Urgent Rc Bug!!!

TribulationStaff · #1 07-24-2003, 04:50 AM

A nonstaff was able to log into our RC

New RC: KuJi *Manager* (Admin-Playerworld15)
KuJi *Manager*: O.o
KuJi *Manager*: Wts
KuJi *Manager*: Hi?
Giltwist (GM): hat the?
Giltwist (GM): Who the heck are you?
TribulationStaff loaded the rights of Admin-Playerworld15
Giltwist (GM): you aren't on the staff list
KuJi *Manager*: wts
KuJi *Manager*: I just logged on
KuJi *Manager*: Wow this is wierd
Madmartigan: wtf
KuJi *Manager*: Donno
Giltwist (GM): ill solve this
Madmartigan: what admin are you using?
Madmartigan: what number?
Welcome to the NPC-Server for playerworld1
New NC: TribulationStaff
New NC: Admin-Playerworld1
NC disconnected: TribulationStaff
TribulationStaff disconnects Admin-Playerworld15
RC disconnected: Admin-Playerworld15
Madmartigan: I wonder if it has something to do with him having an Admin-Playerworld15 and mine being a 1

draygin · #2 07-24-2003, 05:06 AM

Yes very annoying thankfully this bug didnt also include rights with it. As of now I've added an ip range of 0 to all the admin RC's so none of them except mine Admin-Playerworld1 can log on to the server. But I definatly think this needs fixed pronto.

Skyld · #3 07-24-2003, 03:56 PM

I think I know the problem.
If you have the rights to get into staff accounts and edit the account, one of the fields is adminworlds.
If that's set to all, I think it automatically overrides serveroptions checks.
I dont know, it just could be.

Spark910 · #4 07-24-2003, 04:58 PM

Quote:

Originally posted by Skyld
I think I know the problem.
If you have the rights to get into staff accounts and edit the account, one of the fields is adminworlds.
If that's set to all, I think it automatically overrides serveroptions checks.
I dont know, it just could be.

hmm I think all PW-Admin accounts can log onto all RCs. Of all PW servers paid for. I suspected this a while back, I didnt say anything as well they wouldnt have rights, and I had no proof, and it was possibly me being stupid.

draygin · #5 07-24-2003, 09:19 PM

No, thats not it spark because I cant log on to other servers. (I tried just to see)

What I think is there is some sort of security check to see if they can log on to the server with out being on the staff list. Example my server the check is Admin-Playerworld1 but it doesnt stop at the 1 so any one with anything after 1 example Admin-Playerworld15 Admin-Playerworld11 can log on to server number 1 because it matches the security check. Just my theory any how. Either way no problem on server one since we set ip ranges on all admin RC's to 0.0.0.0

Python523 · #6 07-24-2003, 09:31 PM

Quote:

Originally posted by Skyld
I think I know the problem.
If you have the rights to get into staff accounts and edit the account, one of the fields is adminworlds.
If that's set to all, I think it automatically overrides serveroptions checks.
I dont know, it just could be.

Obviously not, then they would be able to give themselves a better adminlevel

The problems is that all the admin world has to do is contain the gserver's name, example:
my debug account, Jagen, has adminworld as graal2002d,sdev, and it can log on 2k2 rc, since it contains 'graal2002' as adminworld

draygin · #7 07-24-2003, 10:15 PM

Quote:

Originally posted by Python523

Obviously not, then they would be able to give themselves a better adminlevel

The problems is that all the admin world has to do is contain the gserver's name, example:
my debug account, Jagen, has adminworld as graal2002d,sdev, and it can log on 2k2 rc, since it contains 'graal2002' as adminworld

So I was right.

Stefan really needs to fix that. :o Talk about a major snafu I dont want just any idiot being able to log onto my server because of a glitch and if in an off chance we ever get to the hundreds thats going to be an annoying hassle as I'll have to set IP ranges on over a hundred RC's..