-
Posts
-
Penguin
Posts: 0@admin did you not receive these reports I sent through Contact Form ?..
I was in the process of writing more bug reports too when you pulled off that move…
Bye. (You can delete this post like you seem to enjoy doing at this time)Hi lodni, yes your one report was received when we reached out and asked for it. It did play a part in reducing punishment (no loss of items). Your post isn’t being deleted because it doesn’t break forum rules.
Polar Bear
Posts: 34Reducing punishment? No loss of items? lol You reset their characters, easily the harshest move possible over something they never benefited from in the first place.
Who cares if they have their items when you’ve made sure they’d quit the game lol
Penguin
Posts: 3One? you’re missing at least 2 there..
From what was fixed I’m assuming you only got the URGENT — Server Crash on Move
did you receive the version asking for a different method to send you bug reports ’cause I wasn’t receiving feedback, they contained information you don’t want to see on forums and the lack of formatting was killing me?or the one with 2 lines of code?
if the latter maybe test your contact form with long texts,
also… while we’re talking, I’m quite curious as to how could Therieth possibly be implicated? that guy left a month ago… I saw him once when he logged to give his stuff
as for your punishment, you erased months of gameplay from Krill which as far as I know tried the warp glitch the day I discovered it while I was documenting it and found out it was possible to crash server with it… ban me(and honestly, that much of a setback is akin to a ban) if you want to lose out on future reports but your aim isn’t very precise with this action you took, aside me and to a lesser extent Krill, nobody else affected by your action had more than the knowledge of something potentially causing a server crash, nothing on the how
good luck
Penguin
Posts: 3btw, nothing was gained from these “abuse” you mention, worst we did was crash the server to fix lag.
or worse abuse was warping an alt 5 or so times to Marketplace to spook someone
I could go long about how I could actually have used that to commit many different kinds of abuse but I’ll let your imagination go on that one, think of all those day-long timer skip you do on restarts
Penguin
Posts: 2I have a question. A few months ago the admin posted about all of the ML data being hacked and mirrored by a group of south African hackers. Did they have access to our usernames and passwords and is our login credentials safe? Why doesn’t the admin/dev use 2fa?
I tried contacting the admin but never got a reply. Is this a bug?
Polar Bear
Posts: 34Well, this is an interesting result. I’m not sure what to say since it seems everything I actually reported was completely ignored and the fact that the net gain of all exploits was zero. This part of the post in the dev notes is particularly troubling:
A few people have provided a LOT of data on exploits, and I wanted to wait until they were finished poking around, without spooking them too much.
This hurts the most, as it shows that you would rather lead us on than reach out and treat us like humans. It doesn’t help that your contact form is either broken or you’ve been ignoring emails. Often I had to wait for you to appear in-game or pass things on through TheFurious in order to get reports to you. Some of them you picked up on so quickly there wasn’t even a chance to report – i.e. the one where you were able to craft anything that didn’t have a cost attached to it, which was fixed while we were discussing the best way to report it to you. I even deleted everything we made with it afterwards. Hell, one time we cleaned out our own vault trying to perfect a dupe to be reported.
I’m not the kind of person to try and hide exploits for benefit, generally if I don’t report them straight up I like to make them obvious so that they are fixed quickly. If you had reached out to me and my friends rather than taking advantage of our love for your game then things would’ve been much smoother for everyone.
Best of luck to you.
Hi CLegless, don’t worry the data that was taken did not contain any passwords, only player data like levels and coordinates. The password data is in a different location and is encrypted anyways, so not even we can access your passwords.
Ekyo you will have to provide more evidence on these other reports you say you sent as we never received anything like that – just the movement code you mentioned and isn’t a part of the punishment. If you don’t know about Therieth exploiting or think there was nothing to gain then you haven’t been told the whole story. Some items were gained due to exploits for example a Dash 3 book. In early December Krill was recorded saying: 08:35 Krill: /tc hence why I still use my speedhack occasionally despite saying I’d report it weeks ago
We have only recieved 1 report from Krill on behalf of Badboy, back in early November, and he was in good standing at that point until he starting abusing several exploits dealing with items, movement, client crashes during pvp, and others. We made sure it was all proven in the logs. Not a single report on these – but weeks of abuse resulting in a ton of reports from players including video evidence. We even gave him a chance to come clean on all of these by reaching out with an email but he didn’t admit to them, and just had you send the one report instead.
Polar Bear
Posts: 34Ouch. The client crashing was a side-effect of a completely different bug which I didn’t even realize was happening until I noticed the strange behavior on another alt. The bug in question was the ability to use float values when changing costume, which from what I could tell did two things:
– Crashed your own client, and
– Made you invisible to others.Before I reported this the worst that was done was to eavesdrop on a conversation happening in crossroads.
One thing that you failed to mention in your response was that I dumped a large number of bugs on TheFurious via Discord PMs as I was unable to find you in-game to discuss them, which he said he would pass on to you. I know TheFurious is a respectable and trusted player with a fast way to contact you and from what I was able to tell he was true to his word – the bugs I passed on were fixed within 3 or 4 days. The “speedhack” and costume trick was included as part of this.
You are welcome to continue to trawl through tribe logs for evidence against me or my tribemates but the reality is there was no harm done, intentionally or otherwise. If those were our intentions there would be nothing in tribe chat for you to go off of.
Penguin
Posts: 2Thanks for the reply Kay, but I am confused as to how you say the data for passwords is encrypted when I can clearly read my passwords when capturing the packets. Can you please tell me what type of encryption you are using? Because I highly doubt simply base64 encoding a password constitutes such as encryption.
If you need help providing a safer more secure way to transfer data you may message me. Thanks!
Penguin
Posts: 3He didn’t exactly “have me” send that report, he was a bystander in that one and reminded me that maybe we should send the report we’d been working on. He helped me figure it out and document it before we realized it only came down to the server not checking types which messed up operations like movement.
For the missing reports and the other stuff you mentioned just now, I wasn’t even aware of the game’s existence back in December but it does not matter, what is done is done
I’d been pushing back taking a break from the game for a while, this is a gentle nudge for me
Best of luck to you with the newborn
Penguin
Posts: 1Hi Krill, just wanted to clear some things up:
-reporting to another player is not reliable, and can’t be counted as reporting bugs to me
-you already established a means of contacting me, and successfully used it to report the character duping (and more recently that your tribemate was hacked)
-abusing bugs repeatedly is obviously not okay whether you reported them or not!
-you must report ASAP and not wait days or weeks after the exploit is discovered
-you must report even after something appears to be fixed
-saying you were planning to report something doesn’t help me unfortunately, and anyone could claim that afterwards
-please don’t assume I should be reaching out to you. Even though I eventually did, it’s your responsibility to deliver your findings to me
-you would get confirmation from me if you successfully reported a serious exploit (it being fixed is not confirmation I received the report from you). For instance with the 1 report you sent me on behalf of Badboy I immediately teleported into your base, became visible and started chatting with him about the specifics of the report.If you do love the game and have good will as you say, then you should be making absolutely sure I’m kept aware of your findings. From my perspective it looks like you were showing them off to players on multiple servers and using them during pvp, resulting in a bunch of reports against you. I never heard anything from you about any of the exploits you discovered, so I had to spend my time reproducing them all.
So with that said I just went ahead and checked with TheFurious to see if you reported anything since I never received any of this from him. He did confirm that on the 8th of December you sent him information on the item bug that was already fixed, and the costume/invis bug which I had to figure out on my own later. TheFurious says he passed them along to me through steam (I wasn’t on discord at this time), but I never received them it seems. You assumed I got it because I happened to fix it, but that was me reverse engineering it based off of reports you abused it in PvP. The speedhack wasn’t mentioned, and you claimed in the chatlog above that you didn’t report it despite saying you would weeks ago. It appears you also said ‘I like to have some fun first’ when referring to the exploits with TheFurious, but you have to understand that’s still breaking the rule for bug abuse.
So now you see why it looks pretty bad from my end. Once it seems someone is actively hiding exploits from me and abusing them I will just go into evidence collecting mode. Since it was confirmed you did make a small effort to report two of these bugs, although it wasn’t successful, I am open to partially restoring some myst upgrades for you if you reach out to me. Only on your main UST character. Please follow appropriate guidelines for reporting in the future, without abusing your findings, and I will happily award you diamonds. You have my email 🙂
Closing this topic.
The topic ‘On-demand Server Crash’ is closed to new replies.