[solved] Theres a hacker

Discussion in 'Empire Help & Support' started by _REMOVED_87055, Apr 23, 2015.

  1. I changed it luckily
  2. server is restarting please reconnect in 1 minute?

    a bit random, eh?

    Im on Mumble, atleast it feels safe there :3
  3. They just restarted the server. So they are working on it
  4. Not in game atm... I'm soo confused (on a mobile device atm)
  5. unless it was....
    dun Dun DUN...
    The Hacker!!!
    Rainbowpony1000 likes this.
  6. EMC has backups. I seriously wouldn't worry about stuff. Nothing they do won't be revertable. :)

    EDIT: Plus Square and all that sorta stuff is stored on the web server, I believe, which probably won't have been hacked. Same with the database server.
  7. There have been a few major bugs exposed recently that have been in the Minecraft code for over two years, this could possibly be related to one of them.

    Based off of the execution, it is likely that this is just some script kiddie who downloaded a file. You reveal your upper hand after you have evidence for your claims, not before.
    southpark347 and SoulPunisher like this.
  8. It could be :eek:
  9. 2 things....

    Empire Minecraft consists of 2 parts of gameplay:
    • The Minecraft server, running on Spigot and using several plugins (keyword: plugins).
    • The Xenforo forum software, this is what you're currently using.
    You gain access to the server by using your Mojang game account. Your Minecraft password is not stored on Empire Minecraft. All the server does when you log on is contact the authority servers of Mojang and let them validate your account.

    The Xenforo software is different. This does have a database of passwords but in general those passwords are stored using a one-way encryption. Meaning: the software doesn't check our literal password but instead creates a checksum (calculates a value from it so to say) and then compares those values. So basically; you couldn't retrieve your original password even if you did have access to the database.

    ONE EXEPTION: being if you used /register in-game and never changed your password.

    Also...

    Guys; keep one thing in mind. For all we know this guy exploited one of the server plugins which only gave him access to the messaging system. A hacker usually collects information and then tries to exploit that at a given time. And not by showing off like this.

    I'm not saying there couldn't have been a breach, but it seems unlikely to me.
  10. Doubt it. It could be a mod (or someone else) trolling from Square I guess, but you can't send raw messages to EMC chat without Square access.

    EDIT: actually, that seems more feasible to me than the server being hacked. Someone getting a mod's Square password and sending fake broadcasts. That's all logged though, so nothing to worry about.
  11. Change your password immediately :3
  12. Uhm... My alerts aren't working.. Not getting alerts saying people are replying to this thread..
    Justin8846 likes this.
  13. are you watching it?
  14. Can happen when you haven't read all messages. Try reading it again from page one and continue on from there.
    607, jkjkjk182 and AwesomeBuilder33 like this.
  15. I assume that it might be shown as it'll be sent in plain text to web server. If EMC uses HTTPS for it, then it's likely safe from man in the middle attacks.

    Actually, Xenforo uses hashing and not encryption. Hashes can be unhashed or using hash tables (a list of known text to hash). Fortunately, Xenforo uses sha1/256 twice with a salt.[/quote]
  16. This guy seems more like a troll than a hacker. A fake hacker using someone else's instructions and taking his rage on EMC for being banned =P
  17. Im getting alerts
  18. Could be someone that's like "lol dude I'm gonna go troll this server, I found a way to hack it"
    f_Builder_s likes this.
  19. That too.
    We should be happy.
    He decided to try to hack EMC out of all the servers out there xD
    Evidently, he likes us =P
    Justin8846 likes this.
  20. This is most certainly NOT EMC web-server. This is someone abusing the bug in servers.

    If this was a mod trolling, this needs to be dealt with. I'm sorry, but people not on the forums could be fearing for their accounts right now, even if they aren't vulnerable.
    ShelLuser likes this.