451

I will not be connecting to any server that either you or Ivin control. Both of you are people who I personally would never trust to have my IP adress and things. If ivin can really hack passwords and crap, or if you can, or both, That's one more reason to stay away from this game.  This is one that i'll never be playing unless I know the person who is running the server. And given that Ivin removed custom servers I don't think that's going to happen.

I am the blind jedi, I use the force to see. I am the only blind jedi.

Thumbs up

452

first of all, the password files are encripted. While is likely that Ivan has the key, he can get the password but i have not control over it

R.I.P Melinda Cook.

Thumbs up

453

Its not that hard to actually get anyone's IP address really these days. Can I get the password for your account Yes I can, but that's pretty much with in itself. I know how to decrypt the password because, well, I wrote the code to log in. Would I? No, unless you requested the password to your account.

Ivan

Thumbs up

454 (edited by Lucas1853 2017-11-14 19:55:53)

It doesn't really matter if anyone gets your IP. It's easy to get IP. What you should really be worrying about is passwords, especially if they are encrypted, not hashed. I'm not an expert on the matter, but I'd really recommend hashing the passwords, not encrypting them with a key that can be seen in the code. What if someone you didn't trust got access to your server and code and decrypted the password files with the key? When they are hashed, it's harder for script kitties to get at them because it's not as simple as running the string_decrypt function on the file contents.
Edit: See this: https://nakedsecurity.sophos.com/2013/1 … ds-safely/
Edit 2: Ivan, why are you directly accessing user passwords in the first place? If someone forgets their password, have something automated to change it. When you forget your twitter password, a twitter representative doesn't decrypt your password and send it to you in an e-mail.

Sincerely,
Lucas.

Thumbs up

455

I don't get it why the hell people are so damn sensitive about others finding out their IP addresses. The IP address was never meant to be, has never been, is not, and will never be private. It was meant to be public and will remain that way. It is meant as a method of identifying your computer on a network. If you don't want people finding out your IP address, leave the damn internet -- entirely -- and don't ever come back. No matter what you do -- use a VPN, a secret router, etc. -- people will always find out your IP address.
@453: Are you insane or something? You never, ever encrypt a password with a static key. Hell, you should never, ever encrypt anything with a static key, but no one will ever listen to that one. The point is that you should hash a password with SHA512, Blake SP2, or something else even more secure, and salt it as well. But never encrypt userdata with a key that you can get. That just makes people distrust you even more because they know that you have the key, all the time, and can access their private data without them ever knowing about it. As 454 said, use an automated process that's securely encrypted in all ends to change the password, and ensure that even you, yourself, can never get the key, or manage to de-salt the information. If you have the decryption key then that defeats the entire point of security.

"On two occasions I have been asked [by members of Parliament!]: 'Pray, Mr. Babbage, if you put into the machine wrong figures, will the right answers come out ?' I am not able rightly to apprehend the kind of confusion of ideas that could provoke such a question."    — Charles Babbage.

Thumbs up +1

456

I absolutely don't know why some persons simply get so afrade when someone knows the single bit of hacking. I am not saying that you shouldn't fiel completely safe on the net, more over I have all reddy seen a hacking incident, want say what server or what game, but let me just say that he was not just able to log in as a dev, he was even able to hide his ip, even we weren't able to found out his computer id.
But back on topic, only thing that you can find out from somebody's ip is there location, and the tool in bgt by Sam wasn't very acurat the last time I checked it. Anyway, you don't expect a 17 year old guy coming at your house just because what. You are playing his game? owe my.

Kind regards
Alexander
Follow me on twitter. @ferumite666
Ambition is the stage between imagination and realism.

Thumbs up

457

Agreed with biggun.  guys,  can we please stop freaking out about security?  That’s not what this topic is here for.

The answer to life, the universe, and everything is 42.

Thumbs up

458

Not just that, but hacking is not easy, and if your actually focused on security is one of your primary motives when making your game, the likelihood of a gamer fully managing to breach every security measure is not very high. It'll always be there.

"On two occasions I have been asked [by members of Parliament!]: 'Pray, Mr. Babbage, if you put into the machine wrong figures, will the right answers come out ?' I am not able rightly to apprehend the kind of confusion of ideas that could provoke such a question."    — Charles Babbage.

Thumbs up

459

agree with hashing everything you can. That is the way i handle my passwords, the ones i have a say in, and even more so now with people whispering of how ivan might try to hack my VPS Its what ever. I never tamper with userdata on my servers, and that is how it will always be. I will never touch anything in the chars foler or players foler or what ever the thing calls them. If someone forgets there pass i won't look at there password, tell them to make a new account, give them back there old inv and that is that remove the old folder of there user and done. charlie knows how i handle my servers, so does big gun and i am sure many others

R.I.P Melinda Cook.

Thumbs up

460 (edited by ivan_soto 2017-11-17 04:22:02)

First of all, the old server is discontinued so I shouldn't trust it because it won't get the security update. I'm working on an e-mail reset system so you can request a reset code for your password. I'm also working on hashing your key, so its harder to view the password. Players who have forgotten their password can no longer request a password, they will have to change it and create a new one. As for the other point Mr. Ernie wrote, once I was on TK and he was talking about giving themselves items after me killing the /give command by editing their inventory .usr files. On another note I have spent about 2 hours recoding a lot of the server's problems when it comes to BGT runtime errors. Iw ill admit I'm not so great at fixing them, but its a work in progress.

Ivan

Thumbs up

461

hi,
how can i create a server?
tahnks

Thumbs up

462

bgt does have access to sha512 I believe, so we could use that. If not, I could probably call advapi32 directly. And for saulting I wouldn't just use the username either, I'd do something to it, maybe has it and add those together or something. With this system currently it will tell you if you have the wrong password for an account because it's in a file inside the account's folder. It could probably be manipulated but it would require a bit of work. I do have code from way back when when I built a password reset system that had been used in btb, so I could probably have that ported.

----------
An anomaly in the matrix. An error in existence. A being who cannot get inside the goddamn box! A.K.A. Me.

Thumbs up

463

Holey tacos! You guys still going on about The Killer? This killer bull is going to kill us all! smile

I, personally, think Ivan would be better off just releasing the server and game client. That would, most likely, put to wrest the concerns people have with Ivan's credential storage system.

In my opinion, Ivan's actions have liquidated what trust that he did have before publicly releasing Tk; I, refuse to play The Killer because of all the drama and insanity that has sprung up. Stolen code, server tampering, overall indecisiveness, and now concerns with how user account data is stored? When will it end?

This all comes back to one thing that I have observed countless times when dealing with Ivan Soto. His actions always speak volumes louder than charismatic words.

NTC
"Today I choose life. Every morning when I wake up I can choose joy, happiness, negativity, pain... To feel the freedom that comes from being able to continue to make mistakes and choices - today I choose to feel life, not to deny my humanity but embrace it."
Kevyn Aucoin

Thumbs up

464

lol well, i was trying to go back to playing Tk again, and so far so good, I was actully amazed that ivan hadn't tryed messing with my char but then, i come online today, to find that My inventory was blanked and stuff that took me months of collecting and bidding on awesome octions, all gone down the drain. No woarning, just log in, and no items. so that is the way he runs HIS server, so before he starts blaiming me for suposley changing his password,


look at him. and as for when i had my server, We never, ever, ever, edited the INV files. you were the one that brought that up ivan, when you were set on trashing my server.

R.I.P Melinda Cook.

Thumbs up

465

I am simply tired of all this. Really. He deleted that and that .usr file. No, it was the dev. Owe wait he tampered my maps owe gosh I hate you Ivan because of what. And just to think how did this start? Ivan noticed that Ernie didn't manage his server properly and removed it from the server list. Really. Now you just keep saying how Ivan does ask goodness knows what to your server. First there is no proof of that, second it's his game. If he says that your server doesn't follow some guidelines on how server should be handeled, he can remove it from the server list. And now you even Bitch about he did that and that. He said that that update loop was a bug, plus it could have even been a ly taking that other server hosters didn't notice it. I won't comment about deleting userdata stuf but really, if you dislike the dev, just leave his games. No, you simply have to bitch, and bitch, before dev loozes all motives for even living and finally killing him self. Really. None of you really don't know how mutch complaining can be simply destructive. That topic that I have posted a few months ago is simply ment to hopefully point Ivan in the right direction. Don't know did he listen me because well, I am not shure did he even cared about anyone but what ever. Point is, that I agree that it's not ok that he tampered your server, but say it one time, this is the forum and everyone will notice the message sooner or later. About that inventory thing, well question did you really win that on auctions? Did you get that by begging on team talk? That is the good question. Come on, even I lossed the items one time and guess what? He didn't return them to me. And I still played the game. Why? Because I still had the weapons witch I had from the day 1, and that was enough. If only way of fighting is shooting guided missiles, well then really good First person shooters will never be your favorite game. But what ever, expect that this world will never be a good place to live in. I am even sometimes sad that I am part of it sometimes. Well, see you some other time. I at least hope that that time there will be Some people that are able to give constructive criticizem.

Kind regards
Alexander
Follow me on twitter. @ferumite666
Ambition is the stage between imagination and realism.

Thumbs up +2

466

Why is anyone still going on about the killer?

Thumbs up

467

@BigGun, there is a slight flaw with your logic: Ivan never specified any guidelines about server management standards. If he decided to come up with some, he should've told everyone; however, he did not, and therefore he left it up to the server manager to manage the server how they like. He then can't just remove servers from the server lists because he doesn't like that server. He can't hack a server that someone is hosting just because it's his own game without a very, very, very good reason. No reason that Ivan has given comes even close to that quality of 'very good reason'.

"On two occasions I have been asked [by members of Parliament!]: 'Pray, Mr. Babbage, if you put into the machine wrong figures, will the right answers come out ?' I am not able rightly to apprehend the kind of confusion of ideas that could provoke such a question."    — Charles Babbage.

Thumbs up

468

ernie wrote:

lol well, i was trying to go back to playing Tk again, and so far so good, I was actully amazed that ivan hadn't tryed messing with my char but then, i come online today, to find that My inventory was blanked and stuff that took me months of collecting and bidding on awesome octions, all gone down the drain. No woarning, just log in, and no items. so that is the way he runs HIS server, so before he starts blaiming me for suposley changing his password,


look at him. and as for when i had my server, We never, ever, ever, edited the INV files. you were the one that brought that up ivan, when you were set on trashing my server.

Jesus christ, stop wining like an 8 year old. And @ivin, do you have some kind of bypoler problem with the killer? You stopped working on it, now you seem to be working on it again. You've added and removed custom servers so many damn times. Seriously people, stop playing this game. Ivin is a fraud and a thief, stop acting like you love his game when its clear nun of you actually do. If its that you want an fps, there are several others that you can choose from. Also, ivin's post saying that he has player passwords and can easily view them at any time without that player knowing is yet another reason to not play. Seriously, wake the hell up guys!

I am the blind jedi, I use the force to see. I am the only blind jedi.

Thumbs up

469

BlindJedi wrote:
ernie wrote:

lol well, i was trying to go back to playing Tk again, and so far so good, I was actully amazed that ivan hadn't tryed messing with my char but then, i come online today, to find that My inventory was blanked and stuff that took me months of collecting and bidding on awesome octions, all gone down the drain. No woarning, just log in, and no items. so that is the way he runs HIS server, so before he starts blaiming me for suposley changing his password,


look at him. and as for when i had my server, We never, ever, ever, edited the INV files. you were the one that brought that up ivan, when you were set on trashing my server.

Jesus christ, stop wining like an 8 year old. And @ivin, do you have some kind of bypoler problem with the killer? You stopped working on it, now you seem to be working on it again. You've added and removed custom servers so many damn times. Seriously people, stop playing this game. Ivin is a fraud and a thief, stop acting like you love his game when its clear nun of you actually do. If its that you want an fps, there are several others that you can choose from. Also, ivin's post saying that he has player passwords and can easily view them at any time without that player knowing is yet another reason to not play. Seriously, wake the hell up guys!

I am still waiting for the moderation team here to exercise the ban hammer on him.

NTC
"Today I choose life. Every morning when I wake up I can choose joy, happiness, negativity, pain... To feel the freedom that comes from being able to continue to make mistakes and choices - today I choose to feel life, not to deny my humanity but embrace it."
Kevyn Aucoin

Thumbs up

470

I seriously don't understand why everyone's making a big deal about this. So what if I can see your password? So can STW account passwords be easily decrypted. Soon I am going to eventually do a complete char purge to stop this I have more items than you crap. Its the best thing to do. Can we just stop with the custom servers thing? Its more to me like these people are more concerned about power on the game, not actually hosting a server. Ernie is the only person I have received this muchcomplains about hosting a server. Other people just move on, and if 2 times of adding servers sooooooooo many times, well I'm sorry. Guess next time once is a lot of times, huh? The password encryption will be dealt with ASAP.

Ivan

Thumbs up

471 (edited by BigGun 2017-11-26 10:31:20)

@468
Just wondering, what other FPSes? RTR? There is 1 in 10000000 chanse that there is someone who still hosts the server. Audio quake? The same as rtr, but not to menschen that it's dropping support for newer operating systems, And simply old concepts. HVR? It gets bord after the time, and that xp change doesn't make me ever return to that game. Swamp? I am only waiting for Aprone to shutdown the server. Really. If only that he does now is being a clown for random events and pretty much nothing else. If it's never going to get a client update, then why are you even playing it. Not just that, there were most likely be no more server updates, and when it drops support for newer operating systems it again goes down the drane, pluss it also gets boring after time. You your self said that you hate redspot, so what are those other first person shooters that you are talking about?
@Ivan
All that I have to say is:
You will never make the intire world happy.
All I had to say.

Kind regards
Alexander
Follow me on twitter. @ferumite666
Ambition is the stage between imagination and realism.

Thumbs up

472

blink_wizard wrote:

I seriously don't understand why everyone's making a big deal about this. So what if I can see your password? So can STW account passwords be easily decrypted. Soon I am going to eventually do a complete char purge to stop this I have more items than you crap. Its the best thing to do. Can we just stop with the custom servers thing? Its more to me like these people are more concerned about power on the game, not actually hosting a server. Ernie is the only person I have received this muchcomplains about hosting a server. Other people just move on, and if 2 times of adding servers sooooooooo many times, well I'm sorry. Guess next time once is a lot of times, huh? The password encryption will be dealt with ASAP.

The reason for I won't host a server and won't play the game in the future is simply because I don't trust you after all this mess. You could easily mess up peoples servers because you can see peoples passwords. I don't know if you actually have done that. An other thing is the way you are trying to control people. You release the server program, release an update where you disable custom servers because people  have messed things up on your own servers. Then, the password issue came. How should people trust you after all this? You should properly have released the server program, and said to people they could do what they want on their server, and only care about your own server...

Best regards SLJ.
If you like the post, then please give it a thumps up.
Feel free to contact me privately if you have something in mind. If you do so, then please send me a mail instead of using the private message on the forum, since I don't check those very often.
Happy gaming... :D

Thumbs up

473

@Big gun, swamp is the greatest audiogame we've ever had. My opinion of course, might not be yours, but please don't dis it like that, I know many others who still very much enjoy it much better than this killer crap and are still playing it for 12 hours straight like I did in the summer multiple times. It seems aprone is actually the only person here who knows how to propperly run a damn game server.

I am the blind jedi, I use the force to see. I am the only blind jedi.

Thumbs up

474

To all who play. We're very sorry about the massive shit we've been experiencing recently due to the crossover to linux again, since ivan can't pay for both servers at once. I come to you today with a revolutionary discovery, as the runtime meter is now operating on this linux server! We are experiencing one other issue we can't figure out, which is the bug that is causing files to not be deleted and saved properly, but hopefully that stays away since I've played with chmod and such. We are still trying. We haven't given up on you. And due to this and the fact that today is Christmas in the US, I am going to be hosting a sort of giveaway of items. I will make you fantastic deals, now that we have the new transfer feature, you can send me the coins and I can give you the item. And some less offensive items, such as interceptors, I will give away at no charge for some amounts! See ya there!
Note: I may not be online all day, and the both of us are in central time, so this offer expires on 12:00 AM, Tuesday, December 26 US central time, which I believe is currently UTC -7 due to dst.

----------
An anomaly in the matrix. An error in existence. A being who cannot get inside the goddamn box! A.K.A. Me.

Thumbs up

475

Well, it should run pretty stable on Linux, if the crash bugs get fixed. I'm running multiple audio game servers made in BGT on my Linux server, and they are running very stable without any issues at all. No need to pay for expensive Windows servers... smile

Best regards SLJ.
If you like the post, then please give it a thumps up.
Feel free to contact me privately if you have something in mind. If you do so, then please send me a mail instead of using the private message on the forum, since I don't check those very often.
Happy gaming... :D

Thumbs up