Verified:

martian Game profile

Game Moderator
Mod Boss
7841

May 4th 2012, 19:16:41

There's a lot of supposition/rumors floating around so I want to clarify what the status of things is right now.

1) From what we can tell, TC did edit his country. (he didn't say he did.. my bad).

2) Based on what we know, Hanlong got db access/password from TC. There is no evidence that he did anything other than login to the db (and presumably read stuff). There are logs of him running queries against evolution2025's forum tables.

3) As far as we know, no other unauthorized individual accessed the db. The owner of country found with negative units did not knowingly do anything to create that situation. See my comments on the 585 thread about that specifically.

4) pang will be moving Boxcar. TC and Hanlong both claim they didn't look at the Boxcar database. Pang can't be bothered to look into it at this stage because it's meaningless. Pang will be moving Boxcar to another host sometime soon, however the backup I have comes from Monday so any information after that will be lost. Also, the news/ranks/market databases will not be populated, so it'll only have news from when it's set up forward. The URL will remain http://www.boxcarhosting.com.

5) should anyone have any solid evidence of any wrongdoing on the part of anyone, I would encourage them to contact myself (or an admin) privately.

6) As game staff, the only people I punish are people who directly break the rules. Unless there is proof that someone took advantage of information that they knew was as the result of breaking an ee rule, I don't consider it a rules violation. Anything else from my standpoint is a political/community issue.


Disclamer: Any inconsistencies between what I've said and what pang/qz have posted are not intentional and probably either a mistake on my part or because additional information is known now that wasn't clear when they posted.

Please feel free to ask any direct questions about this on this thread. Please keep any political trolling off this thread.

Also pang/qz may come by later and correct me if I"m wrong.
++martian

Edited By: Pang on May 5th 2012, 0:50:11. Reason: boxcar info
See Original Post
you are all special in the eyes of fluff
(|(|
( ._.) -----)-->
(_(' )(' )

RUN IT IS A KILLER BUNNY!!!

Kumander Otbol

Member
728

May 4th 2012, 19:26:00

first blood! thanks martian.

on 1. other than TC's own country, was there any other countries being edited (esp from LaF)? just want to clarify this one.
Originally posted by cypress:
no reason to start slacking just because they are getting FA

fluff them....we'll steamroll them even with the FA they are getting

locket Game profile

Member
6176

May 4th 2012, 19:31:56

So in short are you saying that TC did cheat and admit to it, however, Hanlong did not break any of the game rules or adjust the database? (May have read what you said wrong)

Bikerman Game profile

Member
555

May 4th 2012, 19:36:22

Oh no, we are gonna have 100 post about "our official statement", now that hanlong didn't hack anything

locket Game profile

Member
6176

May 4th 2012, 19:37:10

Originally posted by Bikerman:
Oh no, we are gonna have 100 post about "our official statement", now that hanlong didn't hack anything

Locket's Official Statement is being saved! ;)

blid

Member
EE Patron
9319

May 4th 2012, 19:39:01

Did hanlong log into the database on multiple occasions? Did he do it often?
Originally posted by Mr. Titanium:
Watch your mouth boy, I have never been accused of cheating on any server nor deleted before you just did right there.

martian Game profile

Game Moderator
Mod Boss
7841

May 4th 2012, 19:44:02

Regarding hlw: taking advantage of something that you shouldn't have access to that is part of the ee site is breaking the game rules. We know he logged in multiple times.
Did he break the rules as in run multies? no.

As far as TC editing stuff: based on what we can tell nothing else was altered. There are things that wouldn't give any kind of significant gameplay/nw advantage that could have been edited that we wouldn't be able to find so easily. The most damaging things that could be done (like delete a country or change its status) would be noticed by a game mod pretty much immediately and nothing like that happened. This is my understanding. maybe qz/pang could say more.

you are all special in the eyes of fluff
(|(|
( ._.) -----)-->
(_(' )(' )

RUN IT IS A KILLER BUNNY!!!

martian Game profile

Game Moderator
Mod Boss
7841

May 4th 2012, 19:44:41

@blid: what I'm told is yes, he did it more than once.
you are all special in the eyes of fluff
(|(|
( ._.) -----)-->
(_(' )(' )

RUN IT IS A KILLER BUNNY!!!

Son Goku Game profile

Member
745

May 4th 2012, 19:46:17

Originally posted by martian:
Hanlong got db access/password from TC. There is no evidence that he did anything other than login to the db (and presumably read stuff).


Thanks for clarifying. So there's no proof that any countries were altered except for TC's?

Kumander Otbol

Member
728

May 4th 2012, 19:50:34

great thread martian, thanks for the answers. hope this will clear things up a bit.
Originally posted by cypress:
no reason to start slacking just because they are getting FA

fluff them....we'll steamroll them even with the FA they are getting

martian Game profile

Game Moderator
Mod Boss
7841

May 4th 2012, 19:50:49

not in terms of solid examples that have been brought to my attention. Unfortunately we cannot rule out 100% that someone didn't manipulate the country with negative units, but like I stated in that thread it appears to be more of a glitch.
you are all special in the eyes of fluff
(|(|
( ._.) -----)-->
(_(' )(' )

RUN IT IS A KILLER BUNNY!!!

TheORKINMan Game profile

Member
1305

May 4th 2012, 19:51:26

Just want to point out to morons trying to spin this ALREADY that what Hanlong did is still considered hacking because it is unauthorized DB/network access.
Smarter than your average bear.

martian Game profile

Game Moderator
Mod Boss
7841

May 4th 2012, 19:52:20

To be clear, this in no way lets hlw off the hook but I thought people should know what did/did not happen.
you are all special in the eyes of fluff
(|(|
( ._.) -----)-->
(_(' )(' )

RUN IT IS A KILLER BUNNY!!!

locket Game profile

Member
6176

May 4th 2012, 19:52:45

Originally posted by TheORKINMan:
Just want to point out to morons trying to spin this ALREADY that what Hanlong did is still considered hacking because it is unauthorized DB/network access.

Martian's posts are all that need to be read and I'd assume all that will matter.

Bikerman Game profile

Member
555

May 4th 2012, 19:59:09

Originally posted by TheORKINMan:
Just want to point out to morons trying to spin this ALREADY that what Hanlong did is still considered hacking because it is unauthorized DB/network access.


It is not really hacking (cracking) if you have the user/password - get your facts straight :)

martian Game profile

Game Moderator
Mod Boss
7841

May 4th 2012, 20:03:09

it is still unauthorized access so we can argue technicalities but it amounts to the same thing in the end.

It's like if I drop my door key on the ground and you pick it up and enter my house..
you are all special in the eyes of fluff
(|(|
( ._.) -----)-->
(_(' )(' )

RUN IT IS A KILLER BUNNY!!!

Kumander Otbol

Member
728

May 4th 2012, 20:06:19

hanlong should still be subject for fluffstice eventhough all he did was read stuff.
Originally posted by cypress:
no reason to start slacking just because they are getting FA

fluff them....we'll steamroll them even with the FA they are getting

Bikerman Game profile

Member
555

May 4th 2012, 20:20:27

Originally posted by martian:
it is still unauthorized access so we can argue technicalities but it amounts to the same thing in the end.

It's like if I drop my door key on the ground and you pick it up and enter my house..


of course it is, just fun to comment on TheORKINMan when he jumps up and throwing words around he heard in the schoolyard that he don't know the meaning of :)

LittleItaly Game profile

Game Moderator
Alliance, FFA, & Cooperation
2219

May 4th 2012, 20:26:51

Q: Clans with boxcar sites should probably move off it for now until boxcarhosting.com/net get pointed to a pang/EE admin server correct since TC could royally screw them?
LittleItaly
SOL Vet
-Discord: LittleItaly#2905
-IRC: irc.scourge.se #sol
-Apply today @ http://sol.ghqnet.com for Alliance

Anonymous

Member
384

May 4th 2012, 20:30:37

I think this is a case for perma-ban.

It's not as bad perhaps as originally stated or implied, however it still is the worst case of cheating, and a completely new type of cheating at that.

I don't care what they did, I would love to have a comment from Hanlong as to why he felt this was okay, or even necessary.

A couple of questions though Martian.
When did this first appear to take place?
When was the first time found that Hanlong logged in?
Was TC suppose to have DB access? If not when was the first time he logged in?

Kalick Game profile

Member
699

May 4th 2012, 20:33:58

Originally posted by LittleItaly:
Q: Clans with boxcar sites should probably move off it for now until boxcarhosting.com/net get pointed to a pang/EE admin server correct since TC could royally screw them?


The problem is, where do they go? Aren't all other sites privately hosted just for each clan that runs them?

Kalick Game profile

Member
699

May 4th 2012, 20:36:07

I'm curious, do you know that other countries were not modified, or do you just not have evidence to prove it? From what I've gleaned from admin's posts, it doesn't seem like the transaction logs are very thorough, so you can't say one way or the other.

H4xOr WaNgEr Game profile

Forum Moderator
1975

May 4th 2012, 20:46:39

there is also ghqnet.com kalick. It is run by SOL people.

martian Game profile

Game Moderator
Mod Boss
7841

May 4th 2012, 20:50:48

@anonymous: I don't actually know the answers to those questions exactly but from what I understand, not prior to last set (the reset before this one). Also TC was not supposed to have DB access.

@Kalick: there are other ways to tell than the transaction logs but we don't have a full-proof way in this case. At some point there is a trade off between cost/resources vs what you gain from things. I think in this case qz/pang would be better equipped to answer your question.
you are all special in the eyes of fluff
(|(|
( ._.) -----)-->
(_(' )(' )

RUN IT IS A KILLER BUNNY!!!

qzjul Game profile

Administrator
Game Development
10,263

May 4th 2012, 21:18:07

Modified your post about evidence &etc.
Finally did the signature thing.

Anonymous

Member
384

May 4th 2012, 21:22:43

Thank you, Martian.

martian Game profile

Game Moderator
Mod Boss
7841

May 4th 2012, 21:30:34

@qz: thanks.

you are all special in the eyes of fluff
(|(|
( ._.) -----)-->
(_(' )(' )

RUN IT IS A KILLER BUNNY!!!

qzjul Game profile

Administrator
Game Development
10,263

May 4th 2012, 21:43:40

Our access logs have, to date, primarily been used for traffic statistics and some bug finding; as such, they're rotational, so we can't see too far into the past.

Our query logs are designed again for performance benchmarking and query optimization, rather than total information awareness. We can't really log all queries; while this is still a relatively small site as far as websites and databases go, we're still running an average of 410 queries per second, so complete logging is off the table. So we can't strictly speaking see actual queries, but we DO know the game mechanics and have all game logs, so if something crazy happens it can be pretty obvious; if there was smaller scale "within the realm of possibility" stuff happening, then we'd have a much more difficult time finding it.

Logging of phpmyadmin queries was only added in a newer version to which we upgraded not long before I went on vacation, and we had not fully enabled it at that time (it is now, in case you're wondering).

While we could potentially identify countries affected, we'd not be able to trace them back to which of them did it.

I don't think TC will try to screw anybody using boxcar; 'course I didn't think he'd abuse our trust in this manner either. Personally if I were on boxcar I'd probably just run business as usual, but conduct sensitive business in private, just like in the GT days, and consider keeping backups of significant stuff from the last 3 days forward.
Finally did the signature thing.

Sov Game profile

Member
2509

May 4th 2012, 23:24:54

Thank you for posting more information on this as it allows us to have a clearer view on the situation.

locket Game profile

Member
6176

May 5th 2012, 0:01:25

Originally posted by qzjul:
Our access logs have, to date, primarily been used for traffic statistics and some bug finding; as such, they're rotational, so we can't see too far into the past.

Our query logs are designed again for performance benchmarking and query optimization, rather than total information awareness. We can't really log all queries; while this is still a relatively small site as far as websites and databases go, we're still running an average of 410 queries per second, so complete logging is off the table. So we can't strictly speaking see actual queries, but we DO know the game mechanics and have all game logs, so if something crazy happens it can be pretty obvious; if there was smaller scale "within the realm of possibility" stuff happening, then we'd have a much more difficult time finding it.

Logging of phpmyadmin queries was only added in a newer version to which we upgraded not long before I went on vacation, and we had not fully enabled it at that time (it is now, in case you're wondering).

While we could potentially identify countries affected, we'd not be able to trace them back to which of them did it.

I don't think TC will try to screw anybody using boxcar; 'course I didn't think he'd abuse our trust in this manner either. Personally if I were on boxcar I'd probably just run business as usual, but conduct sensitive business in private, just like in the GT days, and consider keeping backups of significant stuff from the last 3 days forward.

I doubt it also. He would be blowing any friendships within Laf he might have that exist outside the game. As long as Laf is on boxcar I'd hope he wouldn't shut it down or anything like that. I'd hope if we left he wouldnt either but yah...

Forgotten

Member
1605

May 5th 2012, 0:28:25

So let's get this straight.

TC is guilty of manipulating game data, and giving admin access to HLW.

HLW is guilty of using the access given to him, to view Admin threads (Not 'Game' related), and query another alliance's forums (Not 'Game' related).

Looks to me only one person deserves perma ban and the other deserves a 'timed' ban for not bringing a loophole/leak to the Admins.



If a guy can threaten to kill another person and only get a 30day ban, how long would a guy that simply was ignorant and took advantage of something, which, 100% of alliance leaders, current and past, would do the same if given the chance to, if not already doing it?

~LaF's Retired Janitor~

ArsenalMD Game profile

Member
560

May 5th 2012, 0:35:17

Forgotten you've completely lost the plot.

locket Game profile

Member
6176

May 5th 2012, 0:42:51

Originally posted by ArsenalMD:
Forgotten you've completely lost the plot.

You guys lost the plot when you used all of this for political gain rather than to chase down cheaters. You guys also lost the plot when you read a ton of "maybes" and assumed they all meant yes instead of maybe.

lostmonk Game profile

Member
220

May 5th 2012, 0:43:19

Originally posted by Forgotten:
So let's get this straight.

TC is guilty of manipulating game data, and giving admin access to HLW.

HLW is guilty of using the access given to him, to view Admin threads (Not 'Game' related), and query another alliance's forums (Not 'Game' related).

Looks to me only one person deserves perma ban and the other deserves a 'timed' ban for not bringing a loophole/leak to the Admins.



If a guy can threaten to kill another person and only get a 30day ban, how long would a guy that simply was ignorant and took advantage of something, which, 100% of alliance leaders, current and past, would do the same if given the chance to, if not already doing it?



You forgot hlw accessed the GAME database...

Originally posted by martian:

2) Based on what we know, Hanlong got db access/password from TC. There is no evidence that he did anything other than login to the db (and presumably read stuff). There are logs of him running queries against evolution2025's forum tables.


2 distinct events there forgotten.
Done.

lostmonk Game profile

Member
220

May 5th 2012, 0:45:23

Originally posted by locket:
Originally posted by ArsenalMD:
Forgotten you've completely lost the plot.

You guys lost the plot when you used all of this for political gain rather than to chase down cheaters. You guys also lost the plot when you read a ton of "maybes" and assumed they all meant yes instead of maybe.



The vast majority of people severing relations with LaF have already stated their reasons, which center on THESE allegations and proven wrongdoings. So, unless you're trying to say the heads of all the alliances are lying, you should understand its not necessarily political, but a matter of trust.
Done.

locket Game profile

Member
6176

May 5th 2012, 0:49:34

Originally posted by lostmonk:
Originally posted by locket:
Originally posted by ArsenalMD:
Forgotten you've completely lost the plot.

You guys lost the plot when you used all of this for political gain rather than to chase down cheaters. You guys also lost the plot when you read a ton of "maybes" and assumed they all meant yes instead of maybe.




The vast majority of people severing relations with LaF have already stated their reasons, which center on THESE allegations and proven wrongdoings. So, unless you're trying to say the heads of all the alliances are lying, you should understand its not necessarily political, but a matter of trust.

There are plenty of neutral observers with a different opinion than yours and I tend to agree with them. I wont convince you though so there is no point turning this into a flame thread since Martian didnt want that :P Agree to disagree.

Edited By: locket on May 5th 2012, 9:33:41
See Original Post

Rockman Game profile

Member
3388

May 5th 2012, 0:54:45

TC's country this set had 10 million troops added to it. Clearly sufficient for deletion. What evidence caused the other countries to get deleted? Were the countries from past sets retroactively deleted for cheating, or merely because it was possible/probable that they had cheated? Is it even possible to have evidence from that far back to determine whether or not they had cheated?

If all that is needed is that it merely be probable that someone had cheated, why have JJ23, smlandau, and Vivanick not had their top countries retroactively removed from the primary and express top lists as well?


It is rather frustrating that the burden of proof required to get someone deleted in primary has been set so extremely high, yet LaF countries from previous sets have been deleted because of proof that they cheated in a different set.

Edited By: Rockman on May 5th 2012, 0:57:35
See Original Post

Pang Game profile

Administrator
Game Development
5731

May 5th 2012, 0:57:04

Thanks martian! I added some Boxcar info to your post.

Re: Boxcar/TC ->
I'm not sure what to expect from TC. He was emailing me asking for favours re: DNS while flaming me on AT about how bad of a person I am. If I were any of you, I'd just steer clear of him and let him move on. Let me be the person that has to interact with him if anyone has to -- I brought him into this mess, I'll wrap things up.

Hanlong said he's already moved on and won't be back, but he generally wishes the game+community well regardless of how his actions impacted it. He also said that if I have any further questions or need further clarification from him that he'll answer honestly in private. At least it's a very mature way to wrap his role up.
-=Pang=-
Earth Empires Staff
pangaea [at] earthempires [dot] com

Boxcar - Earth Empires Clan & Alliance Hosting
http://www.boxcarhosting.com

Wharfed

Member
384

May 5th 2012, 1:03:07

Nice to see one of them has been a adult about the situation.
>Wharfed

ABOYNE (vb.) To beat an expert at a game of skill by playing so appallingly bad that none of his clever tactics or strategies are of any use to him.

Pang Game profile

Administrator
Game Development
5731

May 5th 2012, 1:07:34

Rockman:
we felt the need to delete those countries because we could never be sure that they DIDN'T add something to their country. But even if they didn't edit their countries, they had access to a DB which gave them the potential to access a lot more information than they should have had. Being able to look at ppl's stock on the market, monitor when goods are going to be bought/sold, or any other read-focused action would invalidate them as well. We know TC was in the countries table once as well.

Both of them had access to the database for the entire duration of the rounds in which they were deleted for, I believe. We didn't go back farther, but if we did I think we would still be warranted. Going as far as erasing their entire existence from the ranks tables wouldn't be too far, IMO. That's why qz and I made the call on the deletion rather than martian; it's an admin deletion, not a mod deletion.

The other aspect is that either of them could have brought the existence of the hole to us and it would have been a net positive for whoever did it. If Hanlong did it after TC had been hiding it for probably at least a year, Hanlong would have been seen as a hero.

Edited By: Pang on May 5th 2012, 1:10:20
See Original Post
-=Pang=-
Earth Empires Staff
pangaea [at] earthempires [dot] com

Boxcar - Earth Empires Clan & Alliance Hosting
http://www.boxcarhosting.com

SMz Game profile

Member
313

May 5th 2012, 1:12:10

who theartned to kill somebody? lmao

crest23 Game profile

Member
4666

May 5th 2012, 1:13:14

Pang, you skipped this question from Rockman.

Originally posted by Rockman:
If all that is needed is that it merely be probable that someone had cheated, why have JJ23, smlandau, and Vivanick not had their top countries retroactively removed from the primary and express top lists as well?

It is rather frustrating that the burden of proof required to get someone deleted in primary has been set so extremely high, yet LaF countries from previous sets have been deleted because of proof that they cheated in a different set.
The Nigerian Nightmare.

Nuketon Game profile

Member
549

May 5th 2012, 2:00:56

Originally posted by SMz:
who theartned to kill somebody? lmao


JJ23 has done so multiple occasions. I have even been personally threatened by him. I feel it's just steam, but you never know.

TheMatrix

Member
144

May 5th 2012, 2:01:45

Originally posted by Bikerman:
Originally posted by TheORKINMan:
Just want to point out to morons trying to spin this ALREADY that what Hanlong did is still considered hacking because it is unauthorized DB/network access.


It is not really hacking (cracking) if you have the user/password - get your facts straight :)


Perhaps you should get your facts straight. TOM is right, check cyber-crime laws...

TheORKINMan Game profile

Member
1305

May 5th 2012, 2:21:39

Btw I will bet money hanlong comes back at some point under an alias
Smarter than your average bear.

Forgotten

Member
1605

May 5th 2012, 2:53:56

I will take your money mr.ORKINMan.

How much are we betting, and when can I collect?
~LaF's Retired Janitor~

TheORKINMan Game profile

Member
1305

May 5th 2012, 2:56:25

If he hasn't come back by 2025 I'll PayPal you 50 bucks :P
Smarter than your average bear.

Pride Game profile

Member
1590

May 5th 2012, 3:15:27

He was recently on a few days ago. Pay up

Anonymous

Member
384

May 5th 2012, 3:25:38

Originally posted by Pride:
He was recently on a few days ago. Pay up


K, what's his alias then?

I also doubt he will come back. The shame alone should be enough to keep him away.

TheORKINMan Game profile

Member
1305

May 5th 2012, 3:33:22

It didnt stop anyone else in LaF who did terrible things from coming back.
Smarter than your average bear.