Someone is selling stolen account passwords!

User avatar
SONOFSATAN
Member
 
Posts: 38
Joined: Mon Dec 07, 2015 16:55
Location: floridia USA
IRC: SONOFSATAN stevr59
In-game: SONOFSATAN

Someone is selling stolen account passwords!

by SONOFSATAN » Thu Feb 15, 2018 00:34

I had a player today named mirciol ip-addy 151.25.141.71 selling stolen account passwords from Banana Land severs wich i had my admin ban this player for doing such here what he posted in chat. (02/14/18 06:43:02 PM) [mirciol]: i give away(sell)password of stoled account with diams and everything (a lot)of server(Banana Land)
(02/14/18 06:43:37 PM) [mirciol]: i guess noone wants........ passing this along for other severs to be on the look out.
SONOS Raspberry pi server nyx.no-ip.org:30001
SONOS -MT server www.swh59.com:30002
 

Chem871
Member
 
Posts: 629
Joined: Sat Aug 19, 2017 21:49
Location: Ankh-Morpork
GitHub: Chemguy99
In-game: Chem
 

User avatar
SONOFSATAN
Member
 
Posts: 38
Joined: Mon Dec 07, 2015 16:55
Location: floridia USA
IRC: SONOFSATAN stevr59
In-game: SONOFSATAN

Re: Selling stolen account passwords!

by SONOFSATAN » Thu Feb 15, 2018 01:16

Chem871 wrote:I remember TELESIGHT banned you from Skywars, because you yourself were a hacker.

I dont recall playing there and for being hacker all i ever did was use a hacked client. and most who know me know me as being helpfull and nice.
SONOS Raspberry pi server nyx.no-ip.org:30001
SONOS -MT server www.swh59.com:30002
 

User avatar
VanessaE
Moderator
 
Posts: 4096
Joined: Sun Apr 01, 2012 12:38
Location: Waynesville, NC
GitHub: VanessaE
IRC: VanessaE
In-game: VanessaE

Re: Selling stolen account passwords!

by VanessaE » Fri Feb 16, 2018 19:44

Guys, anyone who claims to have "stolen" minetest passwords is full of shit. I'm reasonably sure my server machine (which is where Bananaland is hosted) has no way in except for the few legit users, and there's no way at all for a minetest client to retrieve a server's passwords file.

More likely, he has simply figured out a few users' passwords. A lot of people when they create accounts on a website or minetest server simply pick a common word, or use their birthday, or stuff like 123456 or just "password". Stuff that's easily guessed.
You might like some of my stuff: Plantlife ~ More Trees ~ Home Decor ~ Pipeworks ~ HDX Textures (16-512px)
 

User avatar
rubenwardy
Moderator
 
Posts: 5006
Joined: Tue Jun 12, 2012 18:11
Location: United Kingdom
GitHub: rubenwardy
IRC: rubenwardy
In-game: rubenwardy

Re: Selling stolen account passwords!

by rubenwardy » Fri Feb 16, 2018 19:45

If they do have passwords, it's likely due to the owner telling them or using an easy password (eg: "password" or their username)
 

User avatar
SONOFSATAN
Member
 
Posts: 38
Joined: Mon Dec 07, 2015 16:55
Location: floridia USA
IRC: SONOFSATAN stevr59
In-game: SONOFSATAN

Re: Selling stolen account passwords!

by SONOFSATAN » Sat Feb 17, 2018 02:33

VanessaE wrote:Guys, anyone who claims to have "stolen" minetest passwords is full of shit. I'm reasonably sure my server machine (which is where Bananaland is hosted) has no way in except for the few legit users, and there's no way at all for a minetest client to retrieve a server's passwords file.

More likely, he has simply figured out a few users' passwords. A lot of people when they create accounts on a website or minetest server simply pick a common word, or use their birthday, or stuff like 123456 or just "password". Stuff that's easily guessed.
Stolen or not i just posted what he said on my server. and ban his acount for it. stolen or quessed he should not be selling or giving a way user accounts.
SONOS Raspberry pi server nyx.no-ip.org:30001
SONOS -MT server www.swh59.com:30002
 

User avatar
Vapalus
Member
 
Posts: 59
Joined: Wed Nov 15, 2017 17:16

Re: Someone is selling stolen account passwords!

by Vapalus » Mon Feb 19, 2018 09:06

The usual trick is to create a server yourself, and to try the logins people were using on your server somewhere else.
This is probably one of the bigger issues with passwords and password policies...
A man much wiser than me once said: "go away, you are bothering me"
 

User avatar
GamerPro999
Member
 
Posts: 32
Joined: Mon Dec 18, 2017 16:49
In-game: GamerPro999

Re: Someone is selling stolen account passwords!

by GamerPro999 » Mon Feb 19, 2018 13:30

Mirciol come on the Survival X server too. he said he give bank account with a lot of money by giving diamond, messe and gold. i see it yesterday (18 Feb 2018) thx to ban him on that server cause he create trouble ;-)
In Game Name: GamerPro999
 

User avatar
ExeterDad
Member
 
Posts: 1605
Joined: Sun Jun 01, 2014 20:00
Location: New Hampshire U.S.A
In-game: ExeterDad

Re: Someone is selling stolen account passwords!

by ExeterDad » Mon Feb 19, 2018 15:22

Vapalus wrote:The usual trick is to create a server yourself, and to try the logins people were using on your server somewhere else.
This is probably one of the bigger issues with passwords and password policies...

This is completely wrong. The plain text passwords never make it to the server. They are hashed and unusable with Minetest's SRP mechanism. The only way a server operator would know the password is if the player requested the password was reset by the Admin, and the player gave the Admin a password to change it to.
 

User avatar
Linuxdirk
Member
 
Posts: 1218
Joined: Wed Sep 17, 2014 11:21
Location: Germany
GitHub: 4w
In-game: Linuxdirk

Re: Someone is selling stolen account passwords!

by Linuxdirk » Mon Feb 19, 2018 18:20

ExeterDad wrote:The only way a server operator would know the password is if the player requested the password was reset by the Admin, and the player gave the Admin a password to change it to.

Well …

https://github.com/minetest/minetest/issues/6858
 

User avatar
sorcerykid
Member
 
Posts: 718
Joined: Fri Aug 26, 2016 15:36
Location: Illinois, USA
In-game: Nemo

Re: Someone is selling stolen account passwords!

by sorcerykid » Mon Feb 19, 2018 19:41

It's possible to compromise accounts that have been purged from the authentication database. This is one of the reasons accounts on my server are preserved indefinitely and after a period of 90 days are automatically disabled.
 


Return to Servers



Who is online

Users browsing this forum: No registered users and 6 guests