Lego Universe ION removed? ( We had Xipho\'s permission )
- This topic has 14 replies, 8 voices, and was last updated 8 years, 8 months ago by
.
-
Posts
-
So about 15 minutes ago our server thread was remove by HappyAngryCatfish.
We had permission from Xipho. However we didn’t make it clear
It also said in the google forms not to use a password used for anything else. Its up to the person if they follow that rule or not.Skype conversation:
If the thread being closed does not get lifted I would like to speak To
HappyAngryCatfish. In a skype group with Glass/ Jason.I will talk to Xipho about it. Quite honestly I see it as insecure and shouldn’t be allowed. If you can’t configure the UniverseLauncher I debate if you are capable of running a server. I don’t mean to be offensive but I don’t want kids getting information scammed off of them.
@HappyAngryCatfish its easier to have a fill out form and do it manually then to buy a domain and stuff. Everyone’s having fun and half of the given passwords are like ‘Luniserver’,’lunipassword’. Heck theirs even one with random letters and stuff. This game is just about fun, people wanted public servers, we gave them it. Over the past 2 hours we have received multiple signups etc.
Bye.
Feel free to join and see that its working as of 30 minutes ago there were 8 people on and having fun compared to any other of the servers that were unstable. And There’s still no way it could totally be safe no matter how they register I will still be able to see peoples registered passwords and the only reason I have not setup a “safer” way of joining is so that people can join straight away.
What would you class as safe?
AND tell tim to fix his crap spam detection its always me I swear
The fact that you see the passwords of other people makes me cringe so hard. Please do not host a server if that’s your security point of view, please do not even consider anything IT related even.
That probably sounded harsher than I wanted it to be. However, if you have an IP where people can play you could also setup a webserver on the same machine, providing the UniverseLauncher website, allowing people to more or less securely register and handle their account on their own.
However that also gets rid of my control who I allow on the server.
And once again bot protection it needs fixing
Hi, Way is the server down? Sorry for asking but I like to know way I can not connect to the server.
@Wincent Me and Arron are fixing the server and its security. It’ll be up soon with a new way to register.
@HappyAngryCatfish remember that conversation about hoW it is going to be a boring server?
Well see that post above /\/\/\/\/\
Because I do and it seems to me as if people are/were enjoying it.
However that also gets rid of my control who I allow on the server.
Not true. It’s as simple as setting up an auto-ban once a user joins, which many early servers did. You could also have signup disabled, registering manually with some auto-generated password, email it to the user, and have them log in to change it.
But if you can see passwords, I would not support allowing you to advertise here. In fact, the Launcher is still vulnerable using an MD5 hash with no salt (there was a server whose database was compromised, and at that point we realized that whoever had access to the usernames and passwords could potentially find the passwords even with the hash). I would highly suggest fixing the hashing (adding a salt at the very least). Even if you are trustworthy, which we have no way of verifying (no offense to you, but this is how the internet works), but we certainly can’t trust whoever sees your server as a soft target to hack.
Ok, there is a strong need for some explanation here:
That conversation posted is real but incomplete. Glass and Arron were asking me about what requirements there were for setting up a server, my answer was that I’ll need to think about it. I started asking some questions about what was planned, focussing on what was relevant for me to know first.
To move the security issue out of the way first: I helped Glass set up a private server. When they asked about making that public I wanted to know about the target audience and advertisement first before making any judgement at all. I asked Arron some of this in private chat before, but recieved no response. I realize saying “but that’s your choice” was a mistake, but it was meant as an acknowledgement of a plan, not a “sure do whatever you want”.
There is some of the conversation missing in that screenshot, in which it became apparent that they wanted to develop the server further and some info on which contry they come from which I can understand why that part wasn’t posted. Then at 14:40 (Timzone of the screenshot) I wrote that I had to go, which I did, with the conclusion that Glass wanted to ask more questions, to which I said he could write them in chat and I would read them later.
I’ve not been on my PC until just now, and am quite sad to register these events.
To make it absolutely clear: From my point of view, I DID NOT give any kind of permission to open a public server. They asked for requirements but did not await a definite answer and decision. Me being friendly does not me I agree to anything.
Furthermore, I specifically discourage anybody to set up or join any such public server before a set of requirements has been written down and agreed upon by developers (@Jon002, myself, …), moderators (@HappyAngryCatfish, @Knightoffaith) and experts (@Live) as of now.
This means that Glass & Arron have neither permission nor blessing by any of us to make their server public at this point.
Finally, they have told me that @Prodigy_XD offered
and confirmed to be ableto hack Egmo’s database. This is just disgusting, no need to say anything else.
- The topic ‘Lego Universe ION removed? ( We had Xipho\'s permission )’ is closed to new replies.
Comments are currently closed.