RED/Death Check this immediately.

[d.]

2 of my houses instantly poofed. I was made aware of this by another player's PM. Neither house was in decay as I was on yesterday with no problems.

All items gone from the houses, and no real explanation. This needs to be looked into immediately.

Archived topic from AOV, old topic ID:4777, old post ID:31043

[d.]

Red, more info on this was sent to you via PM...

Archived topic from AOV, old topic ID:4777, old post ID:31045

[Trill]

I have a house placed to give you one plot back but theres a staff placed backpack? blocking the whole plot but ill give back the plot ill have to talk to my tard of a brother on getting the other one back not anthony but chad : /

Archived topic from AOV, old topic ID:4777, old post ID:31046

[Death]

Red hasn't been on recently as he is busy IRL with his house. He's currently the only one that would be able to check this out as I am not able to connect to the shard at this point in time.

I hope to be able to contact him about the problem as soon as possible. For the time being I would advise players not to do too much in game in case there is a rollback to an earlier point in time. Include a time stamp of when you noticed there was a problem (or heard of it).

d, you can send me a PM to review if you haven't done so already (doesn't look like I received one). I will review it and explain the details to Red later.

Archived topic from AOV, old topic ID:4777, old post ID:31047

[Trill]

I hope theres no rollback i just won aegis and shadow dancer in gauntlet : /

Archived topic from AOV, old topic ID:4777, old post ID:31048

[d.]

I hope theres no rollback i just won aegis and shadow dancer in gauntlet : /

If there is a rollback, I will try to help everyone with anything they lost.

Archived topic from AOV, old topic ID:4777, old post ID:31049

[Death]

Keyword "if" there is a rollback. If it's an isolated incident it will be treated as such.

Archived topic from AOV, old topic ID:4777, old post ID:31050

[d.]

Keyword "if" there is a rollback. If it's an isolated incident it will be treated as such.

Yes, it probably is.

I sent you a PM, a copy of exactly what I pm'd to red.

Archived topic from AOV, old topic ID:4777, old post ID:31051

[Death]

Keyword "if" there is a rollback. If it's an isolated incident it will be treated as such.

Yes, it probably is.

I sent you a PM, a copy of exactly what I pm'd to red.

Read it and replied.

Archived topic from AOV, old topic ID:4777, old post ID:31052

[Red Squirrel]

There is an exploit with housing. An attacker is able to gain access to ANY house through this exploit by invoking the house transfer process without confirmation from the owner. I really don't have time now but security is my #1 priority and I plan to do a full security audit of the RunUO code to find this issue once I get to that point. I want to do some more testing on the SQL system so I can roll that out.

Archived topic from AOV, old topic ID:4777, old post ID:31054

[DOCTOR THUNDER]

so what is the best way to defend against this? do you have to be logged on to be a victim of this exploit? if so, perhaps the best defense is staying logged off and not sitting in luna bank. I am only guessing at this, but it seems that Altar's house would be the first to go poof, unless it was something personal against d.

Archived topic from AOV, old topic ID:4777, old post ID:31055

[Red Squirrel]

At this point I'm not sure. From what I heard previously, the victim needs to be in proximity of the house - close enough so that a regular trade would work. Now, I'm not sure if being logged out near the house works or not. I would imagine not as while the x/y stays the same, the map changes to internal. Though, there may be more to this exploit that I'm not aware of.

I can't wait to be settled in my house, finish SQL, then work on the rest of the stuff, so I can eventually do the security audit. I might even get a professional company to do an estimate on doing a professional audit.

Archived topic from AOV, old topic ID:4777, old post ID:31056

[Jupiter]

At this point I'm not sure. From what I heard previously, the victim needs to be in proximity of the house - close enough so that a regular trade would work. Now, I'm not sure if being logged out near the house works or not. I would imagine not as while the x/y stays the same, the map changes to internal. Though, there may be more to this exploit that I'm not aware of.

I can't wait to be settled in my house, finish SQL, then work on the rest of the stuff, so I can eventually do the security audit. I might even get a professional company to do an estimate on doing a professional audit.

When you say in close proximity of the house, do you mean the victim's house??? I had an odd occurrence happen today when a person recalled to my castle and then into my courtyard, of course they were booted. I went out side spoke briefly to them (thinking one of my family members were messing around) they never answered. They then waited under my house sign for 20+ minutes before leaving. When I shot them a message asking them what they were doing at my house, they went offline immediately. I know it is possibly they had a rune marked there before I placed my house, but the chances are VERY slim. The character's name was Holly, dunno's who alt it is but it certainly isn't anyone I know.

Archived topic from AOV, old topic ID:4777, old post ID:31132

[Red Squirrel]

That I think in fact means someone had a rune there. So it's normal and on it's own is not harmful.

Archived topic from AOV, old topic ID:4777, old post ID:31133