This is in regards to a message posted in StarGateWars General, wherein some allegations are made regarding the IP in the Galactic Attack Logs.
They are right; actual IPs *can* be retrieved from the GAL IP, and this has been possible since its introduction.
Since that feature is officially insecure, I have locked it out (made the IPs invisible) for everyone except for the trusted GameCops.
Given that we will not be using that again for the public, to put everyone's mind at ease, this is how it is done:
The actual user IP is encoded through an rather common INET_ATON operation (creating a number out of an IP; see MySQL documentation). This number is then multiplied by a fixed value, and presented as the 'Attack Log IP'.
If a person knows their own IP, and has sufficient experience with MySQL and various encoding measures, they can easily find out what that fixed value is, and from that, what anyone's IP is.
Encoding for instance this IP: 10.0.5.9 yields this value: 167773449
This is then multiplied by our fixed value (323) yielding the value displayed in the Galactic Attack Log: 54190824027
Knowing that our own IP is 10.0.5.9, we know the encoded value has to be 167773449. Looking at the attack log after an attack of our own, we see 54190824027. Dividing that by our converted IP gives us 323 -> the modifier.
Now, to be 100% sure, we will try to use this modifier on another value in the Logs. (Fabricated.)
"1083279035026", let us see if we can find the IP encoded here with that modifier.
Reverse modifier: 1083279035026 / 323 = 3353805062
INET_NTOA (reverse ATON, see documentation): 3353805062 -> '199.231.1.6'
For anyone whose mind is not currently dizzy, and who would say: "But Support, there is NO way anyone could crack that!" There are far more people with way more creative lateral thinking skills who would be capable of 'cracking the code'.. try this QWEB Challenge for instance. The questions in that challenge are far more complicated than this 'encryption', especially given some people's working knowledge of programming languages.
I personally do not understand why anyone would want to do this (other than maybe the challenge of it.. a 'yolo'-mentality?), but since it is not secure AND since there are people who have stooped so low as to look up someone's private information, I can not in good conscience allow this feature to continue to exist. If you are not mature enough to work with information and endanger others through that behaviour, that information will be taken away and placed in the hands of the people who I believe we all hold to be above reproach, the reliable Game Cops Crixus and Arty Bang.
The privacy of all players is of utmost importance to the Game Administration, and will continue to remain a priority.
Kind regards,
Support
You are here to have fun, not to go 'hunting' for the private details of players. That is a line you cannot, may not, and will never again cross.
Since the feature is compromised, I have removed the attacker/defender IPs from the Public Galactic Attack Logs.
The feature is now ONLY available to the reliable Game Cops; Crixus, arty bang and myself.
