Hey, I think there needs to be an admin verification command, because we have a persistent hacker aboard the server, who keeps entering as me (The Owner) and the Co-Owner.
Maybe when you are promoted as an op+ it will ask you for a password. ex.
Please select a Password using /pass set [password]
The when you enter the server it should ask
Please verify yourself with /pass [password]
If you do not enter the password correctly it can send a message to ops+.
So the point of it is to not let any person op+ use commands without verifying that they are who they claim to be.
That is my most major concern about the software, and If it isn't fixed I'll have to host with another software.
Some of my levels are being deleted and many people are becoming banned because of this.
Thanks for reading, stardust0123, Owner of DTA Lava Survival and VP of Dodge Them All
Admin Verification. (/pass)
3 posts
• Page 1 of 1
Admin Verification. (/pass)
by stardust0123 » 25 Jun 2012, 00:35
- stardust0123
- Posts: 14
- Joined: 25 Jun 2012, 00:21
Re: Admin Verification. (/pass)
by dzienny » 25 Jun 2012, 02:23
Unfortunately there was a bug in the previous version of MCDzienny that concered the authentication process, so that a malicious person with a help of a server salt generator could log in as a random person of course not knownig any passwords. It's because minecraft passwords are not used at any point of connecting to the server. Instead a secret number generated by minecraft.net is used. This number changes in time and is different for different servers. It also expires when the server is restarted. So there should be no concern about safety of accounts. You can say Notch made sure of this.
The problem with the authentication was solved in the version 8.2, it appeared that the old salt generator wasn't entirely removed. Anyway if you updated the software you shouldn't encounter this abuses ever again.
Also you can send me ips of the people that took part in it.
The problem with the authentication was solved in the version 8.2, it appeared that the old salt generator wasn't entirely removed. Anyway if you updated the software you shouldn't encounter this abuses ever again.
Also you can send me ips of the people that took part in it.
-
dzienny - Administrator
- Posts: 1181
- Joined: 23 Jan 2011, 14:27
Re: Admin Verification. (/pass)
by stardust0123 » 25 Jun 2012, 18:01
Thank you dzienny, as i was worried I'd have to shutdown my server for good. I am not sure of the IP address as they keep changing it. Now I can run my server and feel confident that no hackers can get into our accounts.
Thanks for reading, stardust0123, Owner of DTA Lava Survival and VP of Dodge Them All
Thanks for reading, stardust0123, Owner of DTA Lava Survival and VP of Dodge Them All
- stardust0123
- Posts: 14
- Joined: 25 Jun 2012, 00:21
3 posts
• Page 1 of 1
Who is online
Users browsing this forum: No registered users and 7 guests