MCBans Public Statement

Discussion in 'Bukkit Discussion' started by Firestar, Jan 8, 2012.

Thread Status:
Not open for further replies.
  1. Offline

    erdrickk

    Wow... I knew McBans was bad news. I think Bans should always be local anyways, just safer that way. I never really went down the McBans road because there are tons of people that target McBans enabled servers just because it is McBans. I've always laid low and stayed with something simple like CommandBook for the bans
     
  2. Offline

    macman

    @Firestar any comments on this?

    In mcbans defence it reduced my griefer rate a lot, and the global bans help out other servers who they might try to grief. Its not a bad idea, but if placed in the wrong hands it has the potential to ruin servers/players.

    EDIT,

    But after this whole indecent I am going to have to think whether I should keep this on my server.

    EDIT by Moderator: merged posts, please use the edit button instead of double posting.
     
    Last edited by a moderator: May 23, 2016
  3. Offline

    rakiru

    Personally, I found it an invaluable resource for my server, which is why I applied to become part of the team.
     
    Juze likes this.
  4. Offline

    alexanderpas

    @Firestar you might have missed this, but this is pretty important information to know for the users to decide if their passwords are at risk

    for example if MD5 was used the risk is higher than when SHA-1 or even SHA-265 or SHA-512 was used.

    (Please, be upfront, and give us all the information we need. we don't like this information pulling.)
     
  5. The hashing mech means far less then you think. md5 with a proper salt is far more secure than a sha-1 without one.
     
  6. Offline

    captainnana

    I think you should look at your experience, if you have had a good experience with mcbans you should continue to use us. We have fixed all the security issues with our site so I see no reason to leave, as you can see from this post we are being very up front with the community so you know what is going on.

    Sorry I have no idea what kind of hash it was you will have to wait for someone else
     
    Daniel Heppner likes this.
  7. Offline

    Firestar

    The forum has sha1 with a salt, we used sha1 with a few other things.
     
  8. Offline

    NinjaZidane

    @Firestar

    Can we get an explanation for why some people that did not register nor have a forum account during the times you say were compromised yet have their information stolen as well (one person as little as < 2 weeks ago).

    Is it now safe to assume that perhaps the entire network is compromised?
     
  9. Offline

    Firestar

    I have no idea except they have signed up on the forums, other than that there is no way that they could have taken it from mcbans.com main server. as it was not hacked.
     
  10. There have been reports that Esper is being DDoS'd for the sole reason of taking down #MCBans. Do you know anything of this?
     
  11. Offline

    JamEngulfer221

    BWAHAHAHA! I just find this whole thing so funny. I kinda feel sorry for you Firestar, but still. STILL... I did stop using MCbans a while back. Unfortunately, I just somehow find this whole thing so funny. It's probably because I watched the aVo video on MCBans. Yeah, probably that. Still a great plugin though.
     
  12. Offline

    Firestar

    Who knows.
     
  13. Well, I would hope you, as every Esper server is currently down...
    EDIT: To be fair, Webchat is still up
     
  14. Offline

    Daniel Heppner

    I also did not have an account on the forums (I didn't even know that they existed.), yet I still got the email from ddoscom. Are you absolutely sure that nothing else was hacked? After looking st your history, chances are even if you did know, you wouldn't tell us.
     
  15. Offline

    Firestar

    We were not hacked anywhere else, perhaps you signed up on the site and forgot, what is your email address? you can PM it.
     
    Daniel Heppner likes this.
  16. Offline

    Daniel Heppner

    [email protected]
    I never use any other email. I searched all my messages (my emails never get deleted, only archived) for mcbans, and I only got the one from ddoscom.
    I entered my email address in the forgot password room and: [#10112] We could not find the member account for the name or email address you supplied. Please verify the information and resubmit the form.
     
  17. Offline

    Firestar

    you have an mcbans account from 2011-02-28 20:57:21
     
  18. Offline

    Daniel Heppner

    Mcbans or forums? I know I have an MCbans account, but not a forums one. The lost password tool didn't know my email existed (on the forums).
     
  19. Offline

    Firestar

    It was from mcbans.com's original server

     
  20. Offline

    Daniel Heppner

    :eek:
    That's confusing, because you've said earlier that it had to do with the forums.
     
  21. Offline

    Firestar

    I don't find that confiusing.
     
  22. Offline

    Daniel Heppner

    Not that, but this conversation is irrelevant now. You don't get what you mean, I don't get what you mean, oh well.
     
  23. Offline

    Noman_1000

    Well for one, I had the same deal. I checked the forum's lost username tool and it didn't find anything for either my new or old email addresses. My MCBans account (Not the MCBans forum, which is nonexistent) was created in September 2011 and from the information given to me it appears as if I'm not affected by the hack which only stole information from 2010 to April 2011. However I still got the email from ddoscom. Is there more you aren't telling us? Or is there another security leak you aren't aware of?
     
  24. Offline

    Firestar

    They did not hack anything besides what has been said, if you received an email it was not from mcbans. as said

    That is all that was taken.
     
  25. Offline

    Noman_1000

    I knew that, I'm just wondering how I got the email since I wasn't in the hack list. Are the email addresses public or something?
     
  26. Offline

    Firestar

    I have already said. "They did not hack anything besides what has been said, if you received an email it was not from mcbans. as said"
     
  27. Offline

    Xander0311

    Hiya Firestar!

    Just wanted to say that while this is very unfortunate news, I'm quite happy with the public statement and with the clear nature of what's happened. After experiencing the security failures of Sony and GwakerMedia, you and your team have taken the right steps to come clean with the issue and point out what's happened.

    It just seems like most of the confusion is more technical (like the breach on server only pulled an older database from a previously backup on the old server that's now hosting the forum), but your team understands what's going on and is hardening the system to see it all the way though.

    Thank you again for your quick response on this issue.

    Edit: Just read the REDDIT thread in subject, it's almost a year old and talks about MCADMIN, which isn't even close to the same plugin. :( some people try their hardest to derail anything they can.
     
  28. Offline

    Noman_1000

    That doesn't answer my question, but okay.
     
  29. How odd that everything regarding people who got emails that don't have accounts of the MCBans forums have been avoided
     
  30. Offline

    Firestar

    This explains it.
     
Thread Status:
Not open for further replies.

Share This Page