Forum :: Announcements :: EO Server Backdoor Warnings

Just hex-edit and good to go xD but if you guys find it necessary still be alert, lol. But if you disagree, I guess you don't have to use it.

iMic posted: (9th Jan 2012, 07:16 am)

I don't for the life of me understand why anyone trusts anything that Elevations is involved in. There's an old idiom, "Fool me once, shame on you, fool me twice, shame on me" that applies here. It's apparent that this guy is corrupt with power and will use any avenue he can toexercise it by exploiting his own loyal following. If anyone questions his authority or threatens his position, he doesn't hesitate to open fire on those that are calling him out for what he or his team are involved in.

Sausage and the entire EOSERV team are so transparent you could mistake them for a plate glass window. Their behaviour is at times radical and their attitudes could use a little work, but you always know exactly what you are getting. There are no surprises. How many times have backdoorsand exploits been discovered in vanilla EOSERV installations?

I'd trust this team with any code they write, I have in the past, I will in the future. They've never let me down.

Even if Elevations' explanation holds some truth and the command should have been removed in a much older release, the fact of the matter is that it was not removed and this shows some negligence on their part. Their player and users credentials have now been compromised once again due tofailure to check their source code. This has happened multiple times now and it's not acceptable in the slightest. It's their actions and carelessness that has tarnished their reputation, Sausage is only doing the public a favour by bringing it to their attention.

To the users, I suggest you heed the warnings given and exercise good judgement when deciding who you should hand over your sensitive information to. Hold the ones that falsify and harvest your information accountable for their actions and do not support them or their affiliates.Developers need to exercise vigilance as the playing field is becoming increasingly uneven, so protect yourself and your code, share it to trusted clients only and any free-to-distribute code should be covered by a strict set of terms and conditions, be it a common license (GPL, Creative Commons,etc) or a carefully drafted binding agreement.

I suspect we will see this dispute heat up further before it cools off.

- iMic (sblord)

And yet before we new elevations owned eosource did we dare look into the exe of eosource? Nope? perhaps just mentioning the name of elevations can make people do many things. Doesn't mean it was the right thing to do by Sausage's part or anyone elses.

jinga posted: (9th Jan 2012, 07:21 am)

And yet before we new elevations owned eosource did we dare look into the exe of eosource? Nope? perhaps just mentioning the name of elevations can make people do many things. Doesn't mean it was the right thing to do by Sausage's part or anyone elses.

---
EOSERV.net Academy Of Trolls, Satirists & Sarcastics
5.5 Years Former Site Administrator / Moderation Team / Member (Retired)

jinga posted: (9th Jan 2012, 07:21 am)

iMic posted: (9th Jan 2012, 07:16 am)

I don't for the life of me understand why anyone trusts anything that Elevations is involved in. There's an old idiom, "Fool me once, shame on you, fool me twice, shame on me" that applies here. It's apparent that this guy is corrupt with power and will use any avenue he cantoexercise it by exploiting his own loyal following. If anyone questions his authority or threatens his position, he doesn't hesitate to open fire on those that are calling him out for what he or his team are involved in.

Sausage and the entire EOSERV team are so transparent you could mistake them for a plate glass window. Their behaviour is at times radical and their attitudes could use a little work, but you always know exactly what you are getting. There are no surprises. How many times havebackdoorsand exploits been discovered in vanilla EOSERV installations?

I'd trust this team with any code they write, I have in the past, I will in the future. They've never let me down.

Even if Elevations' explanation holds some truth and the command should have been removed in a much older release, the fact of the matter is that it was not removed and this shows some negligence on their part. Their player and users credentials have now been compromised once again due tofailureto check their source code. This has happened multiple times now and it's not acceptable in the slightest. It's their actions and carelessness that has tarnished their reputation, Sausage is only doing the public a favour by bringing it to their attention.

To the users, I suggest you heed the warnings given and exercise good judgement when deciding who you should hand over your sensitive information to. Hold the ones that falsify and harvest your information accountable for their actions and do not support them or theiraffiliates.Developers need to exercise vigilance as the playing field is becoming increasingly uneven, so protect yourself and your code, share it to trusted clients only and any free-to-distribute code should be covered by a strict set of terms and conditions, be it a common license (GPL,Creative Commons,etc) or a carefully drafted binding agreement.

I suspect we will see this dispute heat up further before it cools off.

- iMic (sblord)

And yet before we new elevations owned eosource did we dare look into the exe of eosource? Nope? perhaps just mentioning the name of elevations can make people do many things. Doesn't mean it was the right thing to do by Sausage's part or anyone elses.

Sausage brought to the attention of server operators a potentially dangerous backdoor that could be used by the code's author to exploit servers. Justify the purpose of this sort of code to be needed at a non-admin level. I don't buy testing/debugging bullshit. The command should have been an admin/hgm level command. This command was added to potentially fuck a server down the road. Who would do such a thing? Check what names are tied to the command. You are looking like a fool defending this or trying to point the finger at Sausage for attempting to prevent someone's server from getting the ele-fuckover.

The code was there, no doubt about it. There isn't much it can be used as, only one thing, you all know what that is. My point is though that nobody knows for sure exactly. Everything stated on this thread so far are assumptions until they can be proven. I mean sure there is a lot to show for that it is there, but it's not proof that it was intended to be used as a backdoor. Anyone can say what they want about what has happened, but neither side can be 100% positively proven until further notice, which something is bound to probably show up soon. I'm sure more will come outof this topic soon as well. Good luck on this topic. I'm done XD. Anyways off to sleep now.. :P

MitchV2 posted: (9th Jan 2012, 07:40 am)

The code was there, no doubt about it. There isn't much it can be used as, only one thing, you all know what that is. My point is though that nobody knows for sure exactly. Everything stated on this thread so far are assumptions until they can be proven. I mean sure there is alottoshowfor that it is there, but it's not proof that it was intended to be used as a backdoor. Anyone can say what they want about what has happened, but neither side can be 100% positively proven until further notice, which something is bound to probably show up soon. I'm sure more will comeoutofthis topic soon as well. Good luck on this topic. I'm done XD. Anyways off to sleep now.. :P

edited post quick, if you read it before, I worded something wrong lol.

So what the hell do you assume this user level command tied to show passwords was intended for? Come on now, no one is that dumb. Given that this "could" have been admin level (protected on the server operator end) and no valid reason has been given as to why they needed to "test" or "debug" the plaintext username and password of anyone that logs in, what do you honestly fucking think they were doing here. Backdoor, kthx bai.

OBJECTION!

You really think things like that would hold up in a court of law?

Ha ha ha,

---
420Иﻜ0o
"The Lord is a shoving leopard."

Apollo posted: (9th Jan 2012, 07:47 am)

MitchV2 posted: (9th Jan 2012, 07:40 am)

The code was there, no doubt about it. There isn't much it can be used as, only one thing, you all know what that is. My point is though that nobody knows for sure exactly. Everything stated on this thread so far are assumptions until they can be proven. I mean sure there is alottoshowfor that it is there, but it's not proof that it was intended to be used as a backdoor. Anyone can say what they want about what has happened, but neither side can be 100% positively proven until further notice, which something is bound to probably show up soon. I'm sure more will comeoutofthis topic soon as well. Good luck on this topic. I'm done XD. Anyways off to sleep now.. :P

edited post quick, if you read it before, I worded something wrong lol.

So what the hell do you assume this user level command tied to show passwords was intended for? Come on now, no one is that dumb. Given that this "could" have been admin level (protected on the server operator end) and no valid reason has been given as to why they needed to "test" or "debug" the plaintext username and password of anyone that logs in, what do you honestly fucking think they were doing here. Backdoor, kthx bai.

And yet there is still no proven fact that is what it was intended for? who could of ever suspect sordie backdooring seose but everyone must suspect elevations backdooring eosource because we somehow know that is his nature? How do we know it's his nature? Really? we don't. We just are assuming based on actions hes commited, not on fact. do we actually know elevations personally? No? We only know what we see of elevations and that is much different.

It's just like when Thiamor said to Sausage he was a physcopath and yet sausage replied saying thiaimor didn't even know sausage? Yet we do not even think about elevations as a personal being? do we even know elevations? No? based on our opinion he is just some kind of monster? ridiculous.

I think it may have been good to discover the backdoor but, at the same time I no way condone or support such actions of pure hatred towards elevations without fact. Because obviously you and Sausage were wanting to expose elevations? and this was before you know he even done anything wrong? It's as if you somehow knew truth before truth even existed?

You say Elevations done bad things but there is no timeframe to go with it. Because this is how I see it:

Apollo And Sausage are the Cops
Elevations is the robber.

It's as if you are playing a game of cops & robbers and while you pretend to know and understand why ele commited such "crimes" you also assume you understand him and why he does each and every one of them.

And while ele is commiting such crimes you have no evidence of these crimes. You think ele is the master mind criminal behind every little plot. But what happened to innocent until proven guilty? There's no facts that his intention was to use such command for unlawful purposes on servers? and yet here we are.. claiming he has already done it?

Or are you going to tell me you caught ele before he had chance to act on it? That's playing the cop.

i just want to make a quick post about this, yes it's true there was such a command i just found out now since i don't even look in the source, anyway that command was there already in an early revision of his server Hollowfication he forgot the delete it, yes i agree it is wrong, and bad and whateveryouwant to tell us. but i just would like to say that hollow will delete it out of the next revision and you're feel the scan it again or whatever you want to do with it. Last thing i want to say about it we NEVER used the command. you can ask to anyway we never used the command on their server.because we didn't even know it was their, it was an old command used for hollow's own server in that time.

---
opensource isometric game engine ~ www.avac-engine.blogspot.com

I'm sorry, Sordie had a user exploiting backdoor? Sordie told you upfront that Seose had commands she could access were she to log in. And wait, didn't Sausage flat out write Seose to EOSERV conversion when the special hidden commands were made public and suggest no serious server continue using Seose just as he has done in this case. If you are still too dumb to see that command for what it is go ahead and use it. If you aren't an idiot, there is a clean open source code on this site that you can use and learn from just as the ones that compiled the modified version with the backdoor did.

Apollo posted: (9th Jan 2012, 08:28 am)

I'm sorry, Sordie had a user exploiting backdoor? Sordie told you upfront that Seose had commands she could access were she to log in. And wait, didn't Sausage flat out write Seose to EOSERV conversion when the special hidden commands were made public and suggest no serious server continue usingSeose just as he has done in this case. If you are still too dumb to see that command for what it is go ahead and use it. If you aren't an idiot, there is a clean open source code on this site that you can use and learn from just as the ones that compiled the modified version with the backdoordid.

Well i havn't had a problem with my EOSource server so far until Sausage started attacking servers with this "backdoor".

Also the SEOSE2EOSERV application its not even fixed on Sausages download page it still doesn't transfer the map id's of the character which, hollow fixed and recompiled on the EOSource website so i think Sausage has done a great job fixing that nope? instead he's too busy "exposing eosource".

jinga posted: (9th Jan 2012, 08:59 am)

Apollo posted: (9th Jan 2012, 08:28 am)

I'm sorry, Sordie had a user exploiting backdoor? Sordie told you upfront that Seose had commands she could access were she to log in. And wait, didn't Sausage flat out write Seose to EOSERV conversion when the special hidden commands were made public and suggest no serious server continueusingSeose just as he has done in this case. If you are still too dumb to see that command for what it is go ahead and use it. If you aren't an idiot, there is a clean open source code on this site that you can use and learn from just as the ones that compiled the modified version with thebackdoordid.

Well i havn't had a problem with my EOSource server so far until Sausage started attacking servers with this "backdoor".

Also the SEOSE2EOSERV application its not even fixed on Sausages download page it still doesn't transfer the map id's of the character which, hollow fixed and recompiled on the EOSource website so i think Sausage has done a great job fixing that nope? instead he's too busy "exposing eosource".

_pissoff

jinga posted: (9th Jan 2012, 08:59 am)

Apollo posted: (9th Jan 2012, 08:28 am)

I'm sorry, Sordie had a user exploiting backdoor? Sordie told you upfront that Seose had commands she could access were she to log in. And wait, didn't Sausage flat out write Seose to EOSERV conversion when the special hidden commands were made public and suggest no serious servercontinueusingSeose just as he has done in this case. If you are still too dumb to see that command for what it is go ahead and use it. If you aren't an idiot, there is a clean open source code on this site that you can use and learn from just as the ones that compiled the modified version withthebackdoordid.

Well i havn't had a problem with my EOSource server so far until Sausage started attacking servers with this "backdoor".

Also the SEOSE2EOSERV application its not even fixed on Sausages download page it still doesn't transfer the map id's of the character which, hollow fixed and recompiled on the EOSource website so i think Sausage has done a great job fixing that nope? instead he's too busy "exposingeosource".

here why DON'T YOU FIX IT YOURSELF and you properly  won't even know what a compiler is cause your using a closed sourced server with a backdoor to it

Edit when does SEOSE2EOSERV become Warning: Do not use EOSource or Seose

maori posted: (9th Jan 2012, 09:16 am)

jinga posted: (9th Jan 2012, 08:59 am)

Apollo posted: (9th Jan 2012, 08:28 am)

I'm sorry, Sordie had a user exploiting backdoor? Sordie told you upfront that Seose had commands she could access were she to log in. And wait, didn't Sausage flat out write Seose to EOSERV conversion when the special hidden commands were made public and suggest no seriousservercontinueusingSeose just as he has done in this case. If you are still too dumb to see that command for what it is go ahead and use it. If you aren't an idiot, there is a clean open source code on this site that you can use and learn from just as the ones that compiled the modified versionwiththebackdoordid.

Well i havn't had a problem with my EOSource server so far until Sausage started attacking servers with this "backdoor".

Also the SEOSE2EOSERV application its not even fixed on Sausages download page it still doesn't transfer the map id's of the character which, hollow fixed and recompiled on the EOSource website so i think Sausage has done a great job fixing that nope? instead he's too busy"exposingeosource".

here why DON'T YOU FIX IT YOURSELF and you properly  won't even know what a compiler is cause your using a closed sourced server with a backdoor to it

Edit when does SEOSE2EOSERV become Warning: Do not use EOSource or Seose

Exactly..

And I doubt you would have had a problem with 1-10 players online. Ele was trying to sucker BU into using EOSource. Just had someone that Elefag wouldn't think would rat him out do just that. I will screenie my MSN.