Question Tlopo security

Punkin Pie said:
Do you have the feeling that some people are just waiting to test the boundaries? After all, a true pirate pushes the limits. :Christmaspirate:
Click to expand...
I not only have such feelings...I think it's safe to say that such boundary-testing is expected to occur given the way things haven't quite changed since POTCO was shuttered.

It all goes back to the freedom people feel they are entitled to, viewing the internet as an excuse to carry forth their "fun." Because of this, there should be no lack of VIGILANTES whom seek to hold such individuals accountable - always.
 
daedaex said:
so u hav pr0 kek c0de obfuscation tool protect code from haxx0rs amirite yeeeeeee
Click to expand...
The Legend of Pirates Online's servers and client has numerous forms of security added into it. One of which, on the client, is bytecode obfuscation. We have never had a security vulnerability discovered (to my knowledge) on the game's runtime in the history of our game. (We do not count DDoS as a security vulnerability).
 
Mike Wass said:
The Legend of Pirates Online's servers and client has numerous forms of security added into it. One of which, on the client, is bytecode obfuscation. We have never had a security vulnerability discovered (to my knowledge) on the game's runtime in the history of our game. (We do not count DDoS as a security vulnerability).
Click to expand...
Nice i don't want to have hackers ruining the fun :(
 
Mike Wass said:
The Legend of Pirates Online's servers and client has numerous forms of security added into it. One of which, on the client, is bytecode obfuscation. We have never had a security vulnerability discovered (to my knowledge) on the game's runtime in the history of our game.
Click to expand...
That's awesome, good to hear!

Also just wondering, Will there be any policy in place as far as malicious acts are concerned? If there is a "no tolerance" policy then it could deter anyone from doing malicious acts, if they knew their IP address wouldn't be allowed to log in again, ever. I think it would be extreme, but more effective than a 'Ban' which some people brag about, lol.
 
Punkin Pie said:
Also just wondering, Will there be any policy in place as far as malicious acts are concerned? If there is a "no tolerance" policy then it could deter anyone from doing malicious acts, if they knew their IP address wouldn't be allowed to log in again, ever. I think it would be extreme, but more effective than a 'Ban' which some people brag about, lol.
Click to expand...
This is pretty much already taken care of in our Terms of Service. If a person violates the terms, we will hand out a 1 day ban. That may increase to 3 days depending upon the severity of the offense. If repeated offenses occur, then the ban length will increase incrementally. If the user chooses to disregard these warnings and continues to disbehave, then the team will discuss a permanent ban.

In short, our rules will be enforced. This was one of the areas that Disney was weak in, so we plan to change that.
 
Cheysa Finn said:
This is pretty much already taken care of in our Terms of Service. If a person violates the terms, we will hand out a 1 day ban. That may increase to 3 days depending upon the severity of the offense. If repeated offenses occur, then the ban length will increase incrementally. If the user chooses to disregard these warnings and continues to disbehave, then the team will discuss a permanent ban.

In short, our rules will be enforced. This was one of the areas that Disney was weak in, so we plan to change that.
Click to expand...
What do you plan to do if someone is connected through a proxy server when you "ip ban" them? And do your servers nullify malformed packets, or do they crash liek rip?
 
daedaex said:
What do you plan to do if someone is connected through a proxy server when you "ip ban" them? And do your servers nullify malformed packets, or do they crash liek rip?
Click to expand...
Better question yet, what would you do if you were running TLOPO? - Have any suggestions? Let's hear them.
 
Mike Wass said:
The Legend of Pirates Online's servers and client has numerous forms of security added into it. One of which, on the client, is bytecode obfuscation. We have never had a security vulnerability discovered (to my knowledge) on the game's runtime in the history of our game. (We do not count DDoS as a security vulnerability).
Click to expand...
But what if your astron servers were hit with some faulty / malicious packetz? liek how would the server interpret that. did you guys add something to handle those type of things????
 
Divulging details about one's security setup is a good way to invite malicious intent because it reveals what aspects are protected and what aspects may have weaknesses. For this reason we aren't going to reveal any specific details about our setup. Think about if a bank told everyone that the safe was only protected by a laser grid. A thief would now know that's the only thing he has to bypass and then he's home free.

We all know the security issues that Disney had and how they were exploited. No security system is perfect, but you can be confident that we will keep TLOPO as safe as possible. If a weakness is exposed, we will fix it immediately.
 
Cheysa Finn said:
Divulging details about one's security setup is a good way to invite malicious intent because it reveals what aspects are protected and what aspects may have weaknesses. For this reason we aren't going to reveal any specific details about our setup. Think about if a bank told everyone that the safe was only protected by a laser grid. A thief would now know that's the only thing he has to bypass and then he's home free.

We all know the security issues that Disney had and how they were exploited. No security system is perfect, but you can be confident that we will keep TLOPO as safe as possible. If a weakness is exposed, we will fix it immediately.
Click to expand...
I don't know whom to tag here (@John Foulroberts or @Johnny Sea Slasher) but I think it's important for TLOPO to have some sort of stated rule explicitly written, if it's not there already, within TLOPO's terms of use of the consequences which do happen if a player is found (both in-game and out-game) to be showing an interest/showing intent towards trying to hack or modify TLOPO game-play.

That was the problem with POTCO and the problem itself led far and wide beyond in-game play as everyone and their dog were interested to grab the most "latest" coding modifications from distributors on social-media such as youtube, on pastebin.com, on mediafire.com, etc. *I too think it's important to have one or two individuals enlisted within the TLOPO staff dedicated towards this purpose regardless of how confident TLOPO feels it's own security remains - as time goes along.

*Here's my point; when past "Revive POTCO" events couldn't even be carried forth without experiencing disruption due to the modification of POTCO's code, surely the problem itself needs to be addressed beyond the normal scope and confidence of things! ;)
 
Last edited by a moderator:
Shamus The Brute said:
I don't know whom to tag here (@John Foulroberts or @Johnny Sea Slasher) but I think it's important for TLOPO to have some sort of stated rule explicitly written, if it's not there already, within TLOPO's terms of use of the consequences which do happen if a player is found (both in-game and out-game) to be showing an interest/showing intent towards trying to hack or modify TLOPO game-play.
Click to expand...
We actually do have this sort of thing addressed in our Terms of Service.

4ff9797a34dde5eeeaf2c98bce3cdb76.png


https://tlopo.com/help/terms/
 
You must log in or register to reply here.
Back
Top