Account stealing ?

[Nedio95]

Greetings



A memeber of my faction has been accused of logging into a admins account (and baned for which), which I believe is not true.

I tried logging into the admins account and I found that he is uplinked.

So what level of hacking/cracking skills should my teammate have to log into an admins uplinked account ? (Doubtfull he has any as he barely understands how dimension bonus and adv. build mode works)

And is there a way to prove his innocense ?



Regards Nedio95

 

[XxDanclarke96xX]

an admin as in a server admin or a forum admin

 

[Nedio95]

Server admin.

Ordinary player close to the owner of the server...

 

[Varquynne]

I posted this in the bug forum, though I\'m not sure if it\'s actually acknowledged/known by Schema.

http://star-made.org/content/server-security-issue-identified-steps-reproduce-outlined

In short, the server seems to only protect one name at a time to an uplink account. So if the server admin logged in under another separate name tied to his account, the previous name that was protected will become unprotected. During this time frame, a \"hacker\" would be able to log in using the server admin\'s name (which is what happened to me).

If your comrade tried to log in as the admin, it can easily be verified by checking the server log authentication messages and cross-checking the login name/uplink account status on the protected.txt file on the server.

 

[Nedio95]

So...

Either the admin is multy-accounting (which is banable offence on the server we are talking about) ?

Or someone entered through my mans account (he is not uplinking, I managed to enter through his acc) and then he entered the admins account (the given admin just said it\'s the same ip) for which the admins account must have been resently... \"unuplinked\" ?

How long are those loggs kept ? Can we look through... lets say a week ago ? To check the IPs.

Edit// What happens if I uplink the name \"A\" on server \"X\" and then log into server \"C\" with name \"B\" As playing on different servers with different names ? Only the last uplink is protected or only teh last uplink for each server ? (( I can kinda feel the answer here ))







Edit// PS// I just have to ask, pure curiosity, lets take a look at this part

Are those attemts of \"Danzarlo\" entering someone elses account or it\'s the multy-role thing on your server you mentioned ?



[Sep 24, 2013 7:24:47 PM] STDERR: PROTECTING USER Dawn

 

[RisenAdmin]

Well im glad to hear that you have tried to log in as an admin on the server nedio... anyway the issue was the admin was double accounting but its somthing admins are allowed to do on the server so they can play without being bugged all the time and covertly check up on things and thats why his account wasnt uplinked and i told him to straight away which i why you couldnt connect to his account any i banned the new ip that logged into the admins account and checked it past every other players ip and found it connected to Bjorts account broskiis aswell as Renegades, so i banned the ip and when renegade tried to log back in after i banned the ip and kicked broski it came up saying that he was banned so i checked his ip again and turns out he was the one that connected to broskis account.

 

[XDBroski]

Heres the facts that were given Nedio. I and my fellow admin Dan were a ways away. I logged off my actual account to log into my second account, the one that admins are allowed to have, I witnessed, With my own eyes, and dan as well, My account, the protected one, logged in in front of me, and MOVING. This is not an accident. We kicked the player, checked the recent ip that logged into the account and banned it. It was your friend renegade. When he logged back in, after being unbanned to talk to him, We confirmed his IP, and checked other things. This isn\'t an accident, Whether I hadn\'t reuplinked my account or not is not in question. The thing in question is that your friend LOGGED into an admins account. This is a bannable offense. I have told him I will review the case in a weeks time and may possibly unban him.