China ban appeal

This site uses cookies. By continuing to browse this site, you are agreeing to our Cookie Policy.

  • China ban appeal

    Your Steam ID:STEAM_0:1:11731815

    Your in-game Name: China Syndrome/ LilNavient

    Why you got banned: Community network attack was the source ban said

    I would love to know what I was supposed to have done?
    I have not attacked the server or its website or its Discord on account of being banned
    so just curious
    I think Doom is over reaching again
    would love to know what Community network attack means
  • As the 'victim' I suppose you could say? I do not believe the ban is entirely warranted - for this situation alone.

    Against you:
    There are better ways to disclose tool exploits preferrably immediately and in private instead of infront of the server.
    When the exploit was found you didn't immediately notify me... you attempted further queries to pull data... this is a pretty big no no...

    Neutral:
    You couldn't provide evidence of the exploits... which doesn't really help if you made claims about doing it.

    In your defense:
    I'm not entirely worried about it as the information you could query for gets processed prior to you recieving it. So scope of the exploit is limited. (Dropping tables would've been possible but data would re-populate shortly anyway)
    You did help patch issues in the past as well as notifying me of exploits in library versions I was using. (Though a note on Discord instead of in-game would be nice.)


    Do I want China banned over this? No. This was a learning experience for me and I take it in stride. In fact I'd rather learn about this now instead of never learn about it.

    End of the day it is not my choice whether or not the ban stands.
    - Highscores - Maps -
    - ReturnHex.com -
  • So the reason I was banned was because a while back at least a year ago. On Rezzo’ server I found out that his site was susceptible to SQL injection. This site never had any indication it was part of the cold community Network and I use network loosely. The first SQL injection I used was on the page that gave us a list of what a player’s worth was that I assume included inventory. The first query I injected was “ AND 1=1” so it ran everyone’s. I ran a few more queries to get the SQL version and so forth.

    SQL Injection is simply tricking the system in running a different SQL query than expected.

    That means appending to an existing like I did or having run an additional set of queries.

    I ran select queries, never ran insert, update or delete queries. Never tried to cheat or do anything malicious. Now I am being banned cause some admins think I am too dangerous. I guess if I had SQL injected Facebook, they would ban me since Cold community has a page there. The irony is I told him, no knew I ever did anything, I was white hatting. Infact Doom says everything I say is a lie always so maybe I am lying and the admins are selectively banning me with out proof. We Ill tell the entire world I did simple probing queries, if dev wants to know how so they can protect against them, I would be glad to show them



    What does banning me accomplish, only I am not in the playing on cold communities server. Does it change the fact that SQL injection is real and site may or may not be vulnerable? NO, it does not. You are mad at me but let me ask you this.

    How would you have felt if I found something and gave it to Old Doc or Master Wang or any other persons? You would have been pissed, I never tried to hurt, or harm Cold Community despite my opinion of some of the Administration.



    I told the site owner, yes I said in the server chat, but he asked me once I told him there was a possibility and he did not have the for thought to say lets discuss this elsewhere.



    All this means is other people won’t step up, especially if they are a Donator like I am

    Again, you have screwed a donator over.



    BTW: I would have never known “suspected” that any games or sites definitively were running an SQL DB but I have heard countless admins talking about the Database and Mysql in game.



    Suggestion: if you are so scared and make no mistake you are scared; then do not discuss, any malicious person can be out there listening. even if they are not malicious it might make its way back to a malicious person
  • Well from what I witnessed, China is actually the victim of a huge misunderstanding. You see, Hand of Doom was running a website in which users could pay him to drown kittens (1 or several, depending on the price of course). Now China, being the hero that he is, decided he couldn't live with this site being up. So he tried his darndest to get this website taken down.

    Of course at the last second, Rezzo took over to take the fall for evil mastermind Hand of Doom.

    But real ones know the truth.