|
|
|
|
|
|
|
|
|
 Posted: Sun Dec 25, 2016 11:40 am
|
|
|
|
|
|
|
|
|
|
|
Posted: Sun Dec 25, 2016 2:59 pm
|
|
|
|
|
|
|
|
|
|
|
|
|
Posted: Sun Dec 25, 2016 3:07 pm
 |
|
|
 |
Lemon Emperor It's very good news indeed, however the main reason it was taken down was due to a serious bug - not money reasons (though the money reasons is probably why they didn't try really hard to get it back up and fix the issue).
Good news is though, I'm sure many of the older staff which worked on zOMG would be glad to be contracted to help fix the issue if Lanzer is the one asking, as I'm sure the ex-staff would gladly help the older staff team rather than the money hungry ones.
It's nice that there's a chance of getting it back, but that's assuming they can even fix the issue and get someone on board cheap enough to do so - whom knows the system and the outdated programming language used to code it.
I'm not going to get my hopes up too much, but yeah, it's nice and I do wish for the best when it comes to this.
I want to punt monsters in the face again.
Actually the main reason they took it down was very fishy from a coding standpoint.
Being slightly more than Semi-fluent in Java I cannot say with certainty whether or not their excuse was a lie or the truth. Obviously anyone on staff is likely much more experienced and skilled than I am.
What I can say is that towns 2 was supposedly put onto the same point of data that zOMG resided on because of zOMG's higher security.
While I never took the chance to examine the coding within the game I did take a quick glance at towns 2 earlier out of curiosity.
While there are a number of very small vulnerabilities that would take someone of FAR more skill than I to exploit (And would only result in some interesting graphical glitches if someone bothered to do so.) I saw no evidence of a serious vulnerability, especially nothing that tied into the admin backend.
The fact of the matter is that to my -very imperfect- knowledge there is no connection between the admin backend and the flash spaces or zOMG. Because the rest of Gaia is written in an older and entirely different variable format than towns 2 (again, no access to the game so this is pure speculation.) it seems as though it would be highly improbable for such a "magic techno doorway woooo" to exist. Putting this into terms that are a bit less obscure, to say that zOMG ties into any of the regular site's backend is like saying that a glitch within the xbox live network has allowed you access to the playstation network's transaction coding and allows you to get ps3 games for free on your xbox 360.
If anything I would highly suspect that the guilds system or the mod backend would be more vulnerable to such an exploit. As it stands the cash shop still contains a minor vulnerability in and of itself that would allow someone with the skill and desire to mess with various backend sales numbers. Lqi quantities, item prices (on a singular, not site-wide level) and perhaps even complete a purchase with those things edited (Again, speculation since that is also above my own skill level and even if it wasn't it's not something I'd ever look into since it's a form of stealing and thieves are icky.) |
|
|
|
|
|
 |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
Posted: Sun Dec 25, 2016 3:15 pm
|
|
|
|
Neshira Namea Returns Actually the main reason they took it down was very fishy from a coding standpoint. Being slightly more than Semi-fluent in Java I cannot say with certainty whether or not their excuse was a lie or the truth. Obviously anyone on staff is likely much more experienced and skilled than I am. What I can say is that towns 2 was supposedly put onto the same point of data that zOMG resided on because of zOMG's higher security. While I never took the chance to examine the coding within the game I did take a quick glance at towns 2 earlier out of curiosity. While there are a number of very small vulnerabilities that would take someone of FAR more skill than I to exploit (And would only result in some interesting graphical glitches if someone bothered to do so.) I saw no evidence of a serious vulnerability, especially nothing that tied into the admin backend. The fact of the matter is that to my -very imperfect- knowledge there is no connection between the admin backend and the flash spaces or zOMG. Because the rest of Gaia is written in an older and entirely different variable format than towns 2 (again, no access to the game so this is pure speculation.) it seems as though it would be highly improbable for such a "magic techno doorway woooo" to exist. Putting this into terms that are a bit less obscure, to say that zOMG ties into any of the regular site's backend is like saying that a glitch within the xbox live network has allowed you access to the playstation network's transaction coding and allows you to get ps3 games for free on your xbox 360. If anything I would highly suspect that the guilds system or the mod backend would be more vulnerable to such an exploit. As it stands the cash shop still contains a minor vulnerability in and of itself that would allow someone with the skill and desire to mess with various backend sales numbers. Lqi quantities, item prices (on a singular, not site-wide level) and perhaps even complete a purchase with those things edited (Again, speculation since that is also above my own skill level and even if it wasn't it's not something I'd ever look into since it's a form of stealing and thieves are icky.)
I am not here to argue if the exploit existed or not, as I personally know it did.
It was less of the Java coding, but more of the database connection between the game and the server (and test servers - mainly) that caused this vulnerability.
As someone who has exploited many of Gaia's features in the past, including the test servers used in conjunction with zOMG - I can state it was not very secure in the slightest, and that they needed to fix such an issue.
How easy the issue would be to fix? No clue, as I am not too fluent in Java either.
(Other than messing around with Runescape private servers and minecraft mods)
However, if they say it was difficult for them to patch up - then I believe it.
It also didn't help that they haven't had any of the original coders for zOMG on the staff team for a while.
As for your cash shop theory - no that is not possible. The parameters that get passed to the user for the Limited Items and Offers are checked server-side as well and are secure - I've tested them. smile
Needless to say - I know something was badly coded and could leak into the test servers - which copied the same DB tables as the main server and in some instances shared with the main server - was true.
How easy to fix? Again - I'm not sure, they said it was hard so I believe them.
I'm glad that Lanzer, L0cke and CP are back though, with them three in charge they have more of a chance of getting the coders of zOMG to help Gaia again and possibly fix it - and that's what I'm excited for. Will I get my hopes up though? No.
|
 |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
Posted: Sun Dec 25, 2016 7:00 pm
|
|
|
|
Lemon Emperor Neshira Namea Returns Actually the main reason they took it down was very fishy from a coding standpoint. Being slightly more than Semi-fluent in Java I cannot say with certainty whether or not their excuse was a lie or the truth. Obviously anyone on staff is likely much more experienced and skilled than I am. What I can say is that towns 2 was supposedly put onto the same point of data that zOMG resided on because of zOMG's higher security. While I never took the chance to examine the coding within the game I did take a quick glance at towns 2 earlier out of curiosity. While there are a number of very small vulnerabilities that would take someone of FAR more skill than I to exploit (And would only result in some interesting graphical glitches if someone bothered to do so.) I saw no evidence of a serious vulnerability, especially nothing that tied into the admin backend. The fact of the matter is that to my -very imperfect- knowledge there is no connection between the admin backend and the flash spaces or zOMG. Because the rest of Gaia is written in an older and entirely different variable format than towns 2 (again, no access to the game so this is pure speculation.) it seems as though it would be highly improbable for such a "magic techno doorway woooo" to exist. Putting this into terms that are a bit less obscure, to say that zOMG ties into any of the regular site's backend is like saying that a glitch within the xbox live network has allowed you access to the playstation network's transaction coding and allows you to get ps3 games for free on your xbox 360. If anything I would highly suspect that the guilds system or the mod backend would be more vulnerable to such an exploit. As it stands the cash shop still contains a minor vulnerability in and of itself that would allow someone with the skill and desire to mess with various backend sales numbers. Lqi quantities, item prices (on a singular, not site-wide level) and perhaps even complete a purchase with those things edited (Again, speculation since that is also above my own skill level and even if it wasn't it's not something I'd ever look into since it's a form of stealing and thieves are icky.)
I am not here to argue if the exploit existed or not, as I personally know it did.
It was less of the Java coding, but more of the database connection between the game and the server (and test servers - mainly) that caused this vulnerability.
As someone who has exploited many of Gaia's features in the past, including the test servers used in conjunction with zOMG - I can state it was not very secure in the slightest, and that they needed to fix such an issue.
How easy the issue would be to fix? No clue, as I am not too fluent in Java either.
(Other than messing around with Runescape private servers and minecraft mods)
However, if they say it was difficult for them to patch up - then I believe it.
It also didn't help that they haven't had any of the original coders for zOMG on the staff team for a while.
As for your cash shop theory - no that is not possible. The parameters that get passed to the user for the Limited Items and Offers are checked server-side as well and are secure - I've tested them. smile
Needless to say - I know something was badly coded and could leak into the test servers - which copied the same DB tables as the main server and in some instances shared with the main server - was true.
How easy to fix? Again - I'm not sure, they said it was hard so I believe them.
I'm glad that Lanzer, L0cke and CP are back though, with them three in charge they have more of a chance of getting the coders of zOMG to help Gaia again and possibly fix it - and that's what I'm excited for. Will I get my hopes up though? No.
It's good have insight from someone who sees the problem from a different angle. I certainly hope you're no longer exploiting Gaia however as that would be grounds for not only dismissal from this guild but an immediate report. We don't tolerate that here.
However I believe you are incorrect about the Cash Shop exploit. It's the exploit that once allowed a user to gather a great many win gaia bundles and also a similar exploit that allowed the recent kin-related incidents.
That post I just made was actually copied from one I made not very long after zomg was first shut down. I've learned a little since then but by their own admission they were not completely honest. The real reason it shut down was that it wasn't making enough money and there WERE issues with it. Nothing as severe as they wanted us to think but definitely game-breaking and vulnerability issues. They had no one to fix it, as you stated, and it would have cost more to fix than that game was making.
What they did was smart from a business standpoint. The dishonesty was not. If they bring the game back I hope they have more monetization features in place so that it makes the money it needs to keep itself afloat. |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
Posted: Mon Dec 26, 2016 10:01 am
|
|
|
|
Neshira Namea Returns It's good have insight from someone who sees the problem from a different angle. I certainly hope you're no longer exploiting Gaia however as that would be grounds for not only dismissal from this guild but an immediate report. We don't tolerate that here. However I believe you are incorrect about the Cash Shop exploit. It's the exploit that once allowed a user to gather a great many win gaia bundles and also a similar exploit that allowed the recent kin-related incidents. That post I just made was actually copied from one I made not very long after zomg was first shut down. I've learned a little since then but by their own admission they were not completely honest. The real reason it shut down was that it wasn't making enough money and there WERE issues with it. Nothing as severe as they wanted us to think but definitely game-breaking and vulnerability issues. They had no one to fix it, as you stated, and it would have cost more to fix than that game was making. What they did was smart from a business standpoint. The dishonesty was not. If they bring the game back I hope they have more monetization features in place so that it makes the money it needs to keep itself afloat.
Ah, then that may have been a different exploit than the one I tested.
I do actively try to exploit everything and anything, however Instead of abuse said exploits I report it to Zero Omega on Skype - or if it's being tested in SCAS - Post the exploits in the SCAS guild for them to be fixed. smile
(Though there are exploits I do miss - as I'm not perfect at sniffing them out razz )
I would love more monetization in zOMG if it were re-opened, definitely.
zOMG was one of the main reasons I loved Gaia.
And as with Lake Kindred, it doesn't surprise me that it was exploited, I found quite a few exploits with it early on (such as being able to repeat the request to finish the battle over and over so you got infinite rewards) and the fact it is in HTML5 means it is more inclined to be abused than other games, as HTML5 lacks in-built security - making it easier to not only exploit but to make bots for, etc..
Kind of angry I missed whatever exploit that person used though, if I found it out I could've prevented that whole mess with peoples trading passes being disabled. neutral
Oh well.
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
Posted: Mon Dec 26, 2016 1:55 pm
|
|
|
|
Lemon Emperor It's very good news indeed, however the main reason it was taken down was due to a serious bug - not money reasons (though the money reasons is probably why they didn't try really hard to get it back up and fix the issue).
Good news is though, I'm sure many of the older staff which worked on zOMG would be glad to be contracted to help fix the issue if Lanzer is the one asking, as I'm sure the ex-staff would gladly help the older staff team rather than the money hungry ones.
It's nice that there's a chance of getting it back, but that's assuming they can even fix the issue and get someone on board cheap enough to do so - whom knows the system and the outdated programming language used to code it.
I'm not going to get my hopes up too much, but yeah, it's nice and I do wish for the best when it comes to this.
I want to punt monsters in the face again.
I'm meeting Swarf in a few days to be briefed about the work that needs to be done. After that I'll need to find someone with JAVA experience to help me on the project, and it's going to take time. So even in the best case scenario, it'll still take a while to get zOMG back on track.
zOMG uses the SmartFox server, a fairly popular server back in the day, and unlike the Towns server which is something very obscure, popular servers get their group of hackers who band together to make use of exploits. That was what happened to SmartFox. Once hackers were in, they could access all other servers internally, and it was bad news for our IT guy.
From what I know, we actually contacted several ex-zOMG programmers, but none stepped up to fix the issue for one reason or another. It has to do that some essential scripts were not well documented and went missing. We have a lot of work ahead of us.
I'll keep everyone updated as I get more insight to the subject. |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
Posted: Mon Dec 26, 2016 1:58 pm
|
|
|
|
lanzer Lemon Emperor It's very good news indeed, however the main reason it was taken down was due to a serious bug - not money reasons (though the money reasons is probably why they didn't try really hard to get it back up and fix the issue).
Good news is though, I'm sure many of the older staff which worked on zOMG would be glad to be contracted to help fix the issue if Lanzer is the one asking, as I'm sure the ex-staff would gladly help the older staff team rather than the money hungry ones.
It's nice that there's a chance of getting it back, but that's assuming they can even fix the issue and get someone on board cheap enough to do so - whom knows the system and the outdated programming language used to code it.
I'm not going to get my hopes up too much, but yeah, it's nice and I do wish for the best when it comes to this.
I want to punt monsters in the face again. I'm meeting Swarf in a few days to be briefed about the work that needs to be done. After that I'll need to find someone with JAVA experience to help me on the project, and it's going to take time. So even in the best case scenario, it'll still take a while to get zOMG back on track. zOMG uses the SmartFox server, a fairly popular server back in the day, and unlike the Towns server which is something very obscure, popular servers get their group of hackers who band together to make use of exploits. That was what happened to SmartFox. Once hackers were in, they could access all other servers internally, and it was bad news for our IT guy. From what I know, we actually contacted several ex-zOMG programmers, but none stepped up to fix the issue for one reason or another. It has to do that some essential scripts were not well documented and went missing. We have a lot of work ahead of us. I'll keep everyone updated as I get more insight to the subject.
Lanzer honey, I was one of the ones who went into the test servers, you guys left your queries out for show and I got into the databases. I know how bad things were. smile And I know Towns =/= zOMG.
I hope you do fix things and get zOMG running again.
Also check your marriage page and add a title for yourself so you return my love.
(Don't worry, I talked to Zero about that exploit and it's fixed now. razz )
Also, plz no divorce me.  |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
Posted: Mon Dec 26, 2016 4:20 pm
|
|
|
|
|
|
|
|
|
|
|
Posted: Mon Dec 26, 2016 4:29 pm
|
|
|
|
|
|
|
|
|
|
|
|
|
Posted: Mon Dec 26, 2016 6:09 pm
|
|
|
|
Lemon Emperor Dogoda Granted I can't code worth a damn but anyway... If Zomg! is beyond being fixed since the flash coding is obsolete and it's an absolute mess couldn't you take that game and code it with a different code? Like HTML5 or Unity? that way it's new and it would be easier to find people to work on it and it will be easier to maintain? I know that this would be a huge project and would require a ton of money but the game has a huge following, maybe you could do surveys to see if people would be interested in doing a kickstarter to raise the funds? We could also put this last on the list of things to do, we can work on more important things then move on to this huge project. If swarf and the other devs come back to work on it I'm sure there is a decent chance of it being fixed, if however it doesn't, I don't think a re-code in another language like HTML5 or Unity will come for a very, very long time. Must take into consideration it took years for zOMG to be coded originally. Of course, a re-make would be easier than doing it the first time as they have the previous games assets to use but it would still be a huge undertaking. I think our best bet is just to have the main game fixed.  Not to say it's out of the question, but it definitely won't happen for a few years if they did decide to re-code it all.
This is very true.
If the main game was fixed it would still be very useable even with the old coding. I hope they can fix it. Heck there are many talented coders in the gaian community that I bet would be willing to pitch in if Gaia wanted to do some sort of volunteer initiative and pay in Gaia items or something. |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
Posted: Mon Dec 26, 2016 6:13 pm
|
|
|
|
|
|
|
|
|
|
|
|
|
Posted: Mon Dec 26, 2016 6:15 pm
|
|
|
|
Lemon Emperor Neshira Namea Returns This is very true. If the main game was fixed it would still be very useable even with the old coding. I hope they can fix it. Heck there are many talented coders in the gaian community that I bet would be willing to pitch in if Gaia wanted to do some sort of volunteer initiative and pay in Gaia items or something. Yeah, and I'm sure many Gaians would love zOMG! back even if it never got updated - just having what was there back would be nice for many, many users. Unfortunately I do not believe Gaia is legally able to get volunteer work for "Skilled" tasks - this being coding/art or anything that someone has to do training for - or is considered a skill or talent, due to the laws where Gaia is situated. (This is what I was told before by someone in staff. Not sure if that law still holds today.)
I supposed they'd have to label them as interns. In California unpaid internships are allowed but I don't know if it applies to remote work. *Weeps for her summers as an intern in CA* |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
Posted: Tue Dec 27, 2016 7:58 pm
|
|
|
|
|
|
|
|
|
|
|
|
|
Posted: Wed Dec 28, 2016 9:02 am
|
|
|
|
Lemon Emperor Neshira Namea Returns This is very true. If the main game was fixed it would still be very useable even with the old coding. I hope they can fix it. Heck there are many talented coders in the gaian community that I bet would be willing to pitch in if Gaia wanted to do some sort of volunteer initiative and pay in Gaia items or something. Yeah, and I'm sure many Gaians would love zOMG! back even if it never got updated - just having what was there back would be nice for many, many users. Unfortunately I do not believe Gaia is legally able to get volunteer work for "Skilled" tasks - this being coding/art or anything that someone has to do training for - or is considered a skill or talent, due to the laws where Gaia is situated. (This is what I was told before by someone in staff. Not sure if that law still holds today.)
Is it seriously illegal to volunteer with skilled work? Or rather, accept volunteer skillled work. Considering this would be a trans-national operation if gaians from across the world pitched in with their varying degrees of common sense and coding/programming, I would reckon that the laws of both Server (Gaia) and Client (Gaians) countries would have to compete equally, and the worker usually has the right to offer their services, as long as their pay, if any, is taxed properly.
Although I'm in no way a law-student, nor have any experience from American emplyment and work customs. |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
Reply
