Two issues fixed on 9BitMMO. First, sometimes the game would crash in certain areas due to underground objects. Second, sometimes transparent objects had a box around them. Both are now fixed.
Upgraded Password Hashing
Following up on some of the planned security improvements I discussed earlier, the backend now uses a new, more secure password hashing system (Blowfish with random salt).
In order to upgrade your account password hash, simply login normally to the website or in-game (anywhere you normally type your username & password). If you normally use Steam auto-login, you’ll want to login via the website one time in order for your password hash to be upgraded to the new format.
Both 8BitMMO and 9BitMMO have been updated to support the new system.
As always, please let me know if you spot any new bugs as a result of this change.
Possible Exploit & Database Rollback
At around 5AM last night, I detected an attempted attack on the server database. Looking into this issue, I found a potential exploit that may have been used to gain unauthorized read-only access to the database, including potential access to customer information. This bug was fixed by approximately 6AM.
First, I would like to sincerely apologize for this incident. While I did not write the original code involved, I take full responsibility for the issue and feel terrible that I did not spot it previously.
The database contains the following sensitive information: username, e-mail (if provided), hashed password (not stored in plaintext), IP address. For a very small number of users (<30) that have provided it, the database also contains their real name (if provided), mailing address (if provided), as well as a “credit card description” if you opted for the site to remember your credit card. This does NOT contain your full credit card number, but does contain the type of card, the last four digits, and the expiry date.
Although the password is hashed, if you use the same password at other sites, I recommend you change those at this time.
Again, I do not know for sure that any information was actually leaked, however, out of an abundance of caution I am planning to do a database rollback and then reset all account passwords of users who have an e-mail address on file.
Since full credit card numbers were not leaked, it is unlikely you will need to contact any credit monitoring agencies. However, here is their contact information should you wish to do so:
- Experian: 888-397-3742; www.experian.com; P.O. Box 9532, Allen, TX 75013
- Equifax: 800-525-6285; www.equifax.com; P.O. Box 740241, Atlanta, GA 30374-0241
- TransUnion: 800-680-7289; www.transunion.com; Fraud Victim Assistance Division,
P.O. Box 6790, Fullerton, CA 92834-6790
My sincere apologies again, and I will keep you posted on this process.
UPDATE: The database has been rolled back to the previous day’s backup (1/19). All accounts with a valid e-mail have had their passwords invalidated, please reset your password. If you previously logged in via Steam or Kongregate, you should be able to continue logging in that way, however you should still reset your 8BitMMO password.
This does not affect your Steam/Kongregate passwords (unless you used the same password at both sites). If you used the same password on the 8BitMMO forums or Wikia, you should change those passwords as well.
UPDATE 2: E-mails are now going out about this, however, it may take a while for all the e-mails to make it out of the system.
=68 Landrush Schedule
The new =68 map is created and ready to go! Everyone can access it, regardless of level, via the telepad hidden away at the southwest of Root.
This map is more build-focused, and as such does not spawn mobs and has a totally flat terrain.
While everyone can view the map now, no one can build until their Landrush phase opens up. If you try to place before your Landrush slot opens, you’ll get a countdown of exact time remaining. Here is the schedule for landrush:
- 1/6 – Ultimate Landrush ($500+ during Novemberbit)
- 1/7 – Super Landrush ($200+ during Novemberbit)
- 1/8 – Normal Landrush ($70+ during Novemberbit)
- 1/9 – Open to All
Account Security Tips
It’s important to keep your 8BitMMO account safe. Lately, some 8BitMMO accounts have been targeted for theft. Please take the following steps to ensure the safety of your account:
- Be sure you have a good password set. Simple passwords can be easily guessed and thereby hacked, so it’s good to change your password if it is weak.
- Be sure you have an e-mail set. If your account is compromised, it can only be saved by having an e-mail associated with it.
- Never give your password to anyone.
- Avoid modifications that contain executable code. Several instances of “trainer” programs have captured account passwords unbeknownst to their users. No “trainer” or “exploit” programs can give you free plat.
Fire Dragon Temple
Check out El Dromedario’s new Fire Dragon Temple! Visit in-game at /tele temple
The Implausible Zone
Over the weekend I participated in the LD34 gamejam. I wrote and made some art for a short Comedy/Adventure game, which was produced in roughly two days. It’s pretty rough, but people at the jam site seemed to think it was funny, so hopefully you will too 🙂
Download
v1 – Jam Build [Windows]
Credits
Written by
Robby Zinchak
@8BitMMO
Music and Sound
Evan Witt
wittynotes.com
Disco Music
Jonathan Reasor
abraxasrex.github.io
Narrator
Carl Craig Juarez
soundcloud
Scripts used:
Word Wrapping Message Boxes, by: KilloZapit
http://www.rpgmakervxace.net/topic/6964-word-wrapping-message-boxes/
Skip Title Screen
http://www.rpgmakervxace.net/topic/271-skip-title-screen/
Fullscreen++ v2.2 for VX and VXace by Zeus81
http://www.hbgames.org/forums/viewtopic.php?f=11&t=76084
Galv’s Use Item on Event
Galv’s Use Item on Event V.1.5
Bitmas 2015!
Bitmas 2015 has officially begun! Check out all the Bitmastivities:
/Tele Gift
Visit the linkpad in root to be teleported to the Bitmas 2015 map!
There’s a hidden reward block to find. Also while you’re exploring, you’ll meet…
Dracoclaus
Speak with Draco the Archiclaus. If you registered before today, he’ll have a gift for you!
100,000 Gold Giveaway
Enter the giveaway for a chance to win 100,000 gold, sponsored by Kjh787. This time around, the winner must have an 8BitMMO user account that has been logged into on at least two different days.
Bitmas Hats
The Bitmas hats are back in stock in the shop. Get one before they’re gone!
March of Industry – Now on Android
I’ve been meaning to get March of Industry running on mobile for a long while now, and so I’ve been spending a little bit of time here and there to make it happen. It’s finally ready to share, so you can now play it on your Android phones & tablets (I don’t have an iPhone, so no iOS version. Sorry.)
The mobile version is the same as the PC version, but with touch controls. It even uses the same account system as PC version, so your save files will automatically sync between mobile and PC. It fully supports blueprint modding, translations, and GIF captures also.
I am giving the Android version out free to anyone who bought either the PC MarchOfIndustry.com (Stripe) or Steam copies of the game. (This includes Steam codes given out as Novemberbit rewards). Just go to this page to download the APK.
And if you didn’t, then FYI it’s unreasonably cheap in Google Play. 😛
Doubleplat 2015!
And for once I saved the stream, so here’s an archived copy oops, didn’t realize one of the vocaloid tracks is not okay to use on youtube so I had to take it down. My bad, sorry 🙁