Jump to content
Suzerain

Explanation For 2017/01/17 Downtime

By Suzerain, in Other

Recommended Posts

kuzzel    0

kuzzel
Posted
16 minutes ago, Wearfear said:

Either he modified the value of his character in the SQL Table, or he just gave himself highest GM permissions which will allow him to do what ever he want's like BAN,Server restart, Add gold, Add item, spawn NPC's. and so on.'

He did this by using SQL Injection try to google it, the basic are pretty simple, but can be some really really advanced injection querries.

That's pretty interesting, its a really cool but ballsy move to give this guy a GM title, hope he will make the best out of it!

 

And thanks for all the updates Elysium! You all are doing great! 

0

Share this post

Link to post
Share on other sites

Owlrrex    2

Owlrrex
Posted

Very well-handled by the team, I think you made the right decision by going the "rather safe than sorry" route and keep the services down until everything was settled. 

Also, I want to thank Auya for being so exceptionally 'soft-hearted' with his powers. Much, much worse things could have happened if you were less willing to cooperate, less honest about the exploit you found, or more malevolent in general. Honest advice: If you seek a job in IT security at some point, you might even consider putting this onto your resume!  

I'm glad things are back to normal soon, have fun everyone!

2

Share this post

Link to post
Share on other sites

Lifealert    19

Lifealert
Posted
27 minutes ago, Damodred said:

Thanks for your honesty, I'm proud of you guys. Now let's discuss about Anathema core...

What do you mean?

0

Share this post

Link to post
Share on other sites

Damodred    2

Damodred
Posted
17 minutes ago, Lifealert said:

What do you mean?

Since they are being honest, I think we should get more information about core's change.

0

Share this post

Link to post
Share on other sites

NoGnomo    7

NoGnomo
Posted (edited)

So the player (hunter) who traded Alexensual 80k gold, is Auya? (Kozilka~ from dreamstate?)

Edited by NoGnomo
0

Share this post

Link to post
Share on other sites

Lulz    1

Lulz
Posted
21 minutes ago, Cupcake said:

White hats are people with amazing self-control, for real.

 /B/ LULZSPEC 4 EVER!

0

Share this post

Link to post
Share on other sites

Lulz    1

Lulz
Posted
1 minute ago, NoGnomo said:

So the player (hunter) who traded Alexensual 80k gold, is Auya? (Kozilka~ from dreamstate?)

/b/ word on the street he open a ticket to see if this gold was legit...they traced it and it wasn't. but also anon person on reddit named hack4harambe discovered something while he was bored. hacked into the scum spamming gold sellers website (g4wow) and downloaded a massive file consisting a lot of data information... but besides that...something which the following could be it or everything;

 

1. account with access to GM powers and granting gold for its self.

2. glitch in selling/duping of an item

3. loophole of bypassing security from the database to run scripts for bots.

that's what is speculating right now at the moment.

 

~LULZSPEC 4 EVER

0

Share this post

Link to post
Share on other sites

Ironsides    35

Ironsides
Posted
8 hours ago, Suzerain said:

 As a result, we welcome Auya to the Elysium team who is tasked with making sure we are never in this position, ever again!
 


 

Oh great that's all we need is more <GRIZZLY> members on the staff here

0

Share this post

Link to post
Share on other sites

Mentathiel    5

Mentathiel
Posted
11 hours ago, NoGnomo said:

So the player (hunter) who traded Alexensual 80k gold, is Auya? (Kozilka~ from dreamstate?)

Are we even allowed to speculate on Auya's secret identity? I mean, the Terms of Use includes the following as a perma-ban offence.

Quote

Revealing the identity of an Elysium staff member;

 

0

Share this post

Link to post
Share on other sites

Snoopie    0

Snoopie
Posted

Big up to the people who made the breach and did it for the greater good & also big up to the team for handling it asap.

0

Share this post

Link to post
Share on other sites

Ironsides    35

Ironsides
Posted
10 hours ago, Mentathiel said:

Are we even allowed to speculate on Auya's secret identity? I mean, the Terms of Use includes the following as a perma-ban offence.

 

That refers to their real life identity brobeans. 

0

Share this post

Link to post
Share on other sites

Asherdoom    5

Asherdoom
Posted

well if that hacker hacked a goldsellers website and then robbed them some golds he did great so they maybe stop to spam local whispers concernign goldselling.

i believe hacker hiring was a great idea aswell as he can help in security matters. Good job elysium!

1

Share this post

Link to post
Share on other sites

Wirt    8

Wirt
Posted
On 2017-01-17 at 9:58 PM, Suzerain said:

We have made contact with the individuals whom gained access, and they did not have the intention of harming us. Rather, they were more interested in testing our security measures. In fact, they have agreed to help us to find any remaining security breaches. As a result, we welcome Auya to the Elysium team who is tasked with making sure we are never in this position, ever again!

So first you tell us these hackers had no intentions to harm. Yet harm was done the very second they started creating gold, übercharacters and so on. Also you confirm yourselves you were wrong 2 days later:

On 2017-01-19 at 8:13 PM, Fenrir said:

Through our investigation of the recent database issues, we have continued to find additional issues that one of the infiltrators had put on our plate. Through the help of our newest team member, Auya, we were able to discover a number of characters that were created with the sole purpose of selling the characters for real life money. To this point, we have identified and banned 38 characters. Our investigation continues as we dig deeper as I am certain that there are more created characters that are still out there and need justice dispensed. In regards to a specific warlock that has been reported to our team by dozens of players, there was clear major exploitation in both raids and PvP and, as a result, all accounts associated to this person’s IP have been permanently banned.

My questions to you are:

From what you know, has any hacker had access since the 17 January?

Who is Auya? Was he in the group of hackers that created gold, übercharacters and so on? You told us these individuals had no intention of harm and that turned out to be false. Why can Auya be trusted if he was within this group?

0

Share this post

Link to post
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now
Go To Topic Listing Other
×