Jump to content

Isolation

Member
  • Posts

    18
  • Joined

  • Last visited

  • Days Won

    2
  • Feedback

    0%

Isolation last won the day on January 5 2017

Isolation had the most liked content!

About Isolation

Informations

  • Gender
    Male

Recent Profile Visitors

952 profile views

Isolation's Achievements

Apprentice

Apprentice (3/16)

  • First Post
  • Collaborator
  • Conversation Starter
  • Week One Done
  • One Month Later

Recent Badges

52

Reputation

  1. Isolation

    About me!

    That's how things work. People deceive and get deceived. You can't deny you knew earlier that this community is driven by profit and selfish people. But nevermind. Most people can't handle the toxic community metin2 has. Good luck for your future.
  2. No, this isn't normal. What gamefile are you using? Do you have any quests using mysql? check them. Also provide your syslog at the time the lag occuring. That'll help us detecting your problem.
  3. To find emily17 on epvp is easy, just google "elitepvpers emily17" there I found the account. Seems like you are right then. I'm not the defense here but let's just stick to the facts we know. Yes, indeed, it seems like an accident on the wrong account. Or - like the explanation from vanilla - an accident between friends. The point is: What was it really? Do you have proof that it's as you said? Nobody has because everything is speculation. Same with vanilla. Nobody has proof that it's as vanilla said. Vanilla's cause of disappearance has nothing to do with genders or anything like that. Vanilla's real identity or gender was never in harm so there's no similarity between both of them. Additionally if you have a look at alessa's profile you can see that he never really left. Sometimes he made some posts. Also something he doesn't seem to share with vanilla who clearly vanished. As I said we'd continue this discussion endlessly. There's no proof for both sides. There are only possibilities.
  4. Well, Inya. You're the first one who actually brought up evidence on this topic. If it's true what vanilla said when she claimed alessa would teach her, then everything else would make sense. The "I don't help you", the IDA knowledge and - if they might be friends - the wrong poll. Additionally there are tons of people who can edit stuff with IDA. You can't say that someone is another person just because they can do the same 'magic tricks'. Also you're telling that Emily17 is an old account. How do you know? But still, you have valid points for her being alessa. Your claim isn't without doubt but it's still a big possibility. Though are still other things that don't add up at all. For example: Why? Why would she claim to not be alessa? And why would she do such blatant mistakes? Edit: I've visited the page of Emily17. Seems like it isn't too far fetched. Her behaviour seems a bit similar to vanilla. Still no crucial evidences for her being emily17 but it isn't impossible.
  5. I highly suggest that you should refrain from making claims against people if you don't have any evidence to back up your thesis. Either prove it or remove it. I'm interested to get to know more about vanilla but all I want is facts and not ridiculous claims without any evidence.
  6. The first reply that actually makes sense. Thanks for that. To the others: Shouldn't you be ashamed? We all know that you're not 24/7 slaves but if people have to suggest more often than once that this section should be cleaned it's clearly not a healthy condition for the forum. You applied for it so stop complaining about people telling you that you'd actually do your job. You are the ones here who should keep it clean and you can't tell me that every moderator has literally no time for it. It's not about cleaning it as fast as possible, he mentioned that you should clean it at least once. Additionally, you shouldn't undo your duty as a moderator with simple phrases like "report it or we won't do anything". Being a moderator also includes to look for such things even if they aren't reported. And you can't tell me that it's hidden - the section was nearly spammed by questions.
  7. I've found a maybe better solution that's even easier to implement. First make sure you selected the account database: use account; Then you can run the following query to create your function. Make sure to replace the peppervariable with something of your own! CREATE FUNCTION enc_pw(s CHAR(24)) RETURNS CHAR(50) DETERMINISTIC RETURN PASSWORD(CONCAT("thisisyourpeppervariable", s)); Then you won't have to add your pepper variable anywhere. Just use the enc_pw() function in your queries. For example: SELECT enc_pw('testpassword'); This'll return the password you need. Pros: + No need to store your pepper variable anywhere at your webserver etc. + Easy to use implementation + Easy changeable. You can for example add AES-encryption which is also supported by mysql to your function. The function is persistent. It'll even be there after a reboot. If you change something you'll first have to drop the old function: DROP FUNCTION enc_pw; Simple as that. In your source code you'll only have to edit input_auth.cpp to simply use enc_pw() instead of PASSWORD() for your query. You can also use the function at your webserver. So people who could've get access to your webserver won't be able to retreive your peppervariable. In addition: You can, as I stated, change the encryption completely. You can for example use SHA2(), AES or anything else that comes into your mind to even further encrypt it - twice if needed. Hackers won't know what encryption algorithm you're using. They'll be clueless unless they get to see the actual function. If you manage your permissions right and only allow your homepage user acces to the tables itself (You'll only need select, insert and update for some tables, NOT the actual database itself) people won't even be able to have insight to the function. You can test it. Log in as your homepage user, select the database account and run the following command: SHOW CREATE FUNCTION enc_pw; If it shows you the function routine, then you have permission to do so and you should lower the permission you give to your homepage account. If used wisely it's a very secure procedure.
  8. You're right. I've contacted her. In the heat of the moment she sent the wrong branch. New download: [Hidden Content]
  9. It's not from me, it's from vanilla. Tell us what's missing and I'll try to contact her again.
  10. Download Metin2 Download Yesterday something special happened. For people who don't know vanilla or aren't interested at the background story and all this shit that happened the last few months: You can simply scroll down and download the source. It's the full source of game, db and libs. Only Extern is missing but that shouldn't be a problem. First let me clear some points: No, I am not vanilla. And yes, Vanilla is still disappeared. And all of you who thought that reselling vanillas files and talking bad about her (I talk about vanilla as a 'her' because that's the only official gender, no proof that she's a he so I'll continue with that. You may replace it with 'he' for yourself if you wish to do so) would be okay: NO IT ISN'T. You never knew the circumstances behind that. You're blaming a person who had no other choice than that. But please allow me to enlighten everyone. Yesterday a hacker logged in to vanillas skype account and added me. He insisted on me being vanilla. But I managed to get some more details about the hacking itself. He claimed that vanilla's got a virus and the hacker was able to see her skype messages. It may be true or not but it's crucial for the incident that happened as vanilla vanished. Some of you maybe know it. There was a person (which name I'll censor) who bought a license from vanilla. He sent her the paysafecard but as she went back home and looked for it, it was already used. So she thought he wanted to scam her. But he thought she would be the scammer since he only gave her the psc code. So what happened? The hacker told me yesterday that since she got a virus on her pc and he was able to log in with her skype account he took the psc and used it. So yeah, you can say the hacker's also a thief. But the thing that caused vanilla to disappear is: The guy who traded with her told her that he'd call the police. And that was the point where she decided to leave. Not for just her sake but also for the sake of people who have nothing to do with this. She always used friends as background people. So she could manage to do things as more than one person. In case something happens, nobody would know who actually is vanilla because under her pseudonym there'd be more than one person. So what would happen if the police was called? You got it, they'd fetch identities of people who aren't related to all of this. They'd be in danger of getting into something illegal. Was it a mistake she made? Yes, but it happened and that's the reason why she HAD TO disappear. She also couldn't tell anyone because every trace had to be eliminated. What she didn't knew all along is that people were able to access her e-mails. And that's the point. I also had access to it since the password got leaked and stuff. I for myself registered here with a special agenda of mine. I already told you. But my target was to find out who vanilla is since I also bought from her and I was also mad at her. I kept watching the e-mails and looking for something new and waited. I also contacted a background person who told me everything he knew from vanilla and about the incident. That's where my agenda shifted and I wanted to catch the hacker by myself to prevent people from getting harmed. But as soon as the hacker contacted me and I realized that he also got her e-mail access.. I was damn sure to not let him go with that. I changed all the passwords I knew from her so he couldn't have any access to it. But unfortunately he may or may not find out about some of her backup people. So now I had to do something. Yesterday I tried to contact the person again and he established a connection to vanilla. So yeah, I finally managed to get in touch with her after all those months. She also told me to give something to you. This message from hers is for everyone including the hacker. It's up to you what you believe. You may or may not think that I'm vanilla. You may or may not think that she deserved to be punished. But I also ask everyone who is involved into this to stop digging into this topic. It's over. I for myself was able to read the words I wanted from her since she disappeared. She apologied and repaid for everything. So I changed the password of every account from vanilla I knew. No one should ever make use of these accounts except the rightful owner. That's all. Download: [Hidden Content] Download2: [Hidden Content] I do not know what's newer or not. no password.
  11. It's quite easy to add it to your homepage. Just concatenate the password string you'd normally use for your query with the pepper variable. Changing the whole encryption is a bit overkill I think. It'd only cost more performance without having a significant impact on your security.
  12. Many people nowadays fail to lead a server. They also don't take responsibilities for their failure. There's a huge risk in security in these times where databases are getting leaked and account tables released. That's why I want to give you something for free. I'm not into showing "great c++ skills", it's just the fact that securing private data is the most important thing an admin should do. So. Here is the simple solution. Nothing too fancy but it'll do it's job. A players password is stored with the built-in mysql function "password()". But as you already know people are too dumb to create more complex passwords. And there's always the risk of you getting your database leaked. It's easy to use rainbow tables to restore the original password out of its hash. A simple solution: pepper. Pepper will automatically raise the password length by itself and therefore modify the hash you'll receive at last. It's just a simple "extension" if you want to call it like that. For this we think of a special letter like "test12356789". Now let's simply add it to every password you're using to log in. 1. find CInputAuth::Login in input_auth.cpp 2. above char szPasswd[PASSWD_MAX_LEN * 2 + 1]; we can add: const char pepper[] = "test123456789"; //make sure to change this! And then modify szPasswd[PASSWD_MAX_LEN * 2 + 1]; we earlier found to: char szPasswd[PASSWD_MAX_LEN * 2 + 1 + strlen(pepper)]; 3. Above // CHANNEL_SERVICE_LOGIN we can simply add: strcat(szPasswd, pepper); The code is simple. We declared a char variable and put our text into it. We modified our szPasswd-variable because we want to append our text to it with strcat. Note that strcat removes the old null-termination character, that's why we can safely use strlen without adding +1. That's all. Compile it and you're ready to go. Make sure you're also adapting your homepage to pepper. Just do the same trick. If you're on a running system and want to add pepper, then just force your users to change their paswords. With this addition rainbowtables will most likely be useless. People would have to create new rainbow tables that are adapted to your pepper-variable. Nobody would do that especially since they don't know what you actually typed in there. Just make sure nobody knows what you used as your pepper variable. I know it's nothing that big. But the topic is too serious and I guess most people don't even know the existence of pepper. Oh and there's also a better security than this: Protect your users data. That's all.
  13. Wrong²²²² You can speed up compilation. But it's not that easy. Do you even know what -j20 means? It's an optimization for you if you have more threads from your cpu. You can let gcc compile more cpp-files simultaneously. You'd never just make -j20 because you feel like doing it. Normally you'd calculate the value for yourself. -jx, where x = number of cpu threads * 1.5 at physical hdd's but you can play with it a little bit. It's just for you to use different values and check how much time passes. -j20 makes no sense. Neither do you have that many threads nor would a normal hdd (ssd could possibly do it) handle it. Additionally, the compiler caches it's tasks into your memory. The more memory you can serve, the faster it can compile your project. Play with compiler flags. Use ccache, that'll also speed it up. Always benchmark how fast your compiler does the job. Optimizing it isn't just copy-pasta everything from everywhere, it's more like playing with it and testing how everything affects your compiling time. Also newer versions of gcc/clang are much faster. Feel free to try it out.
  14. .. Ask the right question. I guess that's pretty clear. At least for me. Just execute the following command: pkg_info if you're using the new version of pkg then just do: pkg info Post the results. I guess the mysql-client package is missing therefore it's no surprise that your server is unable to find the mysql command.
×
×
  • Create New...

Important Information

Terms of Use / Privacy Policy / Guidelines / We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.