Someone is selling stolen account passwords!
- SONOFSATAN
- Member
- Posts: 47
- Joined: Mon Dec 07, 2015 16:55
- IRC: SONOFSATAN stevr59
- In-game: SONOFSATAN
- Location: floridia USA
- Contact:
Someone is selling stolen account passwords!
I had a player today named mirciol ip-addy 151.25.141.71 selling stolen account passwords from Banana Land severs wich i had my admin ban this player for doing such here what he posted in chat. (02/14/18 06:43:02 PM) [mirciol]: i give away(sell)password of stoled account with diams and everything (a lot)of server(Banana Land)
(02/14/18 06:43:37 PM) [mirciol]: i guess noone wants........ passing this along for other severs to be on the look out.
(02/14/18 06:43:37 PM) [mirciol]: i guess noone wants........ passing this along for other severs to be on the look out.
SONOS Raspberry pi server nyx.no-ip.org:30001
SONOS -MT server www.swh59.com:30002
SONOS -MT server www.swh59.com:30002
-
- Member
- Posts: 999
- Joined: Sat Aug 19, 2017 21:49
- GitHub: Chemguy99
- In-game: Chem Nyx
- Location: My Basement's Attic
Re: Selling stolen account passwords!
I remember TELESIGHT banned you from Skywars, because you yourself were a hacker.
What is SCP-055?
- SONOFSATAN
- Member
- Posts: 47
- Joined: Mon Dec 07, 2015 16:55
- IRC: SONOFSATAN stevr59
- In-game: SONOFSATAN
- Location: floridia USA
- Contact:
Re: Selling stolen account passwords!
I dont recall playing there and for being hacker all i ever did was use a hacked client. and most who know me know me as being helpfull and nice.Chem871 wrote:I remember TELESIGHT banned you from Skywars, because you yourself were a hacker.
SONOS Raspberry pi server nyx.no-ip.org:30001
SONOS -MT server www.swh59.com:30002
SONOS -MT server www.swh59.com:30002
- VanessaE
- Moderator
- Posts: 4655
- Joined: Sun Apr 01, 2012 12:38
- GitHub: VanessaE
- IRC: VanessaE
- In-game: VanessaE
- Location: Western NC
- Contact:
Re: Selling stolen account passwords!
Guys, anyone who claims to have "stolen" minetest passwords is full of shit. I'm reasonably sure my server machine (which is where Bananaland is hosted) has no way in except for the few legit users, and there's no way at all for a minetest client to retrieve a server's passwords file.
More likely, he has simply figured out a few users' passwords. A lot of people when they create accounts on a website or minetest server simply pick a common word, or use their birthday, or stuff like 123456 or just "password". Stuff that's easily guessed.
More likely, he has simply figured out a few users' passwords. A lot of people when they create accounts on a website or minetest server simply pick a common word, or use their birthday, or stuff like 123456 or just "password". Stuff that's easily guessed.
You might like some of my stuff: Plantlife ~ More Trees ~ Home Decor ~ Pipeworks ~ HDX Textures (64-512px)
- rubenwardy
- Moderator
- Posts: 6972
- Joined: Tue Jun 12, 2012 18:11
- GitHub: rubenwardy
- IRC: rubenwardy
- In-game: rubenwardy
- Location: Bristol, United Kingdom
- Contact:
Re: Selling stolen account passwords!
If they do have passwords, it's likely due to the owner telling them or using an easy password (eg: "password" or their username)
- SONOFSATAN
- Member
- Posts: 47
- Joined: Mon Dec 07, 2015 16:55
- IRC: SONOFSATAN stevr59
- In-game: SONOFSATAN
- Location: floridia USA
- Contact:
Re: Selling stolen account passwords!
Stolen or not i just posted what he said on my server. and ban his acount for it. stolen or quessed he should not be selling or giving a way user accounts.VanessaE wrote:Guys, anyone who claims to have "stolen" minetest passwords is full of shit. I'm reasonably sure my server machine (which is where Bananaland is hosted) has no way in except for the few legit users, and there's no way at all for a minetest client to retrieve a server's passwords file.
More likely, he has simply figured out a few users' passwords. A lot of people when they create accounts on a website or minetest server simply pick a common word, or use their birthday, or stuff like 123456 or just "password". Stuff that's easily guessed.
SONOS Raspberry pi server nyx.no-ip.org:30001
SONOS -MT server www.swh59.com:30002
SONOS -MT server www.swh59.com:30002
Re: Someone is selling stolen account passwords!
The usual trick is to create a server yourself, and to try the logins people were using on your server somewhere else.
This is probably one of the bigger issues with passwords and password policies...
This is probably one of the bigger issues with passwords and password policies...
A man much wiser than me once said: "go away, you are bothering me"
- GamerPro999
- Member
- Posts: 57
- Joined: Mon Dec 18, 2017 16:49
- In-game: GamerPro999
Re: Someone is selling stolen account passwords!
Mirciol come on the Survival X server too. he said he give bank account with a lot of money by giving diamond, messe and gold. i see it yesterday (18 Feb 2018) thx to ban him on that server cause he create trouble ;-)
In Game Name: GamerPro999
- ExeterDad
- Member
- Posts: 1717
- Joined: Sun Jun 01, 2014 20:00
- In-game: ExeterDad
- Location: New Hampshire U.S.A
Re: Someone is selling stolen account passwords!
This is completely wrong. The plain text passwords never make it to the server. They are hashed and unusable with Minetest's SRP mechanism. The only way a server operator would know the password is if the player requested the password was reset by the Admin, and the player gave the Admin a password to change it to.Vapalus wrote:The usual trick is to create a server yourself, and to try the logins people were using on your server somewhere else.
This is probably one of the bigger issues with passwords and password policies...
HOMETOWN -Our little server. Keep the HOMETOWN chatter @ http://hometownserver.com - Our server map: http://media.hometownserver.com
- Linuxdirk
- Member
- Posts: 3218
- Joined: Wed Sep 17, 2014 11:21
- In-game: Linuxdirk
- Location: Germany
- Contact:
Re: Someone is selling stolen account passwords!
Well …ExeterDad wrote:The only way a server operator would know the password is if the player requested the password was reset by the Admin, and the player gave the Admin a password to change it to.
https://github.com/minetest/minetest/issues/6858
- sorcerykid
- Member
- Posts: 1842
- Joined: Fri Aug 26, 2016 15:36
- GitHub: sorcerykid
- In-game: Nemo
- Location: Illinois, USA
Re: Someone is selling stolen account passwords!
It's possible to compromise accounts that have been purged from the authentication database. This is one of the reasons accounts on my server are preserved indefinitely and after a period of 90 days are automatically disabled.
- TechNolaByte
- Member
- Posts: 465
- Joined: Wed May 10, 2017 21:00
- GitHub: TechNolaByte
Re: Selling stolen account passwords!
Uhh you just said you don't recall playing there then you said you used a hacked client(which is what hacking is) on that serverSONOFSATAN wrote:I dont recall playing there and for being hacker all i ever did was use a hacked client. and most who know me know me as being helpfull and nice.Chem871 wrote:I remember TELESIGHT banned you from Skywars, because you yourself were a hacker.
if I'm wrong please let me know
The great quest of alchemy neither failed nor attained gold; programmers are those great alchemists who transmute caffeine into code.
- VanessaE
- Moderator
- Posts: 4655
- Joined: Sun Apr 01, 2012 12:38
- GitHub: VanessaE
- IRC: VanessaE
- In-game: VanessaE
- Location: Western NC
- Contact:
Re: Someone is selling stolen account passwords!
RSL, using a so-called "hacked" client does not itself constitute hacking. That's merely cheating, which imho is still a bannable offense. Nevermind that Minetest being free open source software means there's really no such thing as a "hacked client" in the first place. It's merely a client that has been modified in a way that makes it easier to cheat, but not which has simply been modified to make it easier to use normally or patched to fix a bug or something.
Hacking a server requires more than just a non-standard client, it requires actively trying to breach the server's security to reveal or gain access to data stored there that isn't normally made available to clients, or to grant oneself abilities and materials only accessible by normal play (if at all), such as granting oneself "creative" priv, or giving oneself a more powerful tool such as an admin pick.
Such things depend on there being exploits and vulnerabilities on the server (either Minetest itself, or in one of the external services or tools running on the machine hosting the Minetest instance), such as the WorldEdit //lua vulnerability that happened a while back, or if someone were to, say, find a way to break in via ssh.
Hacking a server requires more than just a non-standard client, it requires actively trying to breach the server's security to reveal or gain access to data stored there that isn't normally made available to clients, or to grant oneself abilities and materials only accessible by normal play (if at all), such as granting oneself "creative" priv, or giving oneself a more powerful tool such as an admin pick.
Such things depend on there being exploits and vulnerabilities on the server (either Minetest itself, or in one of the external services or tools running on the machine hosting the Minetest instance), such as the WorldEdit //lua vulnerability that happened a while back, or if someone were to, say, find a way to break in via ssh.
You might like some of my stuff: Plantlife ~ More Trees ~ Home Decor ~ Pipeworks ~ HDX Textures (64-512px)
- TechNolaByte
- Member
- Posts: 465
- Joined: Wed May 10, 2017 21:00
- GitHub: TechNolaByte
Re: Someone is selling stolen account passwords!
Oh ok I'm sorry. Thanks for correcting meVanessaE wrote:RSL, using a so-called "hacked" client does not itself constitute hacking. That's merely cheating, which imho is still a bannable offense. Nevermind that Minetest being free open source software means there's really no such thing as a "hacked client" in the first place. It's merely a client that has been modified in a way that makes it easier to cheat, but not which has simply been modified to make it easier to use normally or patched to fix a bug or something.
Hacking a server requires more than just a non-standard client, it requires actively trying to breach the server's security to reveal or gain access to data stored there that isn't normally made available to clients, or to grant oneself abilities and materials only accessible by normal play (if at all), such as granting oneself "creative" priv, or giving oneself a more powerful tool such as an admin pick.
Such things depend on there being exploits and vulnerabilities on the server (either Minetest itself, or in one of the external services or tools running on the machine hosting the Minetest instance), such as the WorldEdit //lua vulnerability that happened a while back, or if someone were to, say, find a way to break in via ssh.
The great quest of alchemy neither failed nor attained gold; programmers are those great alchemists who transmute caffeine into code.
- SONOFSATAN
- Member
- Posts: 47
- Joined: Mon Dec 07, 2015 16:55
- IRC: SONOFSATAN stevr59
- In-game: SONOFSATAN
- Location: floridia USA
- Contact:
Re: Selling stolen account passwords!
like i said i don't recall ever playing on that sever.. i mainly used the client on the pizza server and the admin was OK with that. i used it a lot on there helping players remove water from giefing. and doing sky builds. to be honest i never played on that many severs and the ones who ban me was over using this name. i never used the client to harm a sever or other players, now i have cheated to removed protected gerfing so i could help played clean up after a dreamchrusher , MVK and whyulie attack. but i am one of the most hated player on minetest an that's mainly due to my name and over use of caps and typos. but that there problem as most who know me know i am super nice and helpful. but now i don't play that much most of my time is working be hide the scene working on the sever.RSLRedstonier wrote:Uhh you just said you don't recall playing there then you said you used a hacked client(which is what hacking is) on that serverSONOFSATAN wrote:I dont recall playing there and for being hacker all i ever did was use a hacked client. and most who know me know me as being helpfull and nice.Chem871 wrote:I remember TELESIGHT banned you from Skywars, because you yourself were a hacker.
if I'm wrong please let me know
Last edited by SONOFSATAN on Thu Feb 22, 2018 04:50, edited 1 time in total.
SONOS Raspberry pi server nyx.no-ip.org:30001
SONOS -MT server www.swh59.com:30002
SONOS -MT server www.swh59.com:30002
- SONOFSATAN
- Member
- Posts: 47
- Joined: Mon Dec 07, 2015 16:55
- IRC: SONOFSATAN stevr59
- In-game: SONOFSATAN
- Location: floridia USA
- Contact:
Re: Someone is selling stolen account passwords!
i did have player once who in chat ran a script and then he had the giveme privs not sure if he was using a hacked client or he found a way to give him self privs but when i ran a privs check he had normal prvs but he gave him self 9999999 cloud blocks wich i removed he used to play on the pizza sever and some how was able to by pass procters and ban players who he didnt like. and he loved to spam the sever a lot. i ask him how he did it he said he ran scripts to get what he wanted.VanessaE wrote:RSL, using a so-called "hacked" client does not itself constitute hacking. That's merely cheating, which imho is still a bannable offense. Nevermind that Minetest being free open source software means there's really no such thing as a "hacked client" in the first place. It's merely a client that has been modified in a way that makes it easier to cheat, but not which has simply been modified to make it easier to use normally or patched to fix a bug or something.
Hacking a server requires more than just a non-standard client, it requires actively trying to breach the server's security to reveal or gain access to data stored there that isn't normally made available to clients, or to grant oneself abilities and materials only accessible by normal play (if at all), such as granting oneself "creative" priv, or giving oneself a more powerful tool such as an admin pick.
Such things depend on there being exploits and vulnerabilities on the server (either Minetest itself, or in one of the external services or tools running on the machine hosting the Minetest instance), such as the WorldEdit //lua vulnerability that happened a while back, or if someone were to, say, find a way to break in via ssh.
SONOS Raspberry pi server nyx.no-ip.org:30001
SONOS -MT server www.swh59.com:30002
SONOS -MT server www.swh59.com:30002
- VanessaE
- Moderator
- Posts: 4655
- Joined: Sun Apr 01, 2012 12:38
- GitHub: VanessaE
- IRC: VanessaE
- In-game: VanessaE
- Location: Western NC
- Contact:
Re: Someone is selling stolen account passwords!
Whatever he did, his client was not what gave him the extra privs, he found an exploit in the server. The worldedit vulnerability I mentioned was one such exploit, and could be used to do exactly as you describe.
You might like some of my stuff: Plantlife ~ More Trees ~ Home Decor ~ Pipeworks ~ HDX Textures (64-512px)
Who is online
Users browsing this forum: No registered users and 3 guests