Hey Fun Pimps, please sort this out once and for all, ■■■■ it!

meganoth said:
As far as I can judge from the outside this is NOT a security risk for other website owners. And probably TFP thinks the same, so they won't do some emergency patch.
Normal changes take weeks or months because they are collected in one big patch. Especially if they try to fix this problem for good, IMHO that possibly needs a redesign of the way how they collect data for their server list

Compare with the situation with websites. Assume someone succeeds in putting hundreds of spam websites as the first results in all google searches. Would other websites now need to shut down because of fear of being hacked? Surely not.
Click to expand...
You don't need to be a master of specialized knowledge to have the common sense not to leave your own network exposed in a place with a security flaw like that.
We can't just tell people, "Go ahead, turn on your servers and let people come in and play, there's nothing wrong with that..."
I'd like to know if any of you have a server set up at home and if you could go to sleep peacefully without turning it off...
 
Last edited by a moderator:
I won't go so far as to say there isn't a security rush because I haven't seen the code, but it isn't likely. If the problem is that people can put up fake servers to fill up the server list, that doesn't endanger other servers in the least.

Are you choosing not to post on this forum because we get spammers posting all kinds of links? Or do you just avoid clicking those links? You aren't at risk just because someone spams the forum if you aren't clicking the links. The same is true for servers (and users) who do not try to join those fake servers.

In short, the chance that there is any actual risk to other servers is practically zero. Maybe there is a risk, but nothing anyone has shown has in any way suggested that. If you are afraid to run a server because of those, then don't. There will be a fix once it is finished and there are enough other fixes or new features/changes to warrant an update. They don't generally do hot fixes unless there is a clear security risk or something important is broken.
 
Riamus said:
I won't go so far as to say there isn't a security rush because I haven't seen the code, but it isn't likely. If the problem is that people can put up fake servers to fill up the server list, that doesn't endanger other servers in the least.

Are you choosing not to post on this forum because we get spammers posting all kinds of links? Or do you just avoid clicking those links? You aren't at risk just because someone spams the forum if you aren't clicking the links. The same is true for servers (and users) who do not try to join those fake servers.

In short, the chance that there is any actual risk to other servers is practically zero. Maybe there is a risk, but nothing anyone has shown has in any way suggested that. If you are afraid to run a server because of those, then don't. There will be a fix once it is finished and there are enough other fixes or new features/changes to warrant an update. They don't generally do hot fixes unless there is a clear security risk or something important is broken.
Click to expand...
Their network team doesn't even reply you mean,...it's TFP.
Thanks for your message anyway.
 
WolfThief said:
Their network team doesn't even reply you mean,...it's TFP.
Thanks for your message anyway.
Click to expand...
Someone from the TFP staff already told you that they are looking into it. Do not expect that they will fix this right away just because you cry about it every day.
When they fix this, it will probably be part of the 3.0 update, as they will not post a patch just to fix this one thing that seems a problem only for you.
Let them do their thing and fix what is urgent first. This is low priority and not a security concern.
 
WolfThief said:
Their network team doesn't even reply you mean,...it's TFP.
Thanks for your message anyway.
Click to expand...
Their network team isn't on the forum AFAIK. They aren't going to reply. Staff already said they were working on it. That's all the reply anyone needs. It'll be fixed when it is fixed.

And as I mentioned, there isn't exactly any real risk to real servers from fake servers being shown. You're crying wolf.
 
Personally, I assume that this thing is outsourced to a third party (epic online services or something) that does not partcularly care and wont face any consequences for the delays.
 
You must log in or register to reply here.
Back
Top