CORE Connect Bug Report Thread

245

Comments

  • chaoticshelly
    chaoticshelly Posts: 0 Arc User
    edited October 2010
    I wonder if anyone else is having this issue as I am; When I click any username on the PWI forums it directs me to their old PWI forum profile (URL example) and not to their Core profile, and the following message appears:
    You do not have permission to access this page. This could be due to one of several reasons:
    Your user account may not have sufficient privileges to access this page. Are you trying to edit someone else's post, access administrative features or some other privileged system?
    If you are trying to post, the administrator may have disabled your account, or it may be awaiting activation.

    Please let me know if you're experiencing this issue as well.
  • X_Trinity_x - Lost City
    X_Trinity_x - Lost City Posts: 4 Arc User
    edited October 2010
    My character avatar is missing
    http://img822.imageshack.us/img822/242/charactere.png

    I am NOT the leader of amazon. I'm the leader of DARKnes.b:sad
    http://img718.imageshack.us/img718/5974/guildkn.png

    Most of the members of DARKnes profiles are showing that they are members of amazon.
  • kennylam
    kennylam Posts: 8 Arc User
    edited October 2010
    character achievements still not working for me
  • Shulkie - Dreamweaver
    Shulkie - Dreamweaver Posts: 1,529 Arc User
    edited October 2010
    looks like there is a glitch in the achievements database - went to look at mine which was populated and it seems to have cleared the achievements. it has done the same on the couple of my friends that i looked at. hopefully it is just a display issue and will not require a reload of all that data again.
    [SIGPIC][/SIGPIC]
    There is no place in a perfect world for double entendre!
  • Okeano - Harshlands
    Okeano - Harshlands Posts: 4,943 Arc User
    edited October 2010
    PvP count for my BM on Dreamweaver is still reset to 0.
  • MystiMonk - Sanctuary
    MystiMonk - Sanctuary Posts: 4,286 Arc User
    edited October 2010
    I wonder if anyone else is having this issue as I am; When I click any username on the PWI forums it directs me to their old PWI forum profile (URL example) and not to their Core profile, and the following message appears:



    Please let me know if you're experiencing this issue as well.

    I just clicked your name and the link you provided and it shows your Core profile.

    to X_Trinity_x Where did you get the FF theme I want it?
    Looking for a decent casual understanding Faction.
  • Shulkie - Dreamweaver
    Shulkie - Dreamweaver Posts: 1,529 Arc User
    edited October 2010
    think you need to clear your internet cache shelly.. ;)
    [SIGPIC][/SIGPIC]
    There is no place in a perfect world for double entendre!
  • Summer_Blush - Heavens Tear
    Summer_Blush - Heavens Tear Posts: 1,187 Arc User
    edited October 2010
    +1, seriously. Why did it have to go? .-.

    +2 n_n
    [SIGPIC][/SIGPIC]
  • Monoftalmus - Heavens Tear
    Monoftalmus - Heavens Tear Posts: 701 Arc User
    edited October 2010
    different guild is showing up on my core connect, and to plenty of other players guilds
    Fortune favors the brave

    facebook: facebook.com/WorldOfDrakons
    forum: dragons-pwi.forum-motion.net
  • chaoticshelly
    chaoticshelly Posts: 0 Arc User
    edited October 2010
    think you need to clear your internet cache shelly.. ;)

    Been there done that b:surrender This seems to be the only forum this issue occurs in so I'm quite surprised to see no one is experiencing it. Weird...
  • Shulkie - Dreamweaver
    Shulkie - Dreamweaver Posts: 1,529 Arc User
    edited October 2010
    do you get it on your own account or just your mod account?
    [SIGPIC][/SIGPIC]
    There is no place in a perfect world for double entendre!
  • chaoticshelly
    chaoticshelly Posts: 0 Arc User
    edited October 2010
    You know what, I haven't thought of that. I'll try and see if it happens on my normal account. Thanks for the tip...

    EDIT: Yes, must be a glitch caused by my MOD account/privileges.
  • Borsuc - Raging Tide
    Borsuc - Raging Tide Posts: 1,526 Arc User
    edited October 2010
    I'm not sure if this is a bug, but is there a way to pm people via CORE connect? I strangely remember being able to do so before b:question
  • Bearleeable - Lost City
    Bearleeable - Lost City Posts: 445 Arc User
    edited October 2010
    IMHO having the users account name displayable is a huge security hole since it gives 50% of the info needed to do bruteforce hacking, and unfortunately its the 50% thats hardest to get, so, i.e. you just made it really simple for hackers to get access to everyones accounts.
    [SIGPIC][/SIGPIC]
  • Shulkie - Dreamweaver
    Shulkie - Dreamweaver Posts: 1,529 Arc User
    edited October 2010
    the display name on core isnt your account name. there is no security breach. this is purely a name picked for display. when you set up your account their is a different log in name and display name. if you chose to use the same for both - well more fool you I think. most people were intelligent enough to read the instructions and use different display name from the log on name.
    [SIGPIC][/SIGPIC]
    There is no place in a perfect world for double entendre!
  • Borsuc - Raging Tide
    Borsuc - Raging Tide Posts: 1,526 Arc User
    edited October 2010
    What do you mean by brute-force hacking?

    You mean, if they have access to the database? If they have access to the encrypted passwords they already know your username... so cracking the passwords via bruteforce means they kinda need access to database anyway and the encrypted passwords.
  • Tremblewith - Heavens Tear
    Tremblewith - Heavens Tear Posts: 1,558 Arc User
    edited October 2010
    I'm not sure exactly what was ment by Brute-force hacking, however most "Brute-force" ways to get passwords are...

    A special hacking program goes through every possible password, checking if it works. An example would be a program that kinda does this:
    Password check: 1 - Failed
    2 - Failed
    ....
    10 - Failed
    1A - Failed
    1B - Failed
    ....

    Basically a brute-force **** is where the system checks all possibilities starting from the easiest ones (Occasionally the user can actually take a guess at what they "Sorta" think it would be, then the program will check all possibilities around your guess), and working to the hardest ones.
  • DrunkWizard - Lost City
    DrunkWizard - Lost City Posts: 523 Arc User
    edited October 2010
    IMHO having the users account name displayable is a huge security hole since it gives 50% of the info needed to do bruteforce hacking, and unfortunately its the 50% thats hardest to get, so, i.e. you just made it really simple for hackers to get access to everyones accounts.


    thats not the account name on core profile as far as i remember when making an account you could make 2 names one for forum and one for logging in :o which of course i maded them different.
    [SIGPIC][/SIGPIC]
  • SilverCleric - Lost City
    SilverCleric - Lost City Posts: 1,969 Arc User
    edited October 2010
    THe only bugs I seen on my CORE Connect is the reset to 0 PvP kills.

    A friend of mines also had a bug showing that hes in the wrong guild ( witch its my guild >_>).
    [SIGPIC][/SIGPIC]

    ✰The Nostradamus of PWI ✰

    ★ A not so Retired Veteran of PWI ★

    ✰ ~SilverCleric~ ✰
  • Borsuc - Raging Tide
    Borsuc - Raging Tide Posts: 1,526 Arc User
    edited October 2010
    Basically a brute-force **** is where the system checks all possibilities starting from the easiest ones (Occasionally the user can actually take a guess at what they "Sorta" think it would be, then the program will check all possibilities around your guess), and working to the hardest ones.
    That is completely impractical, if you mean the program is sending requests to the server everytime to verify the random password and username? It would take ages doing this once per second or so... you need to verify hundreds of thousands of passwords per second to expect it in a lifetime.

    The server would just stop incoming connections from that IP if it's a single one. If you have a large network all working together to "crack" this you'll just get the server down. Too many requests, it's called Distributed Denial of Service attack. (DDoS).

    When people say you crack passwords what they mean is, retrieve the encrypted password from the database (which means they have access to the database, so usernames too), then try combinations, encrypt them, and see if they match.

    The thing with encryption is that it is easy to encrypt one way (i.e encrypt "mypassword" into some byte sequence) but not the other way (from the byte sequence you can't 'extract' "mypassword").

    Once you have the encrypted form of the password, you can't "login", since you have to send the password as a request to the server along with username, then server encrypts that, and checks if it matches with the stored encrypted value. Due to the fact that you can't "extract" the plain password from the encrypted value, you need to brute-forcefully try all password combinations, encrypt them, and see if they match. Once they match you know the password.

    Example: We have the encrypted form "encryptedpass" from the database. Let's try to encrypt "somepassword". It encrypts to "someotherpassword", so it's not it. Let's try "mypassword". It encrypts to "encryptedpass". Woot we found it via bruteforce. (obviously it's not silly like this but you get the point).

    Sorry for detailed explanation.
  • Aria_skye - Lost City
    Aria_skye - Lost City Posts: 88 Arc User
    edited October 2010
    After sending in a few tickets about the matter, here is what's goin on w/ mine.

    1. My 89 venomancer is listed as an 89 human w/ no further information
    2. Achievements from my cleric (Now lv 63) are not being added to my achievement score
    3. My wizard is suffering the same problem as my venomancer
  • Bogatir - Heavens Tear
    Bogatir - Heavens Tear Posts: 72 Arc User
    edited October 2010
    Let's see now, even thought it says 2 characters my alt doesn't show up. It says i'm in a guild i never heard of. Approximately 30% if my accomplishments are missing. It doesn't affect the game so will not worry much about it. The sad thing is they will probably fix this, while never fixing the bugs in the game.
  • HeRaTiK - Sanctuary
    HeRaTiK - Sanctuary Posts: 13 Arc User
    edited October 2010
    i got over 100 kills and ive got not 1 pk achievement on the core connect? wasup with that. b:angry

    bannerpn.jpg
  • LenieClarke - Heavens Tear
    LenieClarke - Heavens Tear Posts: 3,275 Arc User
    edited October 2010
    That is completely impractical, if you mean the program is sending requests to the server everytime to verify the random password and username? It would take ages doing this once per second or so... you need to verify hundreds of thousands of passwords per second to expect it in a lifetime.

    once per second? why would an automated brute-force attack go that slowly? a hundred times per second is quite doable, unless the server places limits on things (which, honestly, it really should --- but does it?); even then, you might be able to distribute the attack sources to generate aggregate volumes at or above that rate.

    plus, your modern day "brute force" attack usually starts with a dictionary of likely and/or common passwords and elaborates on that. when people insist we use strong passwords, ones that aren't words or variations on words --- there's a reason for that; even a dictionary of the english language doesn't take long to go through at a hundred tries a second.
    When people say you crack passwords what they mean is, retrieve the encrypted password from the database (which means they have access to the database, so usernames too), then try combinations, encrypt them, and see if they match.

    such encrypted-password databases, stolen from relatively major websites, have escaped into public knowledge in the past. statistical analysis of the most common passwords people use makes for depressing reading, and the dictionaries one can compile for future brute-force attacks... well, they're already long since compiled; use strong passwords that aren't actual words, everybody.
    The thing with encryption is that it is easy to encrypt one way (i.e encrypt "mypassword" into some byte sequence) but not the other way (from the byte sequence you can't 'extract' "mypassword").

    ideally, yes. unless somebody decided to use a collision-prone hash function, thinking it wouldn't matter since the password database was unlikely to get stolen.
    [SIGPIC][/SIGPIC] Heaven's Tear alts: KenLubin, Sou_Hon, JudyCaraco --- level 5x chars.
  • Borsuc - Raging Tide
    Borsuc - Raging Tide Posts: 1,526 Arc User
    edited October 2010
    The thing is that it can't send too many requests to the server, especially if there's lag. It has to wait for reply back as well, that takes a while. In fact I'm sure the server has at least some simple denial of service protections... trying to "brute force" it this way would not just take more than a liftetime, but get your IP temporarily banned too. (too many requests to server would slow it down)

    You are right about dictionary-attacks but those are not brute-force, that's why they are called dictionary based attacks :P Brute force specifically is impractical unless you do hundreds of thousands of checks per second.

    EDIT: also when I said "encryption" it was purposefully to be more layman since more people are familiar with that word than "hash". In technical terms, it's not a key-encoding encryption but a simple hash... but that's irrelevant I think.
  • LenieClarke - Heavens Tear
    LenieClarke - Heavens Tear Posts: 3,275 Arc User
    edited October 2010
    no reason you have to send requests to the server one at a time, in sequence; open several different connections and do it in parallel. unless server-side DoS countermeasures block that, of course --- as they should, among a number of other things i can think of that i'd be doing if i were helping write the server; you're quite right about that. i've no idea what anti-hacking countermeasures are actually in place, though, and i'm not about to try black-box testing to find out. an IP ban might be the least of the worries for whoever did anything that foolish, as IIRC there are actual laws in place that might be brought in to cope with severe DoS situations.
    [SIGPIC][/SIGPIC] Heaven's Tear alts: KenLubin, Sou_Hon, JudyCaraco --- level 5x chars.
  • Redmenace - Heavens Tear
    Redmenace - Heavens Tear Posts: 908 Arc User
    edited October 2010
    Still no kill count update on my account.

    No interest in any other features.

    RedMenace
    A human being should be able to change a diaper, plan an invasion, butcher a hog, conn a ship, design a building, write a sonnet, balance accounts, build a wall, set a bone, comfort the dying, take orders, give orders, cooperate, act alone, solve equations, analyze a new problem, pitch manure, program a computer, cook a tasty meal, fight efficiently, die gallantly. Specialization is for insects.
    Robert A. Heinlein
  • DrSheets - Sanctuary
    DrSheets - Sanctuary Posts: 23 Arc User
    edited October 2010
    Other then all my characters not showing up and me lists as in no Faction/Guilds.. I think its doing ok x.x


    !~ Me
  • Mendolin - Sanctuary
    Mendolin - Sanctuary Posts: 1,092 Arc User
    edited October 2010
    b:cry my pvp kills were fine until today when i log in... and on my cleric i have 0 now... but they are updated for my wizard i think just fine
    [SIGPIC][/SIGPIC]
  • DrunkWizard - Lost City
    DrunkWizard - Lost City Posts: 523 Arc User
    edited October 2010
    now showing pvp kills but still not showing my Lost city server guild D: , but showing a guild on heaven tear which i didnt log in ages.
    [SIGPIC][/SIGPIC]