DistantLands
Would you like to react to this message? Create an account in a few clicks or log in to continue.

Rollback Incident on October 29th

Go down

Rollback Incident on October 29th Empty Rollback Incident on October 29th

Post  etherealpanda Sat Oct 29, 2011 3:46 pm

Unfortunately, we had to rollback the server on October 29th. I hesitate to call this getting hacked as it was my own fault, but I'll explain in detail what happened and what we're doing about it.

On the 23rd, minecraft.net was returning errors while trying to authenticate users. This meant no one could play minecraft until Mojang fixed it. I put the server in offline mode to enable members to be able to play. However, this also meant a clever member could pretend to be another user, because the usernames were not being verified. While I did revert the configuration change once minecraft.net was back online, I failed to restart the server to allow the change to take effect. One member figured this out, log in as Treijim, and grant op to his user account.

Normally, when a player griefs we can roll back the changes with tools we have. However, we have no facilities to deal with players that have somehow obtained op. We know this member spawned a lot of gold and did destructive tasks to the server. While I can roll back the destructive tasks he did to the server under his own username, I cannot roll back what he did under Treijim's name or reclaim all the items he created.

Treijim and I discussed the matter and decided the risk of a completely imbalanced gold economy and potentially complex damages to the terrain (a forest of diamond ore trees) was too great of a risk to leave as it was. We decided to roll the server back.

I have permanently banned the member in question. I know of at least one other member that spoofed Treijim, but I haven't decided what to do about that yet.

Let me be explicit, if you feel you have to hide some activity from us, you probably shouldn't be doing it. Behaviors like this will result in a permanent ban.

I have loaded the hacked version of the server, and am restoring homes / inventories on a per-user basis. Please do not ask us to restore trivial changes as it's a time consuming process. I know not everyone plays when I'm awake, so if you need a restoration, please comment here. If you want your inventories restored, please say that explicitly.

I'm sorry for any inconvenience this may have caused.

etherealpanda
Admin

Posts : 6
Join date : 2011-10-22

Back to top Go down

Back to top


 
Permissions in this forum:
You cannot reply to topics in this forum