Computermix, Ipquarx, and Cca - CBM being hacked into to steal keys [chat+pics]

[Kishgal]

I read your post. All I did was enter in my key the same way you enter in a key for the first time opening up Blockland.

For someone else, thereby giving them your key information.
See? Thinking.

My Internet cannot even handle a Blockland server.

Unfortunate. Maybe invest in a professionally provided VPS then if you have to.

I'm not pretending that it didn't happen? Once again, every system in existence is vulnerable and it isn't usually noticed nor fixed until someone discovered it; usually exploiting it. This still does not explain why CBM should have previously been seen as an untrustworthy host.

Because it's not provided by professionals. Because multiple people, including the creator of the game it was servicing and the previous professional hosting provider have advised against these.

[Ad Bot]

[Wrapperup]

I would like a better dedicated server program. If we could just REMOVE key linkage to dedicated servers, steam users, other dedicated

In continuation, this is a contributing factor in why this is happening. People are still at fault here (and the other being a hoax aswell being generating the last 3 characters of a key). Just make a variable for the host's BLID instead of forcing them to enter a key. Thats my 2 cents, i hope you consider my words.

Don't rely on an external service in the first place. There is no reason for Badspot to change anything because the current system is perfectly fine when it's not in use by idiots.

He needs to change something. There hasnt been a damn major change since the shaders update. There is absolutly no reason why you should require a key/key.dat (which has been proven to be reverse engineered) to host a single server. Having no key has its benifits aswell (steam users, online hosts that dont have bl but want to host for others, ect).

What would you do in a simmilar situation as this where your key gets stolen? You are brushing off the fact that these hackers (or hoaxers) are the ones behind this, and its all on CBM. Making a completly secure system is extremely difficult to pull off, i probably could not do such myself.

[Acerblock]

For someone else, thereby giving them your key information.
See? Thinking.

For someone else? I was not putting my key into a text file and then sharing it to Cowboy or whoever, I entered it into the console which then encrypted my key into a key.dat.

Mind not being so condescending, I mean seriously.

[Maxxi]

Man of Reason ‏@ManofReasonv2 2h2 hours ago

Hey! Elize here, Man of Reason has nothing to do with cumbitchermix or bitchbitchaye or ipforgets, Leave us out of it <3 Elize + MoR
Details

MOR's twitter
why do i feel like this is a lie

[Kishgal]

I entered it into the console which then encrypted my key into a key.dat.

On their machines.

See? Thinking.

[Kishgal]

He needs to change something. There hasnt been a damn major change since the shaders update.

Stopped reading, you're an idiot. Stop posting.

[Theportalmaster]

For someone else, thereby giving them your key information.
See? Thinking.
Because it's not provided by professionals. Because multiple people, including the creator of the game it was servicing and the previous professional hosting provider have advised against these.

Cowboy is very competent in what he does and has quickly resolved numerous issues. Just because CBM hasn't got fancy web UI as such, doesn't mean the service itself is unprofessional.

[Kishgal]

Cowboy is very competent in what he does and has quickly resolved numerous issues. Just because CBM hasn't got fancy web UI as such, doesn't mean the service itself is unprofessional.

Apparently he's not competent enough, lol. You can go on and on about what he has apparently done, that's cute and all, it also doesn't matter.

[Blake1]

I don't know if this is relevant in any way possible, but I'll just post this chatlog I had with Mango yesterday about CBM issues I was having.

Blake1Studios: Hey mango, the cbmhost web panel is acting up on me...any idea what's going on?
Blake1Studios: I keep getting the pages as "about:blank
Mango: I can't do anything from where I'm at :/
Mango: I'm at my grandmas
Blake1Studios: ah ok
Mango: and i don't have my phone
Mango: All I have is my old laptop :/
Blake1Studios: actually its working now
Blake1Studios: odd
Blake1Studios: wait what
Blake1Studios: its making me log in as administrator in game
Mango: huh?
Blake1Studios: i'm pressing ctrl-a and it's giving the the log in as administrator gui
Blake1Studios: but i can use eval
Mango: urggh, uhhh. yeah, I'll have to check that out tomorrow
Mango: when i get home
Blake1Studios: odd. should i let cowboy know?
Blake1Studios: he was raven's last night
Mango: uhm, yeah
Mango: go ahead
Blake1Studios: ok

[Acerblock]

On their machines.

The same method you would use when starting a dedicated server on your own computer the first time, the console doesn't print out the key into the console.log, it just automatically stores it into a key.dat. The FTP server had a username and password on it, and like I said before a key.dat file is pretty secure unless people use the exploit trinick pointed out.

Hell, someone could get access to my computer through some way and steal my key.dat file. Is it my fault for just leaving it in the Blockland folder? Of course it isn't.

Stopped reading, you're an idiot. Stop posting.

...Failing to understand how that's a stupid point.

[Theportalmaster]

Apparently he's not competent enough, lol. You can go on and on about what he has apparently done, that's cute and all, it also doesn't matter.

Why is he not competent enough? From the information we have, everyone's keys are safe and Cowboy has solved the issue. There are loads of case scenarios in which even major companies have had their users information compromised whilst managing to swiftly prevent any more damage happening. If you truly believe what you think then you should give none of your faith in any service.

[Kishgal]

it just automatically stores it into a key.dat.

On their machines.

Why is he not competent enough?

http://forum.blockland.us/index.php?topic=269222.0

From the information we have, everyone's keys are safe and Cowboy has solved the issue.

Not to mention that the majority of the actual information we have is way outdated or could just be based on lies, there is no way of knowing whether or not the full keys are floating around out there.

[Kishgal]

itchy trigger finger

There are loads of case scenarios in which even major companies have had their users information compromised whilst managing to swiftly prevent any more damage happening.

This is not a major company. They're not even in control of what was compromised, there is nothing they can do but pray that things aren't any worse than they already are.

If you truly believe what you think then you should give none of your faith in any service.

Of course I trust services, just not in services run by random idiots who don't know what they're doing, lol.

[Maxxi]

finally someone read what i said earlier

[Theportalmaster]

From the information we have

look i can use quotes too

You're also going in circles with your argument now; I have already explained how he has been competent and you're still dismissing everything else I have brought up.