Server Security Announcements - Printable Version +- Thay - Realm of the Red Wizards (https://thaypw.com) +-- Forum: Meta (https://thaypw.com/forumdisplay.php?fid=3) +--- Forum: Announcements (https://thaypw.com/forumdisplay.php?fid=4) +---- Forum: [Archived - Annoucements] (https://thaypw.com/forumdisplay.php?fid=62) +---- Thread: Server Security Announcements (/showthread.php?tid=962)

Server Security Announcements - Balanor - 07-06-2011 As most everyone knows by now, the Neverwinter Nights Master Server is down due to the old Bioware NWN forums being hacked several weeks ago. While it sounds as though Bioware will eventually get it back up and running, whenever it is down we run the risk of unscrupulous people spoofing legitimate player accounts and being able to actually login and use another individuals PCs. Plus, this huge security risk is one we will have to eventually address some day when Bioware shuts down the Master Server for good (if they haven’t already and just haven’t officially told us yet...) Therefore, effective as of this post, the following security measures are in place. 1. From now CD Keys will be associated with Player Account names. By default, the first CD Key you login with will automatically be associated to your player account name. So if you only have one copy of NWN, or one CD Key, you will notice nothing different. 2. But for those of you with multiple copies of NWN, or multiple CD Keys, you will need to associate your extra keys to your player account name. There will be a limit of 7 CD Keys that you can associate with one Player Account. 3. To associate extra CD Keys to your account, you will need to be logged in with any character and then type the command: !addkey 4. Once you have typed in that command, you will be prompted to logout, switch CD Keys, and then login under your same account name. This will complete the new CD Key association. If you happen to login to the server under an account that has already logged in at some point before, but you are using a CD Key not associated to that account, you will be immediately booted from the server. In addition, our DMs will receive notification so they may be able to help tell you what’s going on if you can login with a different account. More importantly though, the same thing will occur if someone else tries to login using your account since their CD Key will not be associated to your player account name. So if you ever end up getting immediately booted from the server and you have multiple CD Keys, double-check that you are using a CD Key which you have previously associated to your Player Account! I do expect that in the future, once we have CD Keys associated to player accounts, people may end up getting new copies of NWN or otherwise be unable to login using (one of) their already associated CD Key which is necessary to add new CD Keys to the account. If this happens you will need to send me a PM or e-mail. I understand this may be a pain for those of you with multiple keys. But this is a common security measure being taken by many other NWN servers as well/already and one that is needed to ensure your accounts and characters do not get hijacked by hackers or griefers. If you have any questions, concerns, or comments, please post here or send me a PM. RE: New Authentication Security - Balanor - 09-11-2012 Due to the permanent loss of the Master Server, the case sensitivity of player logins to NWN is no longer being enforced. This allows me, for example, to login as either Thayan, THAYAN, thayan, tHaYaN, and so on - even though my true login name is Thayan. However, if I do not login with my original case sensitive name, this in turn breaks a number of persistency settings such as faction status, vault storage, and so on. To address this problem, the next server update tentatively scheduled for the weekend of 9/15 will include a change to the security system which will enforce case sensitive logins. At that point any login to the server will be forced to use the original case sensitive player name. If it does not, you will still be able to login (as long as the first part of the security system explained here previously is passed), however your PC will be unable to move and you will be informed that you will need to login to the server using your original case sensitive name which will be provided as part of that message. Note that this will stop all login scripts, so you may end up initially being ‘stuck’ in the black Welcome to Thay area if this happens to you - the screen will be black and you will be unable to move. However, you will still receive notification of an incorrect case sensitive login being used and then logging out and logging back in with your correct case sensitive name will jump you to the main game world areas. RE: Server Security Announcements - Balanor - 01-05-2013 My understanding is that when purchasing a new copy of NWN from Good Old Games (www.gog.com) now, a common CD key is provided. While people can get a unique key, many appear not to and as a result we are getting many players that end up logging in sharing the same CD Key. While this is a security risk, I have let this go until now - but it was probably inevitable that several individuals would ruin it for everyone. Recently we had some occurrences of players using these shared keys acting...’immature’. Fortunately, they didn’t do harm to anyone other than themselves. But if I continue to allow the use of shared CD keys then that, coupled with constantly changing IP addresses and no more master server to make sure player names are valid, essentially means I have no reliable way to try and stop repeat offenders using shared CD keys from continuing do do something malicious (like logging in with different names and trying to grief others, etc). Therefore, I have come to the conclusion that continuing to allow anyone to login to the server using a shared CD key is too big of a risk to allow it to continue. Therefore, once the setting reboot occurs (the next server update), known shared CD Keys have been flagged and people trying to login with them will be able to login to the server, however your PC will be uncommandable and you will receive a message that using Shared CD Keys is no longer allowed (similar to what happens in the post above if you login using a non-case-sensitive version of your player name). For convenience sake, I am posting all player accounts that appear to be affected by this additional security measure. If you see a player name of yours on this list it's not that you have done anything wrong - but do be sure that you get a valid, unique CD Key for NWN or you will be unable to login to Thay. List of Affected Player Accounts accumulateddebt Adonaious akigrin amirzarhouni Arachan Araminta Arclath athghamhain Baladar bbhustles Black and White Ink braincabin bryanbarhorst Chasfron Creldest daenre duckwaffle882 Ezrath Frimbo Geco28 geokhan GMT709 Heraticx Horstmann jay84 John Cope-Flanagan Johnny Jonas Kerring jzhmer Klied L3 Leoric milleniumfalcon Mr Brak Olacaten Porkandporkaccessories proteus64 Randomus Rane_Erandur Raskias RaventheDruid RoninWulf Ryuk96 Salendra_Sylvan Shuji Taurik The Frying Weegee TheFryingWeegee TheMadPoet Timur TriothePunch UndeadNarcotic woodaba wooley2000 Yelrebmik zacku Zar Caedis RE: Server Security Announcements - Balanor - 01-11-2013 At the time of this post I have only flagged two CD Keys as being shared - so everyone listed above was using one of those two CD Keys. Furthermore, I revised what will happen on login so even after this goes into affect after the setting reboot, players using a shared CD Key will not be auto-booted, but rather will be made uncommandable just like players who may login using a player name that is not the same case-sensitive name they originally logged in with (I revised the post above to reflect this change as well). Affected players will receive a message telling them they are using a Shared CD Key and they will need to get a new one to login to the server. RE: Server Security Announcements - Balanor - 04-14-2013 A third typically shared CD key has just been added to the list of restricted CD Keys. If affected by this, when people login they will still remain unable to move, but the message telling them they are using a Shared CD Key will provide a link to www.gog.com/support/contact as a place to get a new CD Key. Of course, requesting a working key there will only work for people who legitimately bought the game from GOG though. RE: Server Security Announcements - Balanor - 10-04-2013 Two more shared CD keys, for a total of five keys, have been added to the list of restricted CD Keys. The list of recent player accounts that will be affected by this are: cannibal soulburner guttersnipe deathlessgrasp streeturchin Mougris death356 deuxchamp xav1984 FGT The restrictions on these CD keys will go into effect with the next server reset in ~4 hours from the time of this post. If you see, know, are you are one of these people, make sure you get a valid CD key and associate it to your account using the steps in the first post to continue playing in Thay.