Security Breach -Biggest in Trem History?

[Rawr]

As of Feb. 14, 2007 i've been informed that a Server Operator by the name of Pol (the one who controls the S11 Info server) has been !setleveling certain players with GUID's to gain access to their servers using their own GUID's. Because I was setleveled on his server, my GUID has been compromised and i've had no choice but to !setlevel myself to 0 for the time being. Servers across Tremulous have been attacked due to compromised GUID's of admins and operators. If you've been setleveled on his server then let me know immediately. I'll come back with more details soon to follow.

Pol has been stealing GUID's from who ever goes onto his server. My suggestion to you, Change your RCON, get a new GUID.

Note: The Dev's have been informed of this.

[Smokey]

As of Feb. 14, 2007 i've been informed that a Server Operator by the name of Pol (the one who controls the S11 Info server) has been !setleveling certain players with GUID's to gain access to their servers using their own GUID's. Because I was setleveled on his server, my GUID has been compromised and i've had no choice but to !setlevel myself to 0 for the time being. Servers across Tremulous have been attacked due to compromised GUID's of admins and operators. If you've been setleveled on his server then let me know immediately. I'll come back with more details soon to follow.

Pol has been stealing GUID's from who ever goes onto his server. My suggestion to you, Change your RCON, get a new GUID.

Note: The Dev's have been informed of this.

He can't get your rcon password just by knowing your guid, and this is not at all new. Popupman has been known to do it for a while.

[vcxzet]

lol
and I thought I was evil

[-:GoDz:-Devil]

LOL he setlevel me, but I change my GUID ID daily, so I have np with it, and also, I am working on something that will change my guid I everytime I start trem and keep logs of all the guid's I use. I will keep you updated.

[Smokey]

LOL he setlevel me, but I change my GUID ID daily, so I have np with it, and also, I am working on something that will change my guid I everytime I start trem and keep logs of all the guid's I use. I will keep you updated.

Well, isn't that just pointless.

[vcxzet]

LOL he setlevel me, but I change my GUID ID daily, so I have np with it, and also, I am working on something that will change my guid I everytime I start trem and keep logs of all the guid's I use. I will keep you updated.

Well, isn't that just pointless.

pointless as hell
looks like he is not admin anywhere

yesterday was one of my better days
ip spoofing and guid take over

you should be thankful to polly This guid thing was known before but tjw didnt care till polly exploited it like crazy. then tjw fixed it . ie guid per server solution. and tjw also released the new binaries for using this

ip spoofing was something I was using( and I thought it did not work ). Untill polly told me it is actually working. Then he reported to r1ch -> tjw fixed

actually he is useful to community. highly flamable though

[David]

Was he using his server S11 to get the GUIDs?
If so it should be permanently de-listed.
Just ban is IP from the master server. That'll teach him.

[-:GoDz:-Devil]

LOL he setlevel me, but I change my GUID ID daily, so I have np with it, and also, I am working on something that will change my guid I everytime I start trem and keep logs of all the guid's I use. I will keep you updated.

Well, isn't that just pointless.

Na its not pointless, if you understood what I was doing you would get it.

[David]

LOL he setlevel me, but I change my GUID ID daily, so I have np with it, and also, I am working on something that will change my guid I everytime I start trem and keep logs of all the guid's I use. I will keep you updated.

I was going to do that, but then TJW fixed it, so problem solved!

[FooBar]

Just out of curiosity, why does the website for Pol's server (s11.info) redirect to (or at least display a copy of) tremulous.tjw.org?  That seems a little odd.

[vcxzet]

Just out of curiosity, why does the website for Pol's server (s11.info) redirect to (or at least display a copy of) tremulous.tjw.org?  That seems a little odd.

he is using tjw's stats php

[DieFamilyGuy]

As of Feb. 14, 2007 i've been informed that a Server Operator by the name of Pol (the one who controls the S11 Info server) has been !setleveling certain players with GUID's to gain access to their servers using their own GUID's. Because I was setleveled on his server, my GUID has been compromised and i've had no choice but to !setlevel myself to 0 for the time being. Servers across Tremulous have been attacked due to compromised GUID's of admins and operators. If you've been setleveled on his server then let me know immediately. I'll come back with more details soon to follow.

Pol has been stealing GUID's from who ever goes onto his server. My suggestion to you, Change your RCON, get a new GUID.

Note: The Dev's have been informed of this.

pol....hmm i recognize that name....yeah he used to come on beer garden, knew something was fishy about him

[Stof]

Don't worry about RCON, they cannot be directly compromised like that. No need to be (more) paranoïd than required.

Although the RCON password might be compromised if you gave it away to a hacker you though was a friend because he was using your friend GUID.

[TinMan]

For those of you who need a new GUID, go into your tremulous/base/ and delete your QKEY file, the next time you play tremulous a new one will be generated and you will then have a new GUID.

[Caveman]

If Pol(ly) knew his stuff then he also has the passwords for priv-slots if the player did not unset it when they did not need it ...

[Caveman]

ok

[pollywannacrkr]

stop that

o dam caveman ur hired.

[Caveman]

Allways cite the source

[FooBar]

Not that I have any affection for Pol at all, but I want to be the first to suggest that the moderators take down this information.  This kind of harassment is not acceptable.

[Stof]

Oh, was that harassement? It looked like spam so I kinda deleted it on sight :p

Don't go posting other users personal info here!

[Caveman]

Information, freely available on Google, can't be harassment .) but if it's not wanted.... ok

[FooBar]

Well, maybe not harassment, but perhaps it's incitement to harassment.  

[vcxzet]

Oh, was that harassement? It looked like spam so I kinda deleted it on sight :p

Don't go posting other users personal info here!

we should all stay as Unfunny Anonymous Cowards
as stated in Interwebs rule number 2

[Stof]

Oh, was that harassement? It looked like spam so I kinda deleted it on sight :p

Don't go posting other users personal info here!

we should all stay as Unfunny Anonymous Cowards
as stated in Interwebs rule number 2

Do you mean that you are "pollywannacrkr"?

Btw, that account is posting from http://hidemyass.com/ and I sure bet it has been created specialy for those posts.

[khalsa]

While I am opposed to the posting of polly's personal info here, I dont think ANYONE is going to feel sorry for you at this point.

Screw around with a tight-knit community - what do you think is going to happen? Especially when you have your whole life on google.

Pol: if your reading this i'd strongly suggest you stop whatever it is you're doing and apologize to those you've hurt. You may not realize, but people on the internet are crazy, and may do something "unfixable" to you.

A simple disagreement or misunderstanding (or ban for spamming) should not be grounds to permanently hurt someone.

Now basically everyone has your e-mail(s) so i'd simply suggest that if you have a problem wih you, to e-mail you or contact you otherwise to discuss these matters.

Lastly: I Strongly suggest that NO ONE go to the S11 server until everything is resolved, if even that.

Khalsa

[CU|CUdyin]

IMO, every person who is farming full GUIDs is even worse than every deconner, so he/she/it should get banned from the master-server, if the whole thing can be proved.

Nevertheless, I've been once on S11, so I already changed my GUID (at least temporary).

[Pol]

Noob Thread -Biggest in Trem History?

NOPE! GUESS WHAT, I AM!

[gareth]

Noob Thread -Biggest in Trem History?

It is now.

[FooBar]

Hey, Pol-- wondering when or whether you'd drop in here.

I'm curious, I'd like to know your side of the story.  I've seen a good amount of evidence from the other side suggesting that you basically took over another server by means of a stolen GUID.  I'm just wondering if you have another side to present: was it not you?  Was it someone totally different and you're the scapegoat?  Was it someone else with your IP or your computer?  Or have your actions been misrepresented?

Or did you do exactly what you were accused of, but for a legitimate reason?  I can't imagine a legitimate reason, but if you think you've got one I'd love to hear it.

Rather than throwing around bootless insults, why don't you enlighten us with your side of the story?

[Pol]

My side of the story?

Basically, it's fully expressed in my last post.

If you want more than that:

My side of the story is that it wouldn't really matter if I say it was me, not me, you, raWr, or anybody else.  Who would ever know with 100% certainty ?

I'm the S11.Info operator.  I maintain this server for the entertainment of myself, and the individuals who choose to play there.

I am not rapt in acting maliciously against any of my server's guests, or those of another server, or other server admins.

Tremulous's current GUID / ip userinfo system is obviously flawed.  Even tjw's latest 'new guid per server' hack is hardly worthy of the effort.  It needs a complete re haul, so I'd suggest to however's pissy at me for whatever reason would best to redirect their angst at someone like tjw, timbo, or careless server operators/admins.

By the way, pumpkin seeds are apparently good for the prostate.