Forum :: Lounge :: Exercise Caution - Dealing With Private Servers

DISCLAIMER: Anyone that has been affected or associated with any attacks or disputes as a result of misconduct on the behalf of private server operators should not reply in this thread. Doing so will only attract more attention to yourself. Any and all information that has been contributed to the research behind this thread is provided by many users, up to potentially hundreds, and all have been contributed in 100% anonymity.

It has been bought to my attention that a number of private servers are not operating within legal conduct. This thread is intended to provide a discussion not on who is responsible, but as a guide on how we can protect ourselves against exploit and attack when playing private servers.

Every day I take anonymous tip-offs from players and server staff alone notifying me of misconduct from private server owners. This comes in a number of forms, each varying in severity.

- Harvesting of account data, passwords and email addresses

- (Distributed) Denial of Service attacks against individuals

- Slander and Abuse

- Identity Theft

Players need to be aware that the EOSERV software is being abused by certain individuals to run private servers that, although they look promising and exciting to play, are intended for malicious purposes or more commonly, are perfectly playable games, but any dispute or disagreement with the staff members can result in one of the four above acts.

The worst part is, it's not the smaller private servers responsible for this. Larger private servers are more likely to commit such acts and currently the information provide suggests this is the case.

Here are some basic suggestions for ensuring you remain protected while playing private servers.

Follow the SLN. Although it isn't a perfect solution, servers listed on the EOSERV SLN are subject to a certain amount of scrutiny from the community, and any malicious activities quickly surface among the community.

Do Not Reuse Account Details. Each and every account you maintain across servers, including Main, should use a different password. If possible, use a temporary or throwaway email while registering for private servers. Register a second Gmail account. Anything to ensure that should your email become compromised, the impact is minimalised. Also, ensure that all server accounts, private or not, do not use the same account information as your email, MSN, Facebook, etc accounts.

If you have any doubts, don't play it. Private servers are generally watched by the community. If servers have a history of attacking or exploiting individuals, either unprovoked or provoked, then find another server.

Keep a Low Profile. When registering for private servers or private server forums, chatrooms and other services, refrain from providing your real name, location (even country if possible), mobile numbers, email addresses other than the one you've provided. Do not post MSN or other chat details to anyone unless absolutely trusted. Never link to or provide any details involving your Facebook page. Also, if a private server has a Facebook page, you should avoid liking or subscribing to a page initially.

It does limit your options for private servers to an extent, but it's better to select from a limited number of servers now than attempt to resolve a dispute or attack later on.

For those of you that are already the target of an attack, basic rules for minimising the effects of attacks is to change all your passwords as soon as possible. Any accounts on private servers, Facebook, chat services, etc that have already been compromised should be shut down or disabled until further notice by contacting the administrators or staff via the support pages/numbers/emails of the particular service. Denial of Service attacks are difficult to stop, but you should take down any information possible and speak to your Internet Service Provider to have the effects of the attack reduced or eliminated, usually by having your IP address changed. If you have closed any accounts, changed any details or changed your IP address then refrain from logging into or even visiting the servers and websites of the private server in question. Even visiting their website opens the potential of having your new details traced.

At the moment authorities within the EOSERV community and other communities are also exploring legal options against private servers that have committed misconduct to protect victims of attacks, exploits or abuse and to ensure this does not happen again. Victims of attacks are also being offered support from certain members of EOSERV staff, myself included.

It has also been suggested that we implement some form of "Premium Private Server Program" to award private servers that operate within conduct with certain benefits, including first priority to players looking for private servers to play. This idea is currently being discussed with members of staff and select members within the community.

For now, stay safe EOSERV.

---
EOSERV.net Academy Of Trolls, Satirists & Sarcastics
5.5 Years Former Site Administrator / Moderation Team / Member (Retired)

ya. I always use a diffrent password for private servers.

Great, scare the shit out of everyone, that helps a lot.

I've always played as a fair server operator. I've never once advertized on another private server, threatened or attacked anyone, phished accounts or any of the bad things you mentioned above and none of the bad things people have done in the past either. I can bet you now I would never receive such award or "premium" status, due to being an asshole all the time! :)

At least I'm not malicious.

---
Web developer, currently looking for graphic artists / designers.

The passwords are hashed though so, dont know about eoserv , prolly?

---
Andrewbob - I would be on the fucking copter of rofls

Programmer, Web Developer, and Graphics Designer

Scaring everyone or not, it has to be said. I can't offer the context of this thread as I am trying to protect certain individuals, but everything i've written above is something that players should be aware of.

The idea of the Premium Private Server concept doesn't take into account the quality of a server, the attitude of the admins or any other factors. It only takes into account whether a server is misusing player information or abusing, exploiting or attacking individuals for their own gain. All private servers would be considered Premium initially, only having the title revoked if they do something to lose it.

EOSERV does hash passwords by default but due to its open-source nature, it is possible that certain private servers will remove the code that hashes passwords to store them as plain text. There have been reports of this happening before with one particular private server.

---
EOSERV.net Academy Of Trolls, Satirists & Sarcastics
5.5 Years Former Site Administrator / Moderation Team / Member (Retired)

Wildsurvival posted: (26th Mar 2011 04:29 pm)

The passwords are hashed though so, dont know about eoserv , prolly?

It's easy to remove password hashing from an open source program.

---
Web developer, currently looking for graphic artists / designers.

This is why you should be "password" securing your MSQL Database. Of have a firewall.

I agree with all this and I think it may even be our responsibility to point this out to people in light of other situations occurring. WickedFrost MAY have been right in one aspect here, security. You should take caution with ANY private server. But there's a problem with all this advice being given. Some people DO decide to give out fake information, every time, and then just forget it. They're never able to recover their accounts later. Take caution there and write down your details.

---
Wish upon a star!

Plasmastar posted: (26th Mar 2011 06:05 pm)

Some people DO decide to give out fake information, every time, and then just forget it. They're never able to recover their accounts later. Take caution there and write down your details.

That's their own problem, if they're going to be secure, then at least use a pen and paper or have a reasonably good memory :D

Well it's about time you guys accepted some fucking responsibility. Let's hope it catches on.

Note: if you're going to do this, don't hang around halfway. Either do it all properly and get sctrict, all lose all respect for moderation, sitting in the middle swapping stances makes you guys look very unprofessional.

---
Web developer, currently looking for graphic artists / designers.

Plasmastar posted: (26th Mar 2011 06:05 pm)

I agree with all this and I think it may even be our responsibility to point this out to people in light of other situations occurring. WickedFrost MAY have been right in one aspect here, security. You should take caution with ANY private server. But there's a problem with all this advice being given. Some people DO decide to give out fake information, every time, and then just forget it. They're never able to recover their accounts later. Take caution there and write down your details.

Doesn't have to be difficult. Even on here I use a secondary email address (one single email address that I don't care what happens to it) and another password that's separate from my Facebook, MSN, etc accounts. It's easy.

Klutz posted: (26th Mar 2011 06:24 pm)


Well it's about time you guys accepted some fucking responsibility. Let's hope it catches on.

Note: if you're going to do this, don't hang around halfway. Either do it all properly and get sctrict, all lose all respect for moderation, sitting in the middle swapping stances makes you guys look very unprofessional.

---
EOSERV.net Academy Of Trolls, Satirists & Sarcastics
5.5 Years Former Site Administrator / Moderation Team / Member (Retired)