Hi Nyorai, I noticed your website also have a problem I've seen across the community, that typing in an invalid vs. valid account id displays different error messages. I used this to login to a test account on another server, and exposes account ids on your server. You may want to change that error message (I was looking at password reset, in particular).
Hi Nyorai, I noticed your website also have a problem I've seen across the community, that typing in an invalid vs. valid account id displays different error messages. I used this to login to a test account on another server, and exposes account ids on your server. You may want to change that error message (I was looking at password reset, in particular).
I've already changed most of the account-related pages in order to provide players with a message that will simply give a "Invalid Account/Something combination". However, if you think about it it's nearly impossible to don't give things away since at the register page people will need to receive a message saying the username they chosen is already taken in case it is.
Sure it can minimize the probability of someone taking an account by figuring out its id but it's not something impossible to prevent - at least that I can think of right now (I'm open to suggestions if you got one).
I've already changed most of the account-related pages in order to provide players with a message that will simply give a "Invalid Account/Something combination". However, if you think about it it's nearly impossible to don't give things away since at the register page people will need to receive a message saying the username they chosen is already taken in case it is.
Sure it can minimize the probability of someone taking an account by figuring out its id but it's not something impossible to prevent - at least that I can think of right now (I'm open to suggestions if you got one).
Right, I see you're point there. I was more thinking that registration systems were a bit more cumbersome since you have to put in more details and hopefully re-enter some if the form fails, but I suppose not. Still, thanks for looking into it.
Right, I see you're point there. I was more thinking that registration systems were a bit more cumbersome since you have to put in more details and hopefully re-enter some if the form fails, but I suppose not. Still, thanks for looking into it.
Yea, that's exactly why I changed the other pages - people could simply spam the password recovery one since all it asked you was the Account ID and captcha (it's now also asking for the registered e-mail).
Like you said, registration page has more input fields so that might keep people away from it but if they decide to do it there aren't many ideas popping in my mind about it right now - maybe I can come up with something.
Yea, that's exactly why I changed the other pages - people could simply spam the password recovery one since all it asked you was the Account ID and captcha (it's now also asking for the registered e-mail).
Like you said, registration page has more input fields so that might keep people away from it but if they decide to do it there aren't many ideas popping in my mind about it right now - maybe I can come up with something.
Nevertheless, thanks for the heads up!
Flood protection + captcha to submit the forum resulting in the error message only being displayed after those two checks are passed.
That stops people bruteforce guessing to get a list of valid usernames both because they have to solve a captcha and because they can only guess X times per minute even IF they solve a captcha.
That being said that's a fairly minor security issue when all things are said and done
Flood protection + captcha to submit the forum resulting in the error message only being displayed after those two checks are passed.
That stops people bruteforce guessing to get a list of valid usernames both because they have to solve a captcha and because they can only guess X times per minute even IF they solve a captcha.
That being said that's a fairly minor security issue when all things are said and done
Captcha really only solves fake account spam.
It doesn't stop someone from creating a million accounts.
The best way is to detect data, validate the data inserted to make sure it's not garbage and then just accept whatever. Of course there has to be a restriction per person, so they can't just keep doing it manual either, so ex. an account per IP each hour. Validate all IP's used to check up whether they're proxies etc. like scan proxy sites for IP's and make a list, check up within that list to see if the IP exist and if it does then disallow the registration. Same goes for public VPN's etc. although they're not as important since it's hard not as easy to achieve a lot of unique VPN IP addresses as it is to just get proxy IP's from a website. Perhaps create some IP range restrictions to countries that are known for spam, use spam databases to validate IP's etc.
It seems like Christmas has officially arrived to Shannara Conquer! With today's new patch we officially introduced the first Christmas quest!
As you all know Christmas is a season of love where you must show gratitude to the ones close to you and help them as you can. For this same reason, our first quest to be released is a global quest to which everyone can contribute and everyone can benefit from it!
Snowman needs to get colder or he will melt down soon so everyone must help him out by picking up Snowballs that will be dropping from all the monsters around the world. Once Snowman gathers 1,000 Snowballs he will be triggering a world event such as:
2x EXP Rate for a period of time;
Higher drop rates for a period of time;
Spawning DemonBoxes NPC for a period of time;
Spawning a world boss;
Etc =P
Guess what? The more Snowballs he gathers, the more it snows in Twin City =P
So make sure you don't miss any of this and enjoy these Christmas holidays as much as possible !
Apart of this we've also released a considerable number of minor bug fixes and started restructuring more parts of the source. A memory leak that we've had for quite a while has also been finally fixed.
Howdy dear players ! It's a great pleasure for us to announce more stuff being added on Shannara Conquer.
After the release of the dueling system at Nina NPC we have received several requests from players for a dueling system in which anyone could take place and join for a good fight with no restrictions on equipment or skills.
Therefore we now are proud to announce the release of a custom made Arena Qualifier that we're pretty confident most of you will love as it will give a new taste to the classic feeling by allowing players who have worked for their gears to actually put up a fight with them.
Currently the Arena Qualifier does not have things such as an Elo system or rankings but that's something we'll be adding in the future. We'll leave you with a video of the system itself and how amazing everything works.
We hope you enjoy this update and we'll be expecting some feedback from you so please, leave it in the comments below!
Stay tuned for more news and make sure you don't miss anything at Shannara Conquer !
I haven't updated this thread in quite some time so here are a few informations about what's going on at Shannara.
I've been mostly focused on re-designing the server structure as the base source had a terrible one as most of you already know.
These past couple weeks, I've been working on the server database and migrating it to MySQL as well as improving its security, ie, hashing passwords so they won't be saved in plain text as they were on the base source.
After reading a few opinions I've decided to go with turk55's opinion and used Bcrypt to hash the passwords as you can see here:
For now I've decided to go with simple parameterized queries but I'm planning on using a T4 template to do all the crappy hand-writting work for me (thumbs up for Angelius for letting me know about this).
Currently I would say half of the server database was already migrated to the MySQL database and everything should be working fine. We're still testing this out tho.
If you have any opinions/suggestions you'd like to share please feel free to do it. I know this post was somewhat different from the other ones as it didn't include any releases/changes that a player would notice on his/her end but I have decided to share this with the community as I'm always interested in learning from your opinions
While this server is very good, has alot of custom features and events, the new host is very good and I used to recommend Shannara to all my friends, but it's very stale pvp wise and has been so from day one, so it gets pretty boring if it's not GW or CCGW which are just once a week on Saturday and Sunday. It's mostly the community's fault and partly Nyorai's fault for not removing the arena reviver and not thinking of a way to overcome this.
In fact I don't know whose fault it is, it's something that I've seen happen also in TriumphConquer (Pro4Never's server) but never knew why it happened since that server was also pretty good and was well managed, the fact is the way Shannara works right now doesn't motivate players to compete with each other and no matter how big the population is they will realize that fact later when they're done maxing their characters.
Also don't tell me this happens to all servers, no it shouldn't Love2Hate had pvp up to the day it was shut down also Gump's server so there's something wrong here, or maybe classic Conquer in general is decaying after all.
While this server is very good, has alot of custom features and events, the new host is very good and I used to recommend Shannara to all my friends, but it's very stale pvp wise and has been so from day one, so it gets pretty boring if it's not GW or CCGW which are just once a week on Saturday and Sunday. It's mostly the community's fault and partly Nyorai's fault for not removing the arena reviver and not thinking of a way to overcome this.
In fact I don't know whose fault it is, it's something that I've seen happen also in TriumphConquer (Pro4Never's server) but never knew why it happened since that server was also pretty good and was well managed, the fact is the way Shannara works right now doesn't motivate players to compete with each other and no matter how big the population is they will realize that fact later when they're done maxing their characters.
Also don't tell me this happens to all servers, no it shouldn't Love2Hate had pvp up to the day it was shut down also Gump's server so there's something wrong here, or maybe classic Conquer in general is decaying after all.
You can't really control that. What I noticed at L2H was that players were more focused on hunting rather then PvP but after some stimulance they started to pk more.
Introducing Raw Conquer - a Hardcore 1.0 server. 03/16/2016 - CO2 PServer Archive - 42 Replies Greetings all, I have hid in the shadows for quite some time around here and I'm quite excited to be coming to fruition of a dream.
Now introducing Raw Conquer.
- Raw Conquer Private Server
Like many here, I've popped from priv server to priv server; trying to find an as close approximate as possible as I could to the "Hay-Day" of CO. (For many).
What we have done is take a solid 5017 base and reverse-engineered 1.0 by re-introducing 1.0 resources and while it's not 100% it's a...
Hello! Introducing my self. 04/22/2014 - Say Hello - 7 Replies Hello Elitepvpers! :eek:
I am in my last year of high school, about 17 years old :mofo: ... I love programming and I already started learning C++ and now I kinda know how to make big programs.
:mofo:
Just introducing... 09/30/2011 - Say Hello - 1 Replies just dropping here to say hi.. :) i am new here and its good to be here.. by the way, this is Frances from New York, a consultant in a postcard mailing (no minimum postcards).. :)
Conquer Online Class and Reborn Introducing 08/21/2010 - CO2 Guides & Templates - 1 Replies Okay I was bored at school and thought I would make a guide for Conquer Online.
What should the guide include was what I thought, hmm.
As I couldn't get on anything, then I thought I would make a guide for all things in Conquer.
I hope this will be useful for all :)
Goodluck
First what is Conquer Online?
Conquer Online is a MMORPG (Massively Multiplayer Online Role Playing Game).
Is based on 3d models, but with 2d gameplay, it got a unique style of gameplaying, wich is not seen much...
im introducing myselF~~ 12/01/2008 - Say Hello - 2 Replies hi there guyz and gUrlz!! Im bhruxts but u can call me BRUTUS if u like. hehe..
Im 22 and im from Lucena city, quezon, philippines.... thats all FoLkZz!~,~
