Lol yeah looking back it was kinda funny. My servers are kinda designed strangely so when I shut it all off, it takes some time to get them back running.
Honestly I knew something was kinda up before the fake messages because I kept getting spam messages from fake usernames (anon12438911 or something) but I decided not to stop it because I thought you were just changing your username or something.
The only reason I shut down the whole server in all honesty was because A) I though the admin got hacked B) I kind of got pissed by the impregnation messages lol.
In all honesty, I would've never realized the problem until your friend sent that message, because it used my username.
I feel like there are better ways you could've told me about this exploit, maybe send me a message or report it, buh ehh you can't change the past. (plus it was kinda funny)
About the fix, I had my dad (an experienced programmer since 2001) review my code and he decided that I should temporarily remove the chatting section since there are a lot of potential vulnerabilities (especially with how the sockets are written), bigger and more dangerous vulnerabilities. Also if I was to put it back I would also make sure to verify in the socket backed that the username that was sent from the user was the same user. I'll also not hold plain usernames in the db and actual user objects so you can't make fake usernames.
So yeah no beef with ya, honestly what you did was kinda funny. Just maybe next time just tell the site owner about the exploit before you use it?
Lol yeah looking back it was kinda funny. My servers are kinda designed strangely so when I shut it all off, it takes some time to get them back running.
Honestly I knew something was kinda up before the fake messages because I kept getting spam messages from fake usernames (anon12438911 or something) but I decided not to stop it because I thought you were just changing your username or something.
The only reason I shut down the whole server in all honesty was because A) I though the admin got hacked B) I kind of got pissed by the impregnation messages lol.
In all honesty, I would've never realized the problem until your friend sent that message, because it used my username.
I feel like there are better ways you could've told me about this exploit, maybe send me a message or report it, buh ehh you can't change the past. (plus it was kinda funny)
About the fix, I had my dad (an experienced programmer since 2001) review my code and he decided that I should temporarily remove the chatting section since there are a lot of potential vulnerabilities (especially with how the sockets are written), bigger and more dangerous vulnerabilities. Also if I was to put it back I would also make sure to verify in the socket backed that the username that was sent from the user was the same user. I'll also not hold plain usernames in the db and actual user objects so you can't make fake usernames.
So yeah no beef with ya, honestly what you did was kinda funny. Just maybe next time just tell the site owner about the exploit before you use it?
Good idea.