StarGateWars Forums

If you fully read the post and did not skim you would see that it wouldn't matter what random "number" was used, it would still be far too easy to crack the code. I've honestly never got so worked up over a game to try to find anyones IP or want to find out where they lived. Though I see your point about posting that information for all, but as it was compromised and personal information was obtained, the players that had their IP compromised do deserve to know how it was done, that the administration of Kingdom Games did not give this information to anyone, and that it was removed from the game promptly after it was found to be not as secure as we believed.


However, I do believe all game cops except Arty and Crixus have been removed, due to skype convos in the last ten days.

A google search could show what support posted, not going to try explaining typing on ps3 controller is hard enough but your idea can also be cracked. If you want to see IPs ask Support to be a game cop again. lol

Neimenljivi wrote:Yes, although how many people will actually google it?
Depending on how the idea is implemented (whether through current process and just multiply it with a random number each time or whether each IP gets a random number assigned to it), one couldn't decipher the real, accurate IP, as easily and/or couldn't decipher it at all without hacking the DB. Is it possible? Yep it is, anything can be hacked. The better the security measures, the lesser the chance of people actually hacking it as there are fewer people who are capable of getting through and I doubt the most skilled hackers would go waste their time getting a real IP for someone who got their feelings hurt for being massed.

I stand by my decision to quit the ingame and forum staff. I won't put any more time in helping out someone that doesn't appreciate the help and abuses their powers.

~Jack

Can be done without hacking DB, though if you fail to see how perhaps I should keep my mouth shut incase your idea ever is implanted. All in all good idea but the fact that I coud think of a way so quickly makes me believe others could if they put their minds to work on it. As for your disagreements with the administration, not my business, I am but a player with mod powers on the forums in the spam temple.

Dont see what the moaning is about.
Im sure the admins wouldnt of intentionally allowed this to happen. they notified us about it, prevented it from happening again. What more can they do?

Neimenljivi wrote:
Good then. Although I see no harm in leaving Hippy with the Game Cop position, seeing how he was put there and is active again, the inactives don't need the position. But I was just wondering, seeing how I had my Game Cop access still there a couple weeks after quitting the position.

~Jack

My GameCop privileges were removed ages ago.

You can give 'em back if you like?

In my view, the whole point in displaying the GAL way back then was so that we, as a community, could keep an eye on all the daily activity to make sure feeding stopped.

I agree that displaying IP's are risky and therefor needs to be removed. Is there not another way to 'link' a player instead of using the IP's?

My concerns are for the Game Cops. At the moment there are only 2. To expect them to log on every day and go through 24hours of attack logs, day in and day out, is a bit unfair imho. We do not know what their day is like and some days you just want to log on and bank and log off again.

Having the whole community keep an eye on feeding and suspect behavior made their jobs a bit easier.

Not sure how else we can help them out....

ElgCaress wrote:

I agree that displaying IP's are risky and therefore needs to be removed. Is there not another way to 'link' a player instead of using the IP's

Sure theres a bunch of things that could be done instead. For example off the top of my head...

Put a red asterick next to name of any player that shares or has shared an IP with another player this wave. If players have IP exception, Green asterick. Asterick clickable and lists all accounts sharing IP like doing a search on battlefield. This way no values are listed to crack and a DB hack would really be only way to obtain IP.

Kikaz wrote:
Put a red asterick next to name of any player that shares or has shared an IP with another player this wave. If players have IP exception, Green asterick. Asterick clickable and lists all accounts sharing IP like doing a search on battlefield. This way no values are listed to crack and a DB hack would really be only way to obtain IP.

This.

regarding the first post (as I skimmed a few others).
I would imagine the reasoning went something like; well people will complain so I may as well show/tell them why, and to 'even the odds' I may as well show them how - why let a few people know how and use that against others.
Since it has now been daylighted I would imagine the process has been decommissioned for any other functions, so no harm to the current flow of the game.

But you're all missing the most simple encryption to verify equality, salted hash digests *yay*.
Which tbh I have absolutely no idea why such a method wasn't used, even if the IP did need to be reversed, it wouldn't be that hard to check it against a logged knowns

Not missing its been posted elsewhere already.

*Ritalin wrote:

Support wrote: The 'IP' in the Galactic Attack log is an encoded value equivalent to the user's IP. Did you expect it to pick a random value that just coincidentally happens to be the same if you share an IP, without actually being derived from your IP? If anyone can propose a way to do that, I would be happy to implement it!

You could always encrypt with a salt, that way we can still see if someone is using the same ip but it can never be decryped.

$userIP ='127.0.0.1';
$salt = //something only you could know;
$encrypedIP = sha1($userIP . $salt);

ah, very good, then it is only admin to blame!