[MaTrIx4057]

I won't discuss anything with anyone, i just warned everyone and the info comes from trusted faces so better change your password if you have registered on esl server.

Quote:

Originally Posted by Diablosrouge We don't have to prove anything, plus even if we'd prove anything by screenshooting the whole FTP I bet people would just say the files were deleted, and no I wont give access to the FTP to anyone The topic will die and eventually get deleted as nothing will happen but bullshit stories coming from matrix and his clan, an old tradition.

Who are you and why are you even posting here, do i know you?

Quote:

Originally Posted by cessil I have not heard about any of these reports, are they publicly available?

No, private.

[carz0159]

This is why I use different passwords for different websites, games

[[WA]iRonan]

Dude, almost every server can read pw's. So? You think we can stop this. U cant, if you wanna stop it. you want to deleted 6000+ servers

[AngryUnibrow]

Quote:

Originally Posted by [WA]iRonan Dude, almost every server can read pw's. So? You think we can stop this. U cant, if you wanna stop it. you want to deleted 6000+ servers

Actually, alot of servers store their passwords as encrypted text.

[Saurik]

Quote:

Originally Posted by AngryUnibrow Actually, alot of servers store their passwords as encrypted text.

Well AS the mad unibrow said, a lot of servers encrypt their passwords with different tools. Some use whirlpool and others use MD5 or w/e. I encrypt all my passwords.

[AndreT]

Quote:

Originally Posted by AngryUnibrow Actually, alot of servers store their passwords as encrypted text.

Plaintext, encryption... that's all bad. Server owners should hash the passwords of their users. Some commonly used hash algorithms are SHA1 and Whirlpool (plugin by ******), although I would suggest the latter because although SHA1 is not fully crackable with easy tools, some vulnerabilities still have been found. Hashed input cannot be reversed unless the hash is somehow vulnerable and the cracker has serious firepower in their computing machine! Some people claim that this is not necessary as they don't have the intention of using these passwords, but beware, there might be bad guys interested in exploiting them. The more popular your server and the more registered accounts it has, the more wanted it becomes by scriptkiddies. And oh god, if you also store e-mail addresses, these guys are like bees who have found a honeypot! I can bring an example from my personal experience with an official server from 2008 (that I was somehow involved with, but no, it was not DFSFv3 or Mini-Missions, I was lower level there) which had passwords stored in plaintext. A few months later some crisis started in SA-MP, I was confronted by a kid through Xfire, saying that he had a password that I used.

Another thing is "censoring" log files. I'm quite sure that if your script is large enough, you want to keep track of what's going on easily. So you most likely have inbuilt debugging that you can enable prior to compiling (personally, I have more than 30 of these "toggles" in my mode). And surely, something controls the debugging of command input and MySQL queries. Hackers might stumble on something in your logs, i.e.

Code:

[17:41:55] [command] Andre(96): /register toomuchmoneyinthebankaccount
[17:41:55] [query] INSERT INTO players (name,pass,ip) VALUES ('Andre',SHA1('toomuchmoneyinthebankaccount'),'127.0.0.1')

And oops, someone might get their hands on this data. And someone willing to go this deep into finding out your passwords is most likely not a random person. So this is why passwords should not even be printed in such scenarios. I also have fallen for this once when my server averaged 200 players, though luckily the passwords of only a few players were readable.

Sometimes when joining other servers to lurk for ideas or just have fun, I use passwords that are not only funny, but I also cannot remember them in the future. So try signing up with a password like "thefuckyoulookinatbro" and try to guess the look on the bad guy's face when they see that!

Edit
Encoding and encrypting are easily reversible! Hashing is what you guys mean and what's needed.

[[MM]IKKE]

Even if passwords are encoded, someone with access to the scripting files can easily hack it. Eg implement a text reader on what you input upon logging in.

Anyways, this topic doesn't make any sense and should be closed.

[Littlehelper]

Quote:

Originally Posted by [MM]IKKE If he's really 'hacking' into other accounts, take proofs and send to team@sa-mp.com

Nothing has ever happend by doing all this.

[Diablosrouge]

Quote:

Originally Posted by MaTrIx4057 I won't discuss anything with anyone, i just warned everyone and the info comes from trusted faces so better change your password if you have registered on esl server. Who are you and why are you even posting here, do i know you? No, private.

Funny shit. How far hipocrisy can go... of course you dont know me, you've just been the Warlord of my clan (PTM) for over 4 years before being kicked by your immaturity and teaming with hackers and haters like Styla and Cam3 towards other clans such as uGp, uL and TeK, putting our name on the noise.
http://www.*******.com/playlist?list...0&feature=plcp

Certainly those 'trusted faces' as you say are really srs trusted bsns. Are these the trusted faces you're talking about? http://nw.verygames.net/index.php?PH...ge=clanmembers

@IKKE. Are you some kind of judge here? Do i need to present any evidences to you? No.
Me and our admin team are with our conscience clean and tranquile and we guarantee everyone the passwords are encrypted on registration. That still doesn't stop you from registering with a completely different password.

This topic is just another of many hundreds topics that focus on destabilizing the community(ies) with fake accusations and a big piece of theatre.
I already presented my availability, privately, in case any of the devs or beta testers want to have a check on the processes used on registration and password hashing, so this topic will lead nowhere besides flaming and hipocrisy.

And once again, if you don't trust our word, register with a different password.

[[MM]IKKE]

Quote:

Originally Posted by Littlehelper[MDZ] Nothing has ever happend by doing all this.

I know some people who got banned off it and some servers.

[K9Alex]

I don't believe in this topic since there's no solid proofs.

Kbye.

[MaTrIx4057]

Quote:

Originally Posted by K9Alex I don't believe in this topic since there's no solid proofs. Kbye.

You don't need to believe in it, it is just a warning, its up to people if they believe it or not.

I didn't create this topic for people to come and hate on me because they think this information is false.

[Ainseri]

Quote:

Originally Posted by Diablosrouge You're completely retarded thats it. 1. The passwords are encrypted. 2. ESL doesn't steal any passwords at all, it's an invention by you and your friend Cam3 / Cameron. 3. Your friend Cam3 was responsible by several account hacking so think twice before posting crap about ESL. 4. Don't compare PTM to NB or your friend Cam3, as it's completely absurd and we've never been involved in any hacking. 5. If you still feel unsafe, you can register with a different password and change it anytime with /changepass. Hope this topic gets deleted as it's a complete piece of junk from top to bottom, starting from its author. Kind Regards, Diablosrouge

Someone's a bit defensive. You suck at PR, heh. Either way, this is a pretty interesting point OP. If it's plaintext than that's pretty bad. Well, even if it's encrypted in MD5 it's still pretty bad, but if it's something secure like Whirlpool than not a big deal I guess. Still have to wonder why they felt the need to include something like this.

[Diablosrouge]

The encrypt method used is hash.