems likely that the password was leaked from an admin who legitimately had the password.
Speaking to Haich, he says that Nexton provided the password. However there is nothing to corroborate this as either true or as a parting attempt to get a member in trouble.
Although there's not really much further investigation I can do from a technology perspective, I do believe the password was shared to Haich by an admin who he was friendly with (there's not been any accidental leaks into chat in the time we've had this password)
As such the only thing I can do is look through the friend history of Haich (he's recently removed all friends, but I can get a history of this). Any SM members on his friends list, it is my intention to temporarily suspend them from the clan and server.
I'll provide a period of time for Haich and others to sort this out, after which assuming we've not got a definitive answer, those who are suspended I'll begin a vote to remove them from the clan and ban from the server.
I'm aware that this will potentially include innocent people, but it's the only way I can ensure beyond reasonable doubt that the admin that leaked the password would be included.
Given the nature of this leak, a simple ban would easily be evaded (family share/alt accounts) - so any bans made are going to also be via hardware ID and IP range. The former will potentially effect anyone who shares a computer, the latter could include people in a small geographic region or people who've signed in on friends computers, looking at the scripts I suspect LLLL and a handful of others will get caught in this group.
While this action is extreme to say the least, I can't see any other way to definitively catch the person who shared the credentials.
Perhaps the people involved will come forward, but if not these measures are to protect the clan as a whole, rather than allow the person who leaked the password and ultimately caused numerous innocent bans and unbanning of legitimate players to continue without consequences.
If anyone has any alternative suggestions, other than doing nothing, please let me know.
As will all things this ultimately rests with the clan members to vote on. Sad times though
thanks,
MonkeyFiend
p.s. I'll repost this in the public area of the forums too.
Posted by: Fightdrug *-* Jan 20 2020, 09:16 PM
i dont know if its importent so i better say it : for a few weeks there was a fake admin that called tully the profile is not longer on steam sadly :/ but as i sayed it TimTheSorcerer he sayed it could be nexton ( but not sure ) with a fake profile we were not sure if that tully guy was speedhacking
Posted by: Sir Robin (not so brave) Jan 22 2020, 06:23 PM
QUOTE (Fightdrug *-* @ Jan 20 2020, 11:16 PM)
i dont know if its importent so i better say it : for a few weeks there was a fake admin that called tully the profile is not longer on steam sadly :/ but as i sayed it TimTheSorcerer he sayed it could be nexton ( but not sure ) with a fake profile we were not sure if that tully guy was speedhacking
Is that the profile? http://steamcommunity.com/profiles/76561198850921818
Posted by: Fightdrug *-* Jan 22 2020, 06:45 PM
QUOTE (Sir Robin (not so brave) @ Jan 22 2020, 07:23 PM)
Is that the profile? http://steamcommunity.com/profiles/76561198850921818
yeah thats the one
the picture is a other now and the name but the profile description is the same
Posted by: Steelshanks Feb 17 2020, 02:48 AM
Somebody went through a lot of effort to hurt this community and its members, A very sad and grim turn of events. If anyone knows who it is, or better yet the person who did it themselves have the courage and decency to come forward you will make it easier to fix, dont be a chucklefuck and have the guts to admit it was you.
This isnt something i would ever of thought to see on SM.
Powered by Invision Power Board (http://www.invisionboard.com)
© Invision Power Services (http://www.invisionpower.com)