totally believable confession as the abysmal spelling indicates that you're an empty shell. you'd definitely fit the profile.It's to late. The "server" you speak of will never be stopped. Durf did help me, credit is given where credit is do.
PSA: Pick good passwords, armathentication not super-secure
Re: PSA: Pick good passwords, armathentication not super-sec
What a waste of energy. "No-lifers" doesn't even describe properly what these people are since it sounds like they're not affecting others. I'll never understand what people find satisfying about doing something like this.
Re: PSA: Pick good passwords, armathentication not super-sec
Ah, I'm monumentally stupid, but at least I'm not alone I had the IP address the Moonlight account was taken over from all along, it's 67.86.172.77. When looking for matches, it found one forum user, [Anonymous]. My conclusion immediately was "Oh, they just use the same proxy network, dead end". But now I also checked the master logs for that IP, and it has been very active this whole month and this month only. Not typical for a proxy. It's someone's home IP, and that someone forgot to hide it three times.
I can't personally confirm a link between [Anonymous] and Rookie, but it does seem very likely they're the same.
So to server admins: If you want to make it marginally more secure for your players, ban that IP for the time being. He surely can work around an IP ban, but it makes it a little unpleasant for him to play on your servers, which would make it less likely he can lure your players away into a trap server. If you like, check your server logs to see who he authenticated as; Rookie@forums, Amaso@forums etc. are probably things you'll find.
No servers are or were active on that IP.
The xXSyagehtllikXx was supposed to be banned, but I pressed the wrong button on him once and made him immune. And yeah, it's one of Rookie's countless ban evasion accounts.
I have currently no intention of taking action against the [Anonymous] forum account, even though of course account hijacking is plenty a reason. I personally see this as a well deserved and needed kick in my butt to get back to coding, which I do enjoy. The coding, not the kicking. Plus, [Anonymous] is his nicest incarnation yet. Please stay pleasant, [Anonymous], OK?
I can't personally confirm a link between [Anonymous] and Rookie, but it does seem very likely they're the same.
So to server admins: If you want to make it marginally more secure for your players, ban that IP for the time being. He surely can work around an IP ban, but it makes it a little unpleasant for him to play on your servers, which would make it less likely he can lure your players away into a trap server. If you like, check your server logs to see who he authenticated as; Rookie@forums, Amaso@forums etc. are probably things you'll find.
No servers are or were active on that IP.
The xXSyagehtllikXx was supposed to be banned, but I pressed the wrong button on him once and made him immune. And yeah, it's one of Rookie's countless ban evasion accounts.
I have currently no intention of taking action against the [Anonymous] forum account, even though of course account hijacking is plenty a reason. I personally see this as a well deserved and needed kick in my butt to get back to coding, which I do enjoy. The coding, not the kicking. Plus, [Anonymous] is his nicest incarnation yet. Please stay pleasant, [Anonymous], OK?
Re: PSA: Pick good passwords, armathentication not super-sec
I love you, Z-man.
"Dream as if you'll live forever,
Live as if you'll die today." -James Dean
Re: PSA: Pick good passwords, armathentication not super-sec
Yeah, I'm frankly not sure if any of my closest friends are capable of as much empathy as he is (including the one who, until recently, used to have three simultaneous girlfriends who didn't know from one another). I'd be OK if they add a slot for him to the Holy Trinity, making it a quadrality. Maybe even for some more arma devs, but Lucifer would be hard to sell for obvious reasons.
(For those who say I regularly smarn over him, in this instance I did that probably for the first time. )
(For those who say I regularly smarn over him, in this instance I did that probably for the first time. )
Re: PSA: Pick good passwords, armathentication not super-sec
Lately I've noticed Word is single-handedly destroying the stereotype that Germans have no sense of humor.Word wrote:...but Lucifer would be hard to sell for obvious reasons.
Last edited by sinewav on Sat Aug 29, 2015 8:59 pm, edited 3 times in total.
Re: PSA: Pick good passwords, armathentication not super-sec
Not so sure about that. You should probably take your GID out of player settings altogether.Z-Man wrote: Disable auto-login and only authenticate when you need to, on servers you trust.
I've always had auto login disabled. I just entered a server to be greeted with this:
The GID I had in my player settings was an aagid one.
It also tried to force me to authenticate on the next round, but not again after that.
I left and came back and it only tried on the first round and not a second, this time.
Maybe it's nothing, I just find it strange.
Re: PSA: Pick good passwords, armathentication not super-sec
Interesting... if its logged inConVicT wrote:I've always had auto login disabled. I just entered a server to be greeted with this:
ASL entered the game
This server does not support authentication of the type you requested, sorry.
Oh, and try to stay away from easy passwords like this one:
Don't you know how common of a password that is though?
Probably the first one hackers try...
Re: PSA: Pick good passwords, armathentication not super-sec
I don't understand what the hell you meanaP|Nelg wrote: Interesting... if its logged in.
As for a weak password, I have 21+I won't say how many more characters in my pass and I'm always certain it's strong.
Re: PSA: Pick good passwords, armathentication not super-sec
Better get to typin', cause your password is a prolongin'!ConVicT wrote:As for a weak password, I have 21+I won't say how many more characters in my pass and I'm always certain it's strong.
Sorry, just had to do that...
Stupid glitched teleport zone still wont turn blue? dang it! The deathzone turned green!
It is my job to confuse you...ConVicT wrote:I don't understand what the hell you mean
...and I left a shadow of a doubt!
Re: PSA: Pick good passwords, armathentication not super-sec
I don't know if that's a well known something or other.aP|Nelg wrote:Better get to typin', cause your password is a prolongin'!ConVicT wrote:As for a weak password, I have 21+I won't say how many more characters in my pass and I'm always certain it's strong.
Are you saying I should cut out the G's? Gee
I told you do target zones. You drunk?aP|Nelg wrote: Stupid glitched teleport zone still wont turn blue? dang it! The deathzone turned green!
Re: PSA: Pick good passwords, armathentication not super-sec
Be a boss, dont login.
Re: PSA: Pick good passwords, armathentication not super-sec
Yes, Meaty, most are shit-faced tonight, we forgive you.
I'm glad I'm not pissed in this mind-boggler's companyaP|Nelg wrote: It is my job to confuse you...
...and I left a shadow of a doubt!
Re: PSA: Pick good passwords, armathentication not super-sec
@Sinewav:
Haha, thanks. And that image is great. I wonder for how long the papal riches would suffice to afford the necessary amount of eucharistic bread though... (hosts? cookies? that question might cause another schism)
Haha, thanks. And that image is great. I wonder for how long the papal riches would suffice to afford the necessary amount of eucharistic bread though... (hosts? cookies? that question might cause another schism)
Re: PSA: Pick good passwords, armathentication not super-sec
Oh. Right... It's probably a convenience feature on that server. The client code has to react the way it does to support a standard feature. We may have to break that.ConVicT wrote:Not so sure about that. You should probably take your GID out of player settings altogether.Z-Man wrote: Disable auto-login and only authenticate when you need to, on servers you trust.
I've always had auto login disabled. I just entered a server to be greeted with this:
Which server was that, by the way?
- Lucifer
- Project Developer
- Posts: 8640
- Joined: Sun Aug 15, 2004 3:32 pm
- Location: Republic of Texas
- Contact:
Re: PSA: Pick good passwords, armathentication not super-sec
Ack! Word! How dare you suggest that you might try to elevate me to some part of the Holy Trinity? WTF were you thinking? If Catholic myth is to be believed, I'm *obviously* on the side of Lucifer and his rebels, and not Yahweh and his fascist league of angels.
Jeez. You, of all people, should know that!
Now that the important business has been addressed, let's get to the lesser part.
I actually feel bad about not raising this issue several years ago (by several I mean something like 8 years ago). I don't remember the details, so I may have mentioned something back then and gotten a "It's not that big of a threat" and I just got quiet because, well, we were obviously naive. But I joined a server, tried to login, failed repeatedly, and a few days later I noticed I had my client set to login to the server, not using the global ID, and I thought to myself, "What a wonderful world! What a wonderful world! And, oh yeah, someone now has information on a server they could use to crack my forum account."
Jeez. You, of all people, should know that!
Now that the important business has been addressed, let's get to the lesser part.
I actually feel bad about not raising this issue several years ago (by several I mean something like 8 years ago). I don't remember the details, so I may have mentioned something back then and gotten a "It's not that big of a threat" and I just got quiet because, well, we were obviously naive. But I joined a server, tried to login, failed repeatedly, and a few days later I noticed I had my client set to login to the server, not using the global ID, and I thought to myself, "What a wonderful world! What a wonderful world! And, oh yeah, someone now has information on a server they could use to crack my forum account."