CORE Connect Bug Report Thread
Options
Comments
-
I wonder if anyone else is having this issue as I am; When I click any username on the PWI forums it directs me to their old PWI forum profile (URL example) and not to their Core profile, and the following message appears:You do not have permission to access this page. This could be due to one of several reasons:
Your user account may not have sufficient privileges to access this page. Are you trying to edit someone else's post, access administrative features or some other privileged system?
If you are trying to post, the administrator may have disabled your account, or it may be awaiting activation.
Please let me know if you're experiencing this issue as well.
Bug Report | FAQ | Customer Support | Private Message | Facebook
The Search function is your friend
sig winner: neoyoshi0 -
My character avatar is missing
http://img822.imageshack.us/img822/242/charactere.png
I am NOT the leader of amazon. I'm the leader of DARKnes.b:sad
http://img718.imageshack.us/img718/5974/guildkn.png
Most of the members of DARKnes profiles are showing that they are members of amazon.0 -
character achievements still not working for me0
-
looks like there is a glitch in the achievements database - went to look at mine which was populated and it seems to have cleared the achievements. it has done the same on the couple of my friends that i looked at. hopefully it is just a display issue and will not require a reload of all that data again.[SIGPIC][/SIGPIC]
There is no place in a perfect world for double entendre!0 -
PvP count for my BM on Dreamweaver is still reset to 0.0
-
ChaoticShelly wrote: »I wonder if anyone else is having this issue as I am; When I click any username on the PWI forums it directs me to their old PWI forum profile (URL example) and not to their Core profile, and the following message appears:
Please let me know if you're experiencing this issue as well.
I just clicked your name and the link you provided and it shows your Core profile.
to X_Trinity_x Where did you get the FF theme I want it?Looking for a decent casual understanding Faction.0 -
think you need to clear your internet cache shelly..
[SIGPIC][/SIGPIC]
There is no place in a perfect world for double entendre!0 -
-
different guild is showing up on my core connect, and to plenty of other players guildsFortune favors the brave
facebook: facebook.com/WorldOfDrakons
forum: dragons-pwi.forum-motion.net0 -
Shulkie - Dreamweaver wrote: »think you need to clear your internet cache shelly..
Been there done that b:surrender This seems to be the only forum this issue occurs in so I'm quite surprised to see no one is experiencing it. Weird...
Bug Report | FAQ | Customer Support | Private Message | Facebook
The Search function is your friend
sig winner: neoyoshi0 -
do you get it on your own account or just your mod account?[SIGPIC][/SIGPIC]
There is no place in a perfect world for double entendre!0 -
You know what, I haven't thought of that. I'll try and see if it happens on my normal account. Thanks for the tip...
EDIT: Yes, must be a glitch caused by my MOD account/privileges.
Bug Report | FAQ | Customer Support | Private Message | Facebook
The Search function is your friend
sig winner: neoyoshi0 -
I'm not sure if this is a bug, but is there a way to pm people via CORE connect? I strangely remember being able to do so before b:question0
-
IMHO having the users account name displayable is a huge security hole since it gives 50% of the info needed to do bruteforce hacking, and unfortunately its the 50% thats hardest to get, so, i.e. you just made it really simple for hackers to get access to everyones accounts.[SIGPIC][/SIGPIC]0
-
the display name on core isnt your account name. there is no security breach. this is purely a name picked for display. when you set up your account their is a different log in name and display name. if you chose to use the same for both - well more fool you I think. most people were intelligent enough to read the instructions and use different display name from the log on name.[SIGPIC][/SIGPIC]
There is no place in a perfect world for double entendre!0 -
What do you mean by brute-force hacking?
You mean, if they have access to the database? If they have access to the encrypted passwords they already know your username... so cracking the passwords via bruteforce means they kinda need access to database anyway and the encrypted passwords.0 -
I'm not sure exactly what was ment by Brute-force hacking, however most "Brute-force" ways to get passwords are...
A special hacking program goes through every possible password, checking if it works. An example would be a program that kinda does this:
Password check: 1 - Failed
2 - Failed
....
10 - Failed
1A - Failed
1B - Failed
....
Basically a brute-force **** is where the system checks all possibilities starting from the easiest ones (Occasionally the user can actually take a guess at what they "Sorta" think it would be, then the program will check all possibilities around your guess), and working to the hardest ones.0 -
Bearleeable - Lost City wrote: »IMHO having the users account name displayable is a huge security hole since it gives 50% of the info needed to do bruteforce hacking, and unfortunately its the 50% thats hardest to get, so, i.e. you just made it really simple for hackers to get access to everyones accounts.
thats not the account name on core profile as far as i remember when making an account you could make 2 names one for forum and one for logging in
which of course i maded them different. [SIGPIC][/SIGPIC]0 -
THe only bugs I seen on my CORE Connect is the reset to 0 PvP kills.
A friend of mines also had a bug showing that hes in the wrong guild ( witch its my guild >_>).[SIGPIC][/SIGPIC]
✰The Nostradamus of PWI ✰
★ A not so Retired Veteran of PWI ★
✰ ~SilverCleric~ ✰0 -
That is completely impractical, if you mean the program is sending requests to the server everytime to verify the random password and username? It would take ages doing this once per second or so... you need to verify hundreds of thousands of passwords per second to expect it in a lifetime.Tremblewith - Heavens Tear wrote: »Basically a brute-force **** is where the system checks all possibilities starting from the easiest ones (Occasionally the user can actually take a guess at what they "Sorta" think it would be, then the program will check all possibilities around your guess), and working to the hardest ones.
The server would just stop incoming connections from that IP if it's a single one. If you have a large network all working together to "crack" this you'll just get the server down. Too many requests, it's called Distributed Denial of Service attack. (DDoS).
When people say you crack passwords what they mean is, retrieve the encrypted password from the database (which means they have access to the database, so usernames too), then try combinations, encrypt them, and see if they match.
The thing with encryption is that it is easy to encrypt one way (i.e encrypt "mypassword" into some byte sequence) but not the other way (from the byte sequence you can't 'extract' "mypassword").
Once you have the encrypted form of the password, you can't "login", since you have to send the password as a request to the server along with username, then server encrypts that, and checks if it matches with the stored encrypted value. Due to the fact that you can't "extract" the plain password from the encrypted value, you need to brute-forcefully try all password combinations, encrypt them, and see if they match. Once they match you know the password.
Example: We have the encrypted form "encryptedpass" from the database. Let's try to encrypt "somepassword". It encrypts to "someotherpassword", so it's not it. Let's try "mypassword". It encrypts to "encryptedpass". Woot we found it via bruteforce. (obviously it's not silly like this but you get the point).
Sorry for detailed explanation.0 -
After sending in a few tickets about the matter, here is what's goin on w/ mine.
1. My 89 venomancer is listed as an 89 human w/ no further information
2. Achievements from my cleric (Now lv 63) are not being added to my achievement score
3. My wizard is suffering the same problem as my venomancer0 -
Let's see now, even thought it says 2 characters my alt doesn't show up. It says i'm in a guild i never heard of. Approximately 30% if my accomplishments are missing. It doesn't affect the game so will not worry much about it. The sad thing is they will probably fix this, while never fixing the bugs in the game.0
-
i got over 100 kills and ive got not 1 pk achievement on the core connect? wasup with that. b:angry
0 -
Borsuc - Raging Tide wrote: »That is completely impractical, if you mean the program is sending requests to the server everytime to verify the random password and username? It would take ages doing this once per second or so... you need to verify hundreds of thousands of passwords per second to expect it in a lifetime.
once per second? why would an automated brute-force attack go that slowly? a hundred times per second is quite doable, unless the server places limits on things (which, honestly, it really should --- but does it?); even then, you might be able to distribute the attack sources to generate aggregate volumes at or above that rate.
plus, your modern day "brute force" attack usually starts with a dictionary of likely and/or common passwords and elaborates on that. when people insist we use strong passwords, ones that aren't words or variations on words --- there's a reason for that; even a dictionary of the english language doesn't take long to go through at a hundred tries a second.When people say you crack passwords what they mean is, retrieve the encrypted password from the database (which means they have access to the database, so usernames too), then try combinations, encrypt them, and see if they match.
such encrypted-password databases, stolen from relatively major websites, have escaped into public knowledge in the past. statistical analysis of the most common passwords people use makes for depressing reading, and the dictionaries one can compile for future brute-force attacks... well, they're already long since compiled; use strong passwords that aren't actual words, everybody.The thing with encryption is that it is easy to encrypt one way (i.e encrypt "mypassword" into some byte sequence) but not the other way (from the byte sequence you can't 'extract' "mypassword").
ideally, yes. unless somebody decided to use a collision-prone hash function, thinking it wouldn't matter since the password database was unlikely to get stolen.[SIGPIC][/SIGPIC] Heaven's Tear alts: KenLubin, Sou_Hon, JudyCaraco --- level 5x chars.0 -
The thing is that it can't send too many requests to the server, especially if there's lag. It has to wait for reply back as well, that takes a while. In fact I'm sure the server has at least some simple denial of service protections... trying to "brute force" it this way would not just take more than a liftetime, but get your IP temporarily banned too. (too many requests to server would slow it down)
You are right about dictionary-attacks but those are not brute-force, that's why they are called dictionary based attacks :P Brute force specifically is impractical unless you do hundreds of thousands of checks per second.
EDIT: also when I said "encryption" it was purposefully to be more layman since more people are familiar with that word than "hash". In technical terms, it's not a key-encoding encryption but a simple hash... but that's irrelevant I think.0 -
no reason you have to send requests to the server one at a time, in sequence; open several different connections and do it in parallel. unless server-side DoS countermeasures block that, of course --- as they should, among a number of other things i can think of that i'd be doing if i were helping write the server; you're quite right about that. i've no idea what anti-hacking countermeasures are actually in place, though, and i'm not about to try black-box testing to find out. an IP ban might be the least of the worries for whoever did anything that foolish, as IIRC there are actual laws in place that might be brought in to cope with severe DoS situations.[SIGPIC][/SIGPIC] Heaven's Tear alts: KenLubin, Sou_Hon, JudyCaraco --- level 5x chars.0
-
Still no kill count update on my account.
No interest in any other features.
RedMenaceA human being should be able to change a diaper, plan an invasion, butcher a hog, conn a ship, design a building, write a sonnet, balance accounts, build a wall, set a bone, comfort the dying, take orders, give orders, cooperate, act alone, solve equations, analyze a new problem, pitch manure, program a computer, cook a tasty meal, fight efficiently, die gallantly. Specialization is for insects.
Robert A. Heinlein0 -
Other then all my characters not showing up and me lists as in no Faction/Guilds.. I think its doing ok x.x
!~ Me0 -
b:cry my pvp kills were fine until today when i log in... and on my cleric i have 0 now... but they are updated for my wizard i think just fine[SIGPIC][/SIGPIC]0
-
now showing pvp kills but still not showing my Lost city server guild
, but showing a guild on heaven tear which i didnt log in ages. [SIGPIC][/SIGPIC]0
Categories
- All Categories
- 181.8K PWI
- 689 Official Announcements
- 2 Rules of Conduct
- 264 Cabbage Patch Notes
- 61K General Discussion
- 1.5K Quality Corner
- 11K Suggestion Box
- 77.4K Archosaur City
- 3.5K Cash Shop Huddle
- 14.3K Server Symposium
- 18.1K Dungeons & Tactics
- 2K The Crafting Nook
- 4.9K Guild Banter
- 6.6K The Trading Post
- 28K Class Discussion
- 1.9K Arigora Colosseum
- 78 TW & Cross Server Battles
- 337 Nation Wars
- 8.2K Off-Topic Discussion
- 3.7K The Fanatics Forum
- 208 Screenshots and Videos
- 22.8K Support Desk