Posts by wild1145

Quote from eva

Quote from wild1145

The reason it's been classed as one is because these weren't legitimate hostnames, they weren't cases of people buying a domain and pointing it to TF, those individuals were un-banned and apologies issued. In these cases individuals went out of their way to spoof hostnames locally and pass false information to the server, which is why it's been classed as an exploit, and quite clearly is not the behaviour we intend. Due to the amount of time it then took to remove these (In some cases quite offensive) hostnames, bans were issued accordingly.

So we did not use an exploit in the sense of a software having a vulnerability but in the context of abusing said software to create fake host names resulting in bans issued because of the inconvenience to clear said host names from the database?

You (and others) went out your way to create fake and in a lot of cases offensive hostnames that were in no way shape or for real or possible to be real. It creates false information and is abusing the way in which the system works to create a non-intended result (Hence an exploit). Bans were issued because they were often offensive and because you were doing something that was not the intended function of the system.

Quote from test

Except it's not an exploit.

The reason it's been classed as one is because these weren't legitimate hostnames, they weren't cases of people buying a domain and pointing it to TF, those individuals were un-banned and apologies issued. In these cases individuals went out of their way to spoof hostnames locally and pass false information to the server, which is why it's been classed as an exploit, and quite clearly is not the behaviour we intend. Due to the amount of time it then took to remove these (In some cases quite offensive) hostnames, bans were issued accordingly.

Quote from videogamesm12

[Network-level] BungeeCord using Log4J at all for its logging (it simply doesn't)

Not actually a requirement, the Log4J Dependency just had to be included, which it was on multiple servers and plugins for various reasons even if it wasn't actively used.

Quote from videogamesm12

Us running a version of Paper/Scissors that was still vulnerable to the exploit (we didn't and still don't because that would be fucking suicide)

Entirely possible though which is sort of the point.

Quote from videogamesm12

The public domain schema allowing underscores in top-level domains (it doesn't).

Not really, still entirely possible.

Quote from videogamesm12

Us for some reason deciding to actually manually resolve the domain get_balls to somewhere that hosted malicious class files (we don't, because that would be retarded) OR manually configure our shit to append .com to the end of domains that fail to resolve (we didn't and still don't, because that's absolutely pointless)

Java by default (In my own experience anyway) will postfix a .com to the domain if it can't resolve it.

Quote from videogamesm12

Us using something that uses Log4J specifically to log the IP address used by players to join the server (we don't)

See the first statement, not the case.

Quote from videogamesm12

There is no way in hell it could have damaged the server. We have a patched version of Paper, we use BungeeCord, we have a reasonable configuration, and nothing we run even logs that sort of information with Log4J in the first place. It simply couldn't work.

I've at no point said it did or that we didn't have steps in place to prevent it. The issue is that Eva attempted it, it's not about successfully exploiting something, it's about the fact they tried to do this in the first place.

As I said before, ignoring all of this and as I've said before, Eva was (if I recall correctly) the 2nd in terms of count of "nonsense" connection names used. I

Denied. You were one of the more significant offenders of fucking with his names and as I've said, there could have been ways what you did here could have damaged the server should the right conditions have been met.

It's been pointed out recently that our forum staff team needs a bit of re-jigging so this is the first step in doing so.

Please first of all join me in congratulating lyicx on being promoted from Forum Moderator to Forum Administrator. Lyicx has been a long term moderator on the forums and I have every faith in his ability to continue looking after the community here in his new capacity.

In the interests of transparency, I've also removed Elmon from his role as forum mod due to inactivity, it doesn't look like he's logged in for many many weeks now and as such hasn't been performing his duties as a forum moderator.

We will in the near future be opening applications for the forum moderator position to allow us to grow that team back out again.

Thank you.

Quote from RedEastWood

vouch

This is in general discussion...?

I've re-named the thread and tweaked the original post to be clear that this is only maintained for the Freedom game-mode, and that bans on other game modes aren't published here.

I'm approving a ban until 20th December 2022 at which point it will be reviewed. If their behaviour in-game has improved we'll remove the ban, if it hasn't or there are ongoing concerns we'll issue a longer term ban.

Given this seemed to end up in the wrong place I've moved this to the correct board and merged the thread Luke created yesterday into this.

Quote from videogamesm12

As noted in the original post, this plugin depends on FAWE to work. While I would love to replace AIDSyncWorldEdit with it, FAWE itself is riddled with ridiculous exploits (making changes that affect out-of-bounds selections causes server crashes) and flat out stupid features (who's brilliant idea was it to allow people to load in schematics from remote sources???) which prevent me from doing so. As such, we can't even begin to consider adding FastAsyncVoxelSniper since requiring FAWE is a deal-breaker.

Is worth noting that working out how to move to FAWE is on the backlog, if this suggestion has support we can always approve it but block it by the FAWE Ticket as I've had to do with a number of other plugins that people want but have dependencies on FAWE

Wordle 511 4/6

⬛🟩🟨⬛⬛

🟨🟩🟩🟩⬛

⬛🟩🟩🟩🟩

🟩🟩🟩🟩🟩

Because for the most part they're not authorised to do so...

Quote from matscalle

Quote from wild1145

As I've said. Ops can appeal where the ban was issued in error or the reason is not correct / accurate.

Where people can't appeal is when they want to come back and don't like that they're banned. We issue punishments for breaking the rules and I don't see why you should be able to go "yeah I don't want to be punished any more so let's not"

because we learn from our mistakes i learned from being a fucking dum person against ashaz and people sometimes break rules due to using a bug/glitch/technique they didnt know was against the rules like the infinite minecarts which you have to spam minecarts to ageeve

That's not the point, it's like saying we should let pedo's out of jail because 'They said they're sorry and learnt their lesson'. In this argument the fact you're here making the argument you have is the exact reason I've not wanted to allow appeals in the first place, the reason you're banned on the server and were forum banned was to force you to take time away from the server, you're a prime example of why the appeal system doesn't work.

As I've said. Ops can appeal where the ban was issued in error or the reason is not correct / accurate.

Where people can't appeal is when they want to come back and don't like that they're banned. We issue punishments for breaking the rules and I don't see why you should be able to go "yeah I don't want to be punished any more so let's not"

All of those are still relevant... Would suggest reading the forum posts that link to them. I can write up a longer post when I'm not swamped in other stuff but they all need doing.

Quote from characterslimits

It makes people want to value the coins they have already because it is now harder to get.

Only if people don't already have a shit load of coins...

This doesn't really solve anything.

1) Coins will get reset in the next major server upgrade

2) It is really not how you'd solve coin inflation anyway. People already have the currency, you would need to make it worth less (Increase prices on shop items) rather than reduce the amount you give out

Just to note - The entire point of removing the plot world (and this suggestion originally being approved as a separate server) is to try to bring greater stability to the Freedom server, and make it sustainable instead of the clusterfuck it tends to be...

So my only concern is around accessability and if some text is going to be harder to read than it needs to be.

Quote from Telesphoreo

I find the contrast on dark mode to be pretty bad. The color for posts is slightly gray instead of white which simply is harder to read on an already gray-ish background.

I've made the text a bit lighter, hopefully that's now better?

Quote from Telesphoreo

And secondly, I personally only use the recently updated threads to actually use the forums. Is there any way we can make a better distinction between unread posts vs read posts? Sure, flarum did it in bold, but it felt like it was a stronger bold. Also, the unread post count lit up with a number of new posts as an indicator as well.

I don't think I have a good way to do this, so the current recently updated threads is the best it's probably going to get.