This is a small update for R-FS v6.0.1, but it's very important nonetheless. I've fixed a giant security hole in the server. Please read this important section if you're having problems logging in!
The security issue I'm talking about caused people to be able to login as every existing account on the server, without knowing the passwords. While this could technically affect everyone before this update was rolled out, no personal information was/could've been leaked. This means that you don't have to change your password. Nobody can ever see it!
Because of this bug, many accounts have their passwords changed. Every invalid login attempt had a chance to change your password. This means that you could also break your own account by typing invalid passwords.
It is also possible that someone had access to your in-game account by typing the same wrong password multiple times and then rejoining the server. Your account is only affected if you can no longer login yourself and you're 100% sure the password is correct.
If you can't login to your account any more, ask Ricardo for a password reset through a forum PM. Your forum account will be used as verification for the in-game account (based on IP-addresses/ranges).
This issue was discovered because of someone logging in using the accounts 'WoodenVillage' and '[tHR]Ricardo'. No real damage has been done, thankfully... This person only used the admin and owner accounts to mess with the NPCs.
The full change log can be found after the break, as always.
Full change log:
- Fixed the login bug described in the text above.
- Increased the server slots to 43 (40 slots usable for players).
- There's currently a debugger running on R-FS which may slightly decrease the server performance. This will be disabled very soon.