View topic - Recent Greifing

[Curley]

Ok, apologies first for how much this post is going to end up being word vomit cause my mind is fried from staring at a the server log for 3 hours and parsing just what happened. I've included a TL:DR at the end for those that don't care or aren't affected by the rest of it.

Anywho, onward!

So first and foremost What happened. From the perspective of players,
-around 6:30 servertime the account omgchad logged in
-gave a couple people 10000000000000000000000000 coins
-distributed a couple chests full of/fully edited some peoples inventories with diamonds and diamond blocks
-Took his fun to the survival nether where he proceeded to run many arbitrary world edit wipes as well as spawn about a dozen withers.
a lot of this was while popping in and out of vanish so maybe you saw him maybe ya didn't

Good thing for the reputation of the beloved chadster, it was not actually Him. Unfortunately for us it was actually a malicious player looking to cause pain and sadness to a bearded admin and all of you. Recently discovered due to some work from dinnerbone (bukkit dev) and md_5 (spigot dev) there is a bug in the logic of the vanilla minecraft server that, long story short, allows for a bypassing the authentication check used to verify a player is who they are. It's better explained here http://bit.ly/1dXfi0W if you're interested. Cutting to the chase, we had an affected version running, this was 100% my fault and I take full blame for the time and trouble lost due to the exploit, it has now been patched and steps are being taken to protect from future bugs with mod authentication.

Now for some good news before all the bad; I can't understate enough that WE GOT OFF LUCKY. If the turd had any real knowledge of the way I run things he could have done a lot worse. He only had about 30 mins of time causing mischief.

That being said I'm going to attempt to outline the main things that happened and our decided upon resolutions.

1: economy alterations

All the accounts that were gifted money from the exploiter as well as money from someone that was gifted cheated money have been reverted. There won't be any bans or anything for any of the accounts that were obviously not doing anything malicious. There is an additional concern for some accounts due to the amounts gifted being so high it corrupted the data value. These accounts have had their coins reset to $0 and I will be contacting them on a case by case basis to decide upon a solution. If somehow I miss you please do not hesitate to tweet at me.

2: Diamond/cheated item gifting

Many players during this 30 mins were bestowed with diamonds, diamond blocks, chests full of diamonds, etc. These items were then distributed around the server at shops, hand to hand, placed in chests, or just given away to others. While I don't blame anyone for this (remember it seemed to come from the benevolent chaddington) some players were obviously aware of the situation, consciencely partaking in the greifing, and have thus been banned. Now as for everyone else we mods discussed a few scenarios and came up with this; While I could go around and track down every single transaction I flagged in the server log there's no way for me to get all of this issue rolled back and along the way there's going to be anger and accusations and hurt feelings due to false positives. For the most part, our plan is simply the honor system of twit. If you know or suspect you have a chunk of cheated in items we asked that you simply destroy them or, hell, do something fun like whole a tournament or scavenger hunt or whatever. Turn a bad day into something awesome for the server.

3: Survival The End

Not gonna lie, survival was, and maybe is, in a bad shape. The withers destruction is not that big of a deal due to prism and logblock but the trouble is world edit. world edit doesn't have a log of it's changes nor a rollback feature (outside of the client that did it). I discussed this at length with the mods and we have 2 options that, honestly is going to need to fall to the general playerbase and not the mods.

option 1: leave as is and rebuild (with mod help) anything that is drastically affected, Also, DRAGON!

when you have time check out the end, We've done extensive rollbacks on the changes from the fake chad and withers and have noted that a lot of the worldedits were in kind of barely used zones. If you guy determine that it's good enough now we can have the mods and players rebuild all the little nooks and crannies that are really borked. Also since we need a new ender portal made and also a little happy fun for missing a whole night of twitcraft, the dragon is respawned and will hopefully make a new portal! kill it with fire.

option 2: Roll survival_the_end to the most recent full backup (sadly 08-03-13)

The end is not part of my regular backup schedule and was last fully backed up on 08-03, I can wipe the world that's currently there and replace it with that one. Just gonna say that....it's an option.

Please vote here, I'll take action as soon as it seems we have a majority. Only you guys can determine how bad it is. http://strawpoll.me/417916

And well guys, That's about it. Again forgive if I came off babbles, This all sounded better in my head as I was formulating it but it's now midnight and this was my evening Final thoughts, another day another block. Keep on keepin on!



TL:DR
-Mojang server exploit found
-Random kid exploited authentication server, gave money, diamonds, worldedited the end and spawned withers in the end
-Actions have been taken to remedy each issue as best as we can see fit
-Money removed from accounts that I was able to
-going case by case for those accounts that got corrupted
-Diamond distribution fix is going to have to be honor system.
-We ask you please destroy anything obviously received due to the exploiter
-The accounts that were overtly abusing the cheated items have been banned accordingly
-The end was in pretty bad shape.
-2 options that will be discussed.
-Rollback to 8-03-13 or fix by hand.
-Server has been patched and steps taken to avoid future issues.

[helicologo Profile]

Thought it was to go to be... I was "gifeted 56000$ And will get rid of the Diamond Blocks left in my keeping... This suck because Pyxisgirl and myself just started and a roll back may get rid of every thing we have done.. But what we have built is kinda small.. but it is our little "home"... I feel like a part of a community..A good one And will gladly stand by what everyone thinks is best. To rebuild is part of life.. Even in Game.. Thank you all who work so hard to make TwitCraft a fun place to play...

[Warriorbox Profile]

Well done for all that Curley... I had two diamond blocks thrown at me by someone I didn't know, so I gave them back... I don't take sweets from strangers :¬) So, end of story for me...my account was not messed with...

Very sad to see the damage in the over world...The End isn't somewhere I have been before today, so I don't have any issues with either rollback or rebuild.

[Timberwolf1777]

Dont worry helicologo. Rollbacks are localized to the affected areas .... in this case "the end." Your home should be safe.

As for the request to destroy diamonds: My shop was sold a very very many of them and I paid cold hard cash that I earned for them so I came out "zero sum" in this. Money or diamonds ... either/or is fine by me I will happily destroy the diamonds once I get reimbursed the $60K or so that went from my acct to Cranecrusher, LucianoRando, etc., when the diamonds in question exchanged ownership. Please let me know how you wish to proceed.

[PosterAnonymous Profile]

I don't take sweets from strangers :¬)

Yeah you're much more of the van sweets-distributor type, right?

EDIT: A decision appears to have been made. Please disregard.

[Warriorbox Profile]

I don't take sweets from strangers :¬)

Yeah you're much more of the van sweets-distributor type, right?

EDIT: A decision appears to have been made. Please disregard.

whutt??

[PosterAnonymous Profile]

That's right, WB! Deny it all the way to the slammer! Good job! Our fine lawyers here at "Poster, Poster, and Poster and Associates" shall defend you 'til the end!

...

Or until the diamonds run out...

[Warriorbox Profile]

I would deny it, if I knew to what you were referring!

[PosterAnonymous Profile]

Exaaaaaaaaaactly!

[VanDerProtofsky Profile]

Oh, that explains the random block of diamond I found in the middle of a street. Thank you for the explaination, Curley.

[Curley]

As for the request to destroy diamonds: My shop was sold a very very many of them and I paid cold hard cash that I earned for them so I came out "zero sum" in this. Money or diamonds ... either/or is fine by me I will happily destroy the diamonds once I get reimbursed the $60K or so that went from my acct to Cranecrusher, LucianoRando, etc., when the diamonds in question exchanged ownership. Please let me know how you wish to proceed.

Don't worry Timber, I noted this to everyone in the mod chat during my parsing of the log, I think I specifically used the phrase, "oh hey, check out good guy timber, he insisted on paying for the free diamonds." Carry on as you see fit.

I was "gifeted 56000$ And will get rid of the Diamond Blocks left in my keeping...

As for you Heli, I already removed the 56000 before I booted the server, Thank you for coming clean on the diamonds. As for anything else you shouldn't have to worry about rollbacks or anything. Just enjoy playing and thanks for being a stand up guy.

[Timberwolf1777]

So I know that we voted already but Id love to have the option of a month old backup of the end be discussed again. Ipodparf's enderman grinder is still completely gone ... along with all of the chests it once held. So it seems that some diamonds were destroyed after all as I had about 6 stacks (including blank tools and armor) there that were simply deleted ... not to mention what the other players who had chests there lost.

With the missing grinder itself, all of the players who are friends with ipod and who shared it and depended on it will be hit hard when its time for more books/armor. I can start to try building a new grinder but I have never done one before and would love to see how people respond to this before I start the build.

That said, I am indefinitely shutting down the books/tools/armor section of my shop. There is currently no efficient way for me to maintain the inventory.

Thanks

[torontomario Profile Website]

I didn't noticed this post here I started building my own enderman farm I put in a modreq asking can my build be saved in the rollback please and thank you