Server Rules

smoochy boys on tour
Status
Not open for further replies.

Sanjian

Just a Mir2 Fan
VIP
Apr 28, 2011
3,957
5
2,074
350
East Sussex
The server rules will be simple but enforced.

1. I will not tolerate prejudiced and/or hateful comments such as racism, homophobia, sexism, misogyny or other forms of hate-speech in local chat, shouts or global shouts.
Guild Chat, Group Chat and Private Chat will not be monitored or actioned. You can block players, leave groups and leave guilds. If a player reports the use of the above i will deal with it, if its not reported i will not be scanning chatlogs.

2. Consistant Grief play (specifically targeting an induvidual contunialy for a prolonged period of time [Days]) will not be allowed.
- 2a. using CTRL+F4 to disconnect you while BROWN is considered GRIEF. Video evidence required to act upon it.

3. Impersonating a GM or person of authority within the server is not permitted. I will never ask for your username/password. I already know it.

4. Door Blocking is not permitted and will require VIDEO evidence to be dealt with effectivly.

Breaking any of the rules above will see the guilty party/s warned, further continuation of the same offence will see the party/s banned for a week. A third offence of the same nature will see the party/s Account Perminantly Banned.

5. Altering the Client on a live Server to bypass the the client check on the server and using that altered client to gain an advantage or disrupt the server will see your account perminantly banned.

6. The use of macros for gaining a clear advantage over others, such as automated scripts/macros for playing the game meant to be played by a human is strictly forbidden.
If caught you will not be partial to the 3 strike rule, your account will instantly be banned.

There are a few things in place that I can check for breaking rules 5 and 6. If found i will pass this information onto the admins of LOMCN with evidence of hacking/cheating.

By playing the server you automatically agree to these rules and by playing the server you also agree that you have read them.
 
Last edited:
  • Like
Reactions: Chriz and deano13

Alecs

SPQR
VIP
Jan 10, 2009
3,309
3
1,191
380
Europa
It blows my mind to see there's no mir server around that hashes user passwords. Come on, guys, it's not 1990. You have functions that do the job for you, even if it's a md5 hash with a simple salt.
 
  • Like
Reactions: Sanjian and Chriz

Sanjian

Just a Mir2 Fan
VIP
Apr 28, 2011
3,957
5
2,074
350
East Sussex
It blows my mind to see there's no mir server around that hashes user passwords. Come on, guys, it's not 1990. You have functions that do the job for you, even if it's a md5 hash with a simple salt.
if i knew how to do it, i would have.
 

Bountyhunter

LOMCN Veteran
Veteran
Apr 20, 2003
318
49
124
That's why I use a random password and store it in a .txt file in the server directory
 

thedeath

LOMCN Developer
Developer
Mar 26, 2003
1,339
89
294
It blows my mind to see there's no mir server around that hashes user passwords. Come on, guys, it's not 1990. You have functions that do the job for you, even if it's a md5 hash with a simple salt.
what's the point? (from a server owners point of view)i code the server, if i want your password i can just adjust the code to give it to me (when you create your account)
while i agree that it would secure the pass from being captured on your network / prevent it being abused if someone gets direct acces to the servers hdd.
in those cases
- whoever is on your network can just aswell 'adjust' your client exe to send them your pass on login
- whoever has direct hdd acces on server can adjust the autopatcher to send everyone a custom client etc

it helps> but it's not really remotely safe, so adding it just makes ppl get a false sense of safety (better to make them feel insecure and use it to convince them not to reuse passwords)
 

Alecs

SPQR
VIP
Jan 10, 2009
3,309
3
1,191
380
Europa
what's the point? (from a server owners point of view)i code the server, if i want your password i can just adjust the code to give it to me (when you create your account)
while i agree that it would secure the pass from being captured on your network / prevent it being abused if someone gets direct acces to the servers hdd.
in those cases
- whoever is on your network can just aswell 'adjust' your client exe to send them your pass on login
- whoever has direct hdd acces on server can adjust the autopatcher to send everyone a custom client etc

it helps> but it's not really remotely safe, so adding it just makes ppl get a false sense of safety (better to make them feel insecure and use it to convince them not to reuse passwords)

Well, if you have the source code you can always change it to see the passwords but it's a good practice nevertheless. If a leak ocurrs, at least you know your users are going to be safe in case they use the same credentials everywhere which is very common.

if i knew how to do it, i would have.

It's pretty easy.

When they register hash they password use something like this but adding a secret string to the password. Let's say the password is 123456 and your salt is "euroreborn" (salt could be unique to any user by storing it in the db) so you would hash 123456euroreborn into ba43944c13eab74a0fae9ce9636dd549.

The value stored in the user password field would be ba43944c13eab74a0fae9ce9636dd549. So there's no way for anyone to know what their real password was (not true actually, md5 is not secure and other hashing methods should be used but I'm using this for the sake of simplicity).

When they log in, you take their input password, add your salt, hash it and then check it against the store value.

I hope I've been clear enough..because I just drank a full bottle of wine so...
 

Sanjian

Just a Mir2 Fan
VIP
Apr 28, 2011
3,957
5
2,074
350
East Sussex
i was with you upto It's pretty easy.....
Post automatically merged:

at the end of the day, almost all crystal servers dont protect the users password except a select few of them, the cash cow ones certainly dont.

i havent spent a long time designing the server i would enjoy playing just to steal someones password in the hope its used on a different server that i dont play anyway.

i also warn players not to use similar passwords on the account creation screen but from what ive seen today 90% of players dont read anything lol, so this servers going to really annoy alot of poeple ^^
 

Alecs

SPQR
VIP
Jan 10, 2009
3,309
3
1,191
380
Europa
Here we have a reason why password should be secured.

If a leak happens and you store password as plain text your users are screwed.
 
  • Like
Reactions: zedina
Status
Not open for further replies.