The online racing simulator
Searching in All forums
(497 results)
Victor
Developer
Closed thread because it serves no (further) purpose.
Victor
Developer
Cargame is offline due to continued attacks on his host.
For more information see http://www.cargame.nl/forum/ta ... ervers-offline-t6194.html

I've removed the contents of this thread, because there was hardly anything constructive.
Also, LFS cannot help you protect your host. A bandwith flood is something that can happen to anyone and is software agnostic. The proper way to handle this I think is to contact your ISP who may be willing and able to help you more. After all attacks may have a negative impact on their network as well so there is incentive for them to help you.

As for evidence gathering regarding attacks, you should log as much (network) information as possible, if you are capable of doing so. That way you can gain more information about the attack, like the kind of attack (there are many different types, from not-so-intelligent attacks that send the attacker's IP address, to more advanced ones that hide their originating IP). But knowing more is always better and logs that contain such information are more useful than anything that was posted in this thread because they contain the facts and can be analysed.

This is an unfortunate period for us LFS'ers. Someone or some people find it funny to disrupt our services, including your hosts. And I do not know why. If we have hurt someone in any way, why not tell us? Because these attacks are not going to solve anything.
Victor
Developer
Removed the junk from this thread which as you can see is everything but the first two posts.
I've also closed this thread due to lack of effort from the OP.
Victor
Developer
This sounds more like a problem that needs to be worked out person to person and not something for public discussion on forums.
I'll close this thread.
Victor
Developer
hmm, bugger.
Thanks for the spr - I've maunally uploaded it and generated the raf file.
Victor
Developer
hmm as far as I knew, this should work as described here https://www.lfsforum.net/showt ... p;highlight=skin+updating

But now I'm not sure if LFS checked the skin's timestamp on the webserver, or the LFS client. I think it should be the latter.
You load the new skin on your car in the game, the host is told that you use that skin with XXX timestamp and passes that on to the clients who check the new timestamp with the one on their drive. If newer, re-download the skin.

Or something like that.
So if that doesn't work, then it should be classified as a bug.
Last edited by Victor, .
Victor
Developer
Quote from THE WIZARD DK :oh i didnt notice that , maybe because of the many double names :/ didnt quite make sense to me. but good to know..

And to the racers in here.. Seriously.. you mingle around and most of you attack eachother aswell.. get a freakin hold of yourselves .. its getting old. Trolling on cruisers doesnt really get you anywhere. trolling your own community, just seems VERY UNprofesional to me. youre all youngsters with alot to say.. thats fine. but seriously at least TRY to act in a normal mature fashion.

Could not have said it better.

Quote from PoVo :One of the most serious LFS cruise servers

Maybe that's the problem, you all sound way too serious.

Quote from H0rnn :Lmao your fat ass opinion is still unwanted here, go eat your mcdonalds big boy.

Remember what I said on irc the other day about you being childish?
If you ever want my help, don't talk like that.

----

<generic>

Let the bickering stop here. The next one to even so much hint at an insult gets the red card.
If you really feel the need to continue, take it elsewhere.
It's not that you cannot discuss disputes on this forum, but the way its done is not acceptable. It's ridiculous even and makes everyone look like a clown, not to mention bring down the overall tone on this forum.
Victor
Developer
Quote from NotAnIllusion :OT: LFSW was also not responding to /w and /ws commands yesterday evening.

Thanks for the report.
When those commands did not work, did you at least see PB messages on time and not delayed and then bursted like now?
Victor
Developer
As you mention mixed content and DNSSEC in one sentence, I must ask how do they relate?
I've never understood DNSSEC (although I've never took the time to understand it properly).

The mixed content is a concern yeah. In ie8 (higher ie's as well? don't know) you get a whole popup warning, which annoying. And it's not _really_ secure anymore then (although afaik not less secure than no ssl).

The certificate is 12 pounds or so. Hardly a burdon!
Victor
Developer
yeah i fixed it after his post
Victor
Developer
works again
Victor
Developer
You can also drag and drop skins onto the skins window now, to upload them. There is no limit on the number of skins you can upload with drag and drop in one go (apart from your skin-slots limit of course).
Victor
Developer
Well there are some downsides. It can also give a false sense of security. There will be mixed content (when people link to external non https sites) and potentially malicious external sites can still access your browser's contents. Of course that is a plain http problem as well, but people may think that because they load a https site, it's all safe. Then again, I don't think that's a big problem here. Making things https only certainly wouldn't add to that problem, so yeah I think I'll make the switch then.
Victor
Developer
meh ok i see. I was wrong about the cookies only caring about the domain.
Euhmm... this is an easy fix. I can make the cookies be valid on both http and https. But I see the point in https-only cookies. But then I should indeed force https on all requests.
Thinking for a bit .. over dinner ..
Victor
Developer
wow ok I can actually replicate this on chrome.
well, that warrants a closer look.
Victor
Developer
That sounds like a shortcoming in your browser. Cookies should not care about http or https (not 100% true, but for this purpose it is). The domain is all that matters.
So if your browser logs you in for https://www.lfsforum.net but not for http://www.lfsforum.net then that is a bug in your browser.
Can you try that on http://www.lfs.net and https://www.lfs.net ?

PS I am actually considering forcing https on the forums. As a start, you'll get https links in forum update emails from now on.
Victor
Developer
raight.
The site was always redirecting via php from lfsforum.net to www.lfsforum.net . I guess that is related. I've now made the webserver redirect instead which I think should help in cases like these.
Victor
Developer
Quote from Nadeo4441 :Ok, I got it. Vic, you might be surprised

So, a couple of months ago, I changed my password from a OLD one to a NEW one. When I try to log in on the forum with the NEW one, It logs me in but the weird cookies get issued. So I got an idea and logged in with my OLD password, and I got a message that the password is incorrect and I have 5 tries left. The strange thing is that I got logged in anyway. I think this might be a bug

btw, my cookies are now set to expire at 2014

//edit: I changed my password through lfs.net

that .. is very strange. I really don't see how a new AND old password can log you in. Maybe those cookies were messed up a bit and were finally reset when the password value changed. And they were not removed properly before .. but then how would you be logged out .. erh, weird.
At least I'm pretty damn sure noone can 'just login'.
Victor
Developer
oh sure, 7 days is kinda conservative indeed, for an innocent cookie like this. Changed to 365 days now.
Victor
Developer
sure. ask away.
I read every (new) thread in this section btw.
Victor
Developer
actually if you don't check the box, the bbpassword cookie shouldn't exist (which is the point of the remember me box, to not store the password in a cookie if you don't want that).

But yeah, strange expiration date. At least that explains why those cookies are removed after closing the browser. But of course the new questions is, why the faulty expiration date? hummm no idea atm.
Victor
Developer
When you log in, you do keep the 'Remember Me?' option checked?
You can check that these cookies actually exist after logging in, by finding the bbuserid and bbpassword cookies for lfsforum.net . Check their expiration date.
FGED GREDG RDFGDR GSFDG