By Coban on Jun 11, 2017 at 2:54 PM
  1. Coban

    Coban Owner
    Staff Member Administrator

    Jul 31, 2014
    Likes Received:
    This is a follow up to the older clarification topic, if you wish to read it, click here.

    You may have seen the recent spamming and talk on the forums and the server claiming we have malicious intents, such as stealing Minecraft accounts, passwords and so on.

    By this statement, I deny all those claims against us, they are all false and were only spread around to cause corruption in our community, and to get our players to move to a different server, which I will be talking about in a second.

    We as owners of McCities do not have the ability, nor the intention to see or use your passwords. All of your passwords, whether it is on the forums' or the server, they are always hidden from us, AND they are encrypted, and this ofcourse to ensure maximum security, and for your safety, always been like that and will never change.

    The screenshot you may have seen with the "save pass" module, said to steal your passwords, it is not a module nor does it send your password to a magical database. It's nothing but coding of the forum's software itself to allow you to login, that is all. It's literally on all forums. You may research it all you wish, our forums software is called Xenforo.

    Now for the final and last point, us stealing your credit card information. We yet again do not have access to such information, nor do we seek them, at all. All payments done on our store are processed by a well known company called Buycraft, and furthermore, they are all handled by PayPal. Again, do your research if you wish.

    All your information are safe, and again I repeat, those words being spread around are false information, with the sole intention of damaging our reputation and getting our players to leave.

    Those who have done that are nothing different than scammers. With no morals, or self-respect. Whether they are the puppets following orders for personal gains, or those who are in-charge themselves.

    Willing to damage others' reputation just for their own good, even if they know they are innocent, and even if it opposes their religion, or so called missing morals and manners.
    If you don't know who those people are, they were previous owners of McCites, exactly the same ones kicked because they scammed us, and now they are the ones who created a new server using our own server files calling it their own.

    I hereby state that we are not linked with whatever happened with their server recently, I'd much rather have respect for myself, my age and my nature than running around on Minecraft servers hoping for their failure just for personal gains.

    I hope this statement made it clear for you all -- Every word said here is the truth, it's up to you whether to believe me or not. I certainly hope you do trust in me, because I have nothing to hide nor am I afraid of them because I am not on the wrong.
    I also have bolded out names of services, or phrases we use to double-check everything I have said on your own.

    Nothing will stop us from progressing, we've lately been working on new updates so expect a new announcement soon with much more exciting news!

    -Coban. Owner of McCities.
    ChChris1065, Lauren, Miilk and 5 others like this.


Discussion in 'Announcements' started by Coban, Jun 11, 2017.

    1. EnderPoop
      Thanks coban- private convo me please i need to talk
      ChChris1065 and laggynab like this.
    2. Gabriel
      Thanks @Coban for the post you are above the accusations.
      ChChris1065 and laggynab like this.
    3. Coban
      Sure, PM me whenever you wish.
      ChChris1065, laggynab and Gabriel like this.
    4. CraziiTabby
      Yeah I had a message, that had been removed, saying about my password :/ I believe the person was called: airman, if that helps in any way :)
      ChChris1065, laggynab and Gabriel like this.
    5. Wonder
      wow i heard about them making a similar server, but wow. I never thought any of this crap lol
    6. Yureh
      im scarrreeed xD
      ChChris1065, laggynab and Gabriel like this.
    7. Gabriel
      Jummycake always wins
      ChChris1065 and laggynab like this.
    8. CP42
      I'm glad this has been resolved- I don't understand it all, as I joined a month or so after this, but I have loved the server!!! Shoutout to @Coban and @nibble for such a great server! (Idk Many's forums name)
      ChChris1065 and laggynab like this.
    9. Coban
      Many's forum account is called Admin
    10. TheDiamondTiger
      Well, you are correct in saying that all the passwords are encrypted, but that doesn't mean they are safe. If I send an encrypted message to the host computer, it incorrectly decrypts it (not https), hence passwords can be intercepted (if you want a detailed explanation of why and how this works, google it). If your mc password is the same as your forums account password, then your account isn't safe. Now in NO WAY am I saying that any staff would, but am merely stating that it is possible.
      ChChris1065, laggynab and Gabriel like this.
    11. TheDiamondTiger
      The situation is that Craftizz's (an admin on the other server) MC account was hacked into by presumably Kiri, and went onto that server, and spawned tnt everywhere and reset everyone's bals. Now, what they are claiming is that it was Kiri who hacked Craftizz's account, and copied people's passwords and emails for this forum to get their mc passwords. I am NOT claiming that this is true, but this is the current situation.
      ChChris1065 and laggynab like this.
    12. nibble
      I won't go into much detail, but they had other security flaws. Xenforo wouldn't be one of the most widely used forum software if it was not secure. It's easy to say that anything can be decrypted, but it's really not an easy task.
    13. CP42
      lol I should know that- sorry Many :D
      ChChris1065 and laggynab like this.
    14. Dqrk
      Wow these people need to get a life, just because they cant get a successfully running server with loyal players doesn't mean they need to ruin this one. Thanks for the update though @Coban
      ChChris1065, laggynab and Gabriel like this.
    15. Coban
      Well, feel free not to hold back on your information.
      Passwords are salt hashed on our database, and are only decrypted when authenticating using the forum's board.

      "If I send an encrypted message to the host computer, it incorrectly decrypts it (not https)" -- It wouldn't be called encryption if literally the decrypted data left the operating server now would it?

      Also SSL, aka "https" literally has nothing to do with SQL table encryption, both are completely separate and operate differently.

      I have previous experience with Xenforo's code, and I am aware of the encryption methods, and I can assure you that when authenticated, it compares the input password, hashed with the already existing hash (sha265 in that sense, we might be even running double protection, haven't checked if we do).

      Example code (Simplified for ease of understanding, not proper syntax but same idea)
      $NewlyPassword = (Crypt(InputPassword)) [Temporarily assigning an encryption to the input]
      $NewlyPassword == $DatabasePassword [Comparing both values, input and existing hash]

      For you to access one's authentication cookie, you either a) need direct access to their internet session or b) simulate the cookie cache.
      For those two cases, a is only possible when a user's computer is compromised, and for b only possible if the system board itself, xenforo is exploited which right now, there is none considering we have always been updating following the hot patches. (PS - The SQL injection which is known for month now was already hotfixed, aka the data table is safe)
      ChChris1065 and laggynab like this.
    16. TheDiamondTiger
      I'm not saying this, I am saying that the connection between a user and the system can be interrupted and passwords stolen that way, but the "interceptor" would only be able to get intercepted information. The website isn't secure, so it is possible for a MITM attack to be executed.
      Last edited: Jun 12, 2017
      ChChris1065 and laggynab like this.
    17. EnderPoop
      Also, I'm pretty sure it's VERY illegal for data to be sent to the XenForo servers and decrypted by you, I don't believe that anyone here would do such a thing
      ChChris1065 likes this.
    18. Coban
      By that sense, literally any website that does not support an SSL layer would've been hacked the moment it went up.
      For any organization, or service; and I mean any, there is always a possibility of breaching, but however that does not mean it's child's play.
      If Client A sends a packet to Server A -- this sent packet cannot be intercepted unless either the server, or the client have been breached, and vice versa for the destination.
      For the server to be breached, we surely should have noticed by now, don't you think?

      Any possible breach would be an SQL injection, which again easier said than done. Hopefully such a thing does not happen to us.
    19. ReverseFlassh
      People who do not know how a website works or what goes into a website should not be talking. Logins and user activity is managed by XenForo, which allows for the website to be online. Mc Cities staff manage what is on the website and can manage who is on the website, what goes on it, and what happens when certain actions are done. Cities, like other XenForo or Enjin websites, cannot see user credentials, just user logins. The most Cities staff can see, is your IP, which virtually every website you go to on the internet can track and see. Therefore, calling cities a threat, or trying to bring rumors into reality is pointless and a waste of time.

Share This Page