Emps-World Forum
Emps-World => General Discussion => Topic started by: T Mager on December 05, 2017, 12:27:04 pm
-
Hi,
I'm retired emps-world(emps-scape) player. This day i woke up, as usually checking my different emails and got this message from -(some kind of runescape private server project). I'm assuming that they somehow got their hands on hijacked emps-world player emails, now they using them to blackmail and promote their project. Maybe together we can do something about it, not only it's against the law, but it's risk to other players including me.
-
-
https://emps-world.net/forum/index.php?topic=20480.0
Removed all links and pictures for advertising reasons.
-
https://emps-world.net/forum/index.php?topic=20480.0
Removed all links and pictures for advertising reasons.
Ok, it's there a possibility that emps-world owners will take legal action against that private server project?
-
Don't think that's possible and wouldn't even be needed. After all it's traffic to our direction as well not just for them.
As stupid it may sound it actually works both ways. It's free advertising for us as well.
-
Don't think that's possible and wouldn't even be needed. After all it's traffic to our direction as well not just for them.
As stupid it may sound it actually works both ways. It's free advertising for us as well.
Thinking outside the box i agree that it's traffic, but agressive one. I have looked up their domain/ip whoIS, they're using https://www.ovh.com/ca/en hosting company, maybe we can cripple them in the cheap way like writing detailed message to their hosting provider abuse report (abuse@ovh.ca). In best case scenario they will get suspended from their own hosting company eventually lose some time and money by moving to different hosting company.
-
As in traffic and free advertising for us I meant that if they actually manage to grow and the community is being asked how they
found out about the server they'll find us and probably some other servers or gaming communities that has had their database hacked at some point. (And they have targeted them as well)
As for the other part of your last comment I have no idea. Maybe Thomy can give you an answer if he wants to as he knows these things far more better than anyone else here.
-
As in traffic and free advertising for us I meant that if they actually manage to grow and the community is being asked how they
found out about the server they'll find us and probably some other servers or gaming communities that has had their database hacked at some point.
As for the other part of your last comment I have no idea. Maybe Thomy can give you an answer if he wants to as he knows these things far more better than anyone else here.
Yes, there are possibility that other similar communities facing the same problem.
The thing is, Thomy no need to apply here, since the real victim is the user who is receiving these mail messages. We, by meaning "We" - i mean emps-world community can get them suspended. The more complains hosting company receives - the higher chance that they will suspend blackmailing community from their cloud.
I also want to mention that the hosting company their using is not some kind of offshore cluster. Company is well-known and they look after the people, so theres a high chance.
-
Honestly, I like the idea
-
Am i the only one who has separate email account/accounts for the shit they do online? Aint no way im registering emps to my personal email address lol. Couldn't care less what spam i get there ._.
-
Am i the only one who has separate email account/accounts for the shit they do online? Aint no way im registering emps to my personal email address lol. Couldn't care less what spam i get there ._.
too lazy to make a new mail, and if I do I forget the email or pass lul
-
Simply reporting it to OVH and waiting until they look at the case is enough to suspend their dedicated server. OVH has strict policy against these things, a server of mine was already terminated after they found out I was hosting RSPS.
This is really not the problem here though, the question is how did Emps-World get leaked? I've seen a picture of it on Rune-Server.
https://www.rune-server.ee/runescape-development/rs2-client/help/667295-ineed-help.html
There we go; PS: I'm 'Kris' on R-S.
-
Simply reporting it to OVH and waiting until they look at the case is enough to suspend their dedicated server. OVH has strict policy against these things, a server of mine was already terminated after they found out I was hosting RSPS.
This is really not the problem here though, the question is how did Emps-World get leaked? I've seen a picture of it on Rune-Server.
https://www.rune-server.ee/runescape-development/rs2-client/help/667295-ineed-help.html
There we go; PS: I'm 'Kris' on R-S.
Mind explaining to normal people like me what is he even trying to achieve there ?
-
This is really not the problem here though, the question is how did Emps-World get leaked? I've seen a picture of it on Rune-Server.
https://www.rune-server.ee/runescape-development/rs2-client/help/667295-ineed-help.html
This topic may have an answer to that question. https://emps-world.net/forum/index.php?topic=9224.0
It's over 2,5 years old data people are trying to sell though.
-
This is really not the problem here though, the question is how did Emps-World get leaked? I've seen a picture of it on Rune-Server.
https://www.rune-server.ee/runescape-development/rs2-client/help/667295-ineed-help.html
This topic may have an answer to that question. https://emps-world.net/forum/index.php?topic=9224.0
It's over 2,5 years old data people are trying to sell though.
I believe this topic you meant to post link of
https://emps-world.net/forum/index.php?topic=18078.0
-
This is really not the problem here though, the question is how did Emps-World get leaked? I've seen a picture of it on Rune-Server.
https://www.rune-server.ee/runescape-development/rs2-client/help/667295-ineed-help.html
This topic may have an answer to that question. https://emps-world.net/forum/index.php?topic=9224.0
It's over 2,5 years old data people are trying to sell though.
I believe this topic you meant to post link of
https://emps-world.net/forum/index.php?topic=18078.0
Yes that's it. Thanks for clarification. Regardless it's still old code and there has been a lot of changes since then.
-
This is really not the problem here though, the question is how did Emps-World get leaked? I've seen a picture of it on Rune-Server.
https://www.rune-server.ee/runescape-development/rs2-client/help/667295-ineed-help.html
This topic may have an answer to that question. https://emps-world.net/forum/index.php?topic=9224.0
It's over 2,5 years old data people are trying to sell though.
I believe this topic you meant to post link of
https://emps-world.net/forum/index.php?topic=18078.0
Yes that's it. Thanks for clarification. Regardless it's still old code and there has been a lot of changes since then.
That's true, however that won't change the fact that he'll be able to do some strange things ing,
last time we had to deal with an edited client a lot of annoying things happened.
I don't know how far this dude can go or what is he trying to do, it seems to me he is trying to find a way to decrypt the passwords.
something looks a bit hard, however I am sure with some editing to the source code he has such thing will be possible if he attempt to login to an account with any password to apply the change.
anyway I might be wrong ^ , I am sure thomy will leave a reply here sooner or later to explain it all.
-
Simply reporting it to OVH and waiting until they look at the case is enough to suspend their dedicated server. OVH has strict policy against these things, a server of mine was already terminated after they found out I was hosting RSPS.
This is really not the problem here though, the question is how did Emps-World get leaked? I've seen a picture of it on Rune-Server.
https://www.rune-server.ee/runescape-development/rs2-client/help/667295-ineed-help.html
There we go; PS: I'm 'Kris' on R-S.
Mind explaining to normal people like me what is he even trying to achieve there ?
Shouldn't worry about it, the given person is definitely not the one who managed to get the source; this given person has zero knowledge in development whatsoever. He was probably given it by whoever got the source in the first place.
But yeah, if it's indeed that old, there probably isn't much to worry about.
-
Just as a quick reminder, there was a topic last year that explains the incident: https://emps-world.net/forum/index.php?topic=18078.0
That's true, however that won't change the fact that he'll be able to do some strange things ing,
last time we had to deal with an edited client a lot of annoying things happened.
I don't know how far this dude can go or what is he trying to do, it seems to me he is trying to find a way to decrypt the passwords.
something looks a bit hard, however I am sure with some editing to the source code he has such thing will be possible if he attempt to login to an account with any password to apply the change.
anyway I might be wrong ^ , I am sure thomy will leave a reply here sooner or later to explain it all.
No. People can always modify game code and try to come up with modifications. However the server validates and checks if a request is valid. Even if somebody sent a request to withdraw 20M ags from their bank, the server would deny it.
Passwords are safely hashed with bcrypt (https://en.wikipedia.org/wiki/Bcrypt), which is a one-directional transformation. If you login to the site or game, your password is encrypted (site: HTTPS, game: plain RSA), hashed and compared with the value that's in the database. If there is an exact match, the login is granted. Even if you asked me what your password is... I couldn't tell, because I'd have to brute-force it (trying out all combinations). The reason nobody brute-forces such passwords is the complexity of the problem. Besides... the site would lock you out for some time for spamming logins. It would take years to decrypt a set of passwords, which simply isn't worth the time and thus the system is considered safe.