Chargen Disabled & Security Issues

Official answers to official questions. Pose your questions for staff here. Careful! You cannot edit or delete your posts once you've asked your question!

Moderator: Elder Staff

Post Reply
Elf Recruit
Posts: 219
Joined: Sun May 18, 2014 6:37 pm

Chargen Disabled & Security Issues

Post by Jeshin » Fri May 30, 2014 10:06 am


Can we get some more information about the last part regarding malicious intent? Was the server compromised and passwords left accessible? Should we be changing our passwords or watching for annoying trying to access other accounts which might share it?

User avatar
Staffer Emeritus
Posts: 2837
Joined: Tue Aug 20, 2013 6:45 pm

Re: Chargen Disabled & Security Issues

Post by Icarus » Fri May 30, 2014 10:22 am

The server was not compromised, nor were any passwords compromised. All passwords are stored encrypted, so even if they were compromised, they would not be able to get any information from them.

No action needs to be taken on your part.

Adding, I'll post more regarding exactly what occurred.
[Petition: Player] I am ready to begin my interdimensional adventure.

A mutilated little orc murmurs, nodding as he mutters,
"I fought good today. Yuh. Fought good, 'specially for bein' the kitchen-snaga. Yuh, I did."

User avatar
Elf Recruit
Posts: 213
Joined: Fri Aug 23, 2013 3:22 pm

Re: Chargen Disabled & Security Issues

Post by Holmes » Fri May 30, 2014 10:27 am

Separate from the above, I'd suggest you use a different password for MUDs than you use for anywhere important.

Telnet is by nature an insecure protocol and whenever you log into any MUD you're sending your password over it.

User avatar
Game Coder
Posts: 5542
Joined: Tue Aug 20, 2013 12:51 pm

Re: Chargen Disabled & Security Issues

Post by Nimrod » Sat May 31, 2014 8:24 am

This wasn't an attack. It was an over-reaction to a couple of people trying to see what they could do on chargen. I'm very happy with how we responded. Better safe than sorry.

No passwords were hacked. I can't even hack your passwords and I have access to the server. They're all encrypted before saving in the db, so I can't read them without being able to crack the encryption, which I can't.

Nothing in the database was read by the pranksters either. All is safe.

I'll probably re-enable chargen tonight when I get home.
How lucky I am to have something that makes saying goodbye so hard.

Post Reply