The world is currently online!


Welcome to Emps-World!

Register now to gain access to all of our forum features. Once registered and logged in, you will be able to create topics, post replies, send private messages, manage your profile, chat with other players in the shoutbox and much more. Once you sign in, this message will disappear.



Pages: 1 2
0 Members and 1 Guest are viewing this topic.

Offline Ameer

  • *
  • 487
  • Liked: 630 times
  • +0/-0
    • View Profile
Re: regarding hijacked emps-world emails
« Reply #15 on: December 13, 2017, 06:58:49 pm »
This is really not the problem here though, the question is how did Emps-World get leaked? I've seen a picture of it on Rune-Server.
https://www.rune-server.ee/runescape-development/rs2-client/help/667295-ineed-help.html
This topic may have an answer to that question. https://emps-world.net/forum/index.php?topic=9224.0
It's over 2,5 years old data people are trying to sell though.

I believe this topic you meant to post link of
https://emps-world.net/forum/index.php?topic=18078.0
Yes that's it. Thanks for clarification. Regardless it's still old code and there has been a lot of changes since then.

That's true, however that won't change the fact that he'll be able to do some strange things ing,
last time we had to deal with an edited client a lot of annoying things happened.

I don't know how far this dude can go or what is he trying to do, it seems to me he is trying to find a way to decrypt the passwords.
something looks a bit hard, however I am sure with some editing to the source code he has such thing will be possible if he attempt to login to an account with any password to apply the change.

anyway I might be wrong ^ , I am sure thomy will leave a reply here sooner or later to explain it all.



Emps-World Player Moderator Since July 18, 2015
Emps-World Game Moderator Since September 22, 2015
Emps-World Player Administrator Since  October 29, 2015
Emps-World Game Administrator since few years

Emps world player since the day I resigned, dunno when.

Offline Obby Forever

  • *
  • 8
  • Liked: 5 times
  • +0/-0
    • View Profile
Re: regarding hijacked emps-world emails
« Reply #16 on: December 13, 2017, 11:42:52 pm »
Simply reporting it to OVH and waiting until they look at the case is enough to suspend their dedicated server. OVH has strict policy against these things, a server of mine was already terminated after they found out I was hosting RSPS.

This is really not the problem here though, the question is how did Emps-World get leaked? I've seen a picture of it on Rune-Server.
https://www.rune-server.ee/runescape-development/rs2-client/help/667295-ineed-help.html
There we go; PS: I'm 'Kris' on R-S.

Mind explaining to normal people like me what is he even trying to achieve there ?
Shouldn't worry about it, the given person is definitely not the one who managed to get the source; this given person has zero knowledge in development whatsoever. He was probably given it by whoever got the source in the first place.

But yeah, if it's indeed that old, there probably isn't much to worry about.

Online Thomy

  • *
  • 3554
  • Liked: 3322 times
  • +5/-0
    • View Profile
Re: regarding hijacked emps-world emails
« Reply #17 on: December 14, 2017, 08:06:25 am »
Just as a quick reminder, there was a topic last year that explains the incident: https://emps-world.net/forum/index.php?topic=18078.0

That's true, however that won't change the fact that he'll be able to do some strange things ing,
last time we had to deal with an edited client a lot of annoying things happened.

I don't know how far this dude can go or what is he trying to do, it seems to me he is trying to find a way to decrypt the passwords.
something looks a bit hard, however I am sure with some editing to the source code he has such thing will be possible if he attempt to login to an account with any password to apply the change.

anyway I might be wrong ^ , I am sure thomy will leave a reply here sooner or later to explain it all.

No. People can always modify game code and try to come up with modifications. However the server validates and checks if a request is valid. Even if somebody sent a request to withdraw 20M ags from their bank, the server would deny it.

Passwords are safely hashed with bcrypt (https://en.wikipedia.org/wiki/Bcrypt), which is a one-directional transformation. If you login to the site or game, your password is encrypted (site: HTTPS, game: plain RSA), hashed and compared with the value that's in the database. If there is an exact match, the login is granted. Even if you asked me what your password is... I couldn't tell, because I'd have to brute-force it (trying out all combinations). The reason nobody brute-forces such passwords is the complexity of the problem. Besides... the site would lock you out for some time for spamming logins. It would take years to decrypt a set of passwords, which simply isn't worth the time and thus the system is considered safe.
The following users liked this post: Ameer
Pages: 1 2