Page 1 of 1
Major problem, Please reply!
Posted: January 5th, 2012, 10:12 pm
by FinestGB
OKay story is, i was away from my pc, came back to find of the admins had logged in from my account using an external URL without having to enter my password. the command looked something like this [my IP address][port][salt]name[salt]
Can someone please tell wtf this is? and why it is soo easy for someone to log into others accounts....
Re: Major problem, Please reply!
Posted: January 6th, 2012, 8:44 am
by Hellenion
I know this is possible with the WoM wrapper client, but only when name verification is set to "never".
That latter is the key part: You have to make sure your server actually verifies the names of the people who log in. This should be enabled by default, but you can change it in the security tab.
Re: Major problem, Please reply!
Posted: January 6th, 2012, 5:58 pm
by fragmer
Some tips to keep your server safe:
- Make sure that name verification stays enabled.
- Never share the WoM Direct link that's show on startup - it contains the server salt, which secures name verification.
- If you use WoM client, never share your "mc://..." link for the server - it contains your credentials.
Re: Major problem, Please reply!
Posted: January 6th, 2012, 9:42 pm
by FinestGB
But the thing is, because i can't edit my servers appearence for some odd reason, my server isn't on the "valid" list for wom. If you untick valid log into wom, then click a server, check the direct link below you will see mc//:[ip][port]name[salt], essentially you could hack any non valid server with this, by changing the user name in the direct bar, with anyone of that server
Re: Major problem, Please reply!
Posted: January 7th, 2012, 12:44 pm
by Kevinsweijen
This is WoM side, post this in the support section of
http://www.worldofminecraft.net/ .
~Kevinsweijen