Quote from Scawen :Just so you know, I'm trying to do something about this.

I've been trying to figure out what's actually happening, how the unwelcome guest can bypass all the security checks.

But it's complicated and I have still not discovered how it can happen. I have some ideas that may detect the situation and hopefully kick the guest. Also I should improve some logging to try to narrow the search.

If Anakin Skywalker would like to help out by explaining the exploit, we'd be pleased to hear from him.

Thanks for trying to work this out Scawen, also nice to hear from you.
Quote from Scawen :Just so you know, I'm trying to do something about this.

Excellent. Thanks for your reply, much appreciated really. And good luck
Send him love roses Rocky. :bananalla
Quote from N I K I :Send him love roses Rocky. :bananalla

If someone can give me his address, I'd even attach a love letter.
If anyone has a replay that includes him connecting to the host, I'd like to see it.

It's possible there could be a clue if I inspect the replay in the debugger (or maybe not).

Up to now I've only seen a replay that started when he was already connected.
Lets hope it does not turn out to a Phlos VS LFS situation again
"Oops, you need to be logged in first to access this page"

Is the replay too big to be uploaded by a forum post alone?
Would probally save him some botter to just be able to download the file directly
Worked for me so it should do so for Scawen too.
But 1.6mb is the size, should also be doable in a attachment in a post
Just saying, don't murder me haha!
Hacker
Scawen

I have the server logs and airio logs of one of these hackers connecting to Redline Racing server 1.

I have already sent them to Victor but I can post them to you as well if they are of any help?
Quote from the very end :worked for me so it should do so for scawen too.
But 1.6mb is the size, should also be doable in a attachment in a post

Quote from speedy j :(i am a noob)

:d
Quote from Speedy J :Hmm does that link work Scawen? (I am a noob)

Thanks, I got it. For some reason it didn't work if I clicked on it, but it did work when I copied the link and pasted it into a new browser tab.

Quote from JackSun :Scawen

I have the server logs and airio logs of one of these hackers connecting to Redline Racing server 1.

I have already sent them to Victor but I can post them to you as well if they are of any help?

Thank you but I am confused enough already looking at logs and packets and code. I think I have enough info at least for a first test.

My plan would be to upload a host with some modifications, that would hopefully stop the young Jedi connecting in exactly the same way as he does now. Though as the bug is not understood, it would not surprise me if he got in again. Anyway by then maybe we'd have some more info.

<?php 
while(jedi) {
   
force--
}
?>

Scawen I've sent you mail to EMAIL (hope this is correct mail), also about some other security issues, can you please check it and reply.

EDIT :
Please, never post anyone's email address on a website. It can be picked up by bots and used for spam.
If you want to write to us, please use the system on our website. I don't want more mail than I already get.
Quote from Scawen :
Up to now I've only seen a replay that started when he was already connected.

Ehrm thats weird because I send a network TCP pcap log over a week ago to Victor and a replay when he connects?

Quote from Speedy J :
So the server will be offline soon again probably.

As long as Vodafone keeps doing their job I'm always around
Oh, I've been analysing that log but Victor must have forgotten to send the MPR.
Quote from Scawen :If Anakin Skywalker would like to help out by explaining the exploit, we'd be pleased to hear from him.

I will teach you the dark side of the force when you gonna release S3. So, probably in 2030, 2040 ... or even 2050 ?
Quote from AnakinSkywalker :I will teach you the dark side of the force when you gonna release S3. So, probably in 2030, 2040 ... or even 2050 ?

Depends on you now, the more you help, the closer it is.
Quote from AnakinSkywalker :
Quote from Scawen :If Anakin Skywalker would like to help out by explaining the exploit, we'd be pleased to hear from him.

I will teach you the dark side of the force when you gonna release S3. So, probably in 2030, 2040 ... or even 2050 ?

Legend, someone signature this.
Quote from AnakinSkywalker :I will teach you the dark side of the force when you gonna release S3. So, probably in 2030, 2040 ... or even 2050 ?

You only delay things further now that Scawen has to focus on figuring out this exploit.
Quote from Skagen :You only delay things further now that Scawen has to focus on figuring out this exploit.

As the Scirocco delay is already beyond ridiculous there is no need to worry about this little brain teaser imho...

btw. Scawen, what's the correct, official date for the 10th LFS anniversary then?
Quote from Scawen :blah blah blah

Could u at-least squeeze a word in about s3 in one of ur posts....

tink i speak for every1
Quote from USRacer :Could u at-least squeeze a word in about s3 in one of ur posts....

tink i speak for every1

Your thinking sucks obviously, coz you are not thinking for me.

Please keep this thread ontopic, thanks.
This thread is closed

FGED GREDG RDFGDR GSFDG