Added a little Captcha system during registration to make it harder for bots to make accounts.
It works for in-game registration too:
- Fix for clipping through objects when framerate is too low
- Prevent moving into unloaded black space
- Fixed slight hitch while rotating
- Added CTRL+F4 to keep regions loaded in when normally they would be unloaded. This will kill your performance, though.
Two updates for the 9BitMMO client today in build 2055:
You can now press F6 to enable free camera mode to fly around -- great for taking screenshots/videos of your creations.
Use W,A,S,D to move normally. Q,E to go up/down. And hold shift to go fast.
Glitch Mode (experimental)
You can press F5 to enable Glitch Mode, which will every once in a while render glitch artwork correctly. This comes at the cost of a) much lower framerate, and b) making everything else render incorrectly. The long term solution is probably smaller blocks to do glitch artwork 'properly', but in the meantime you can get some nice renders using this technique:
It tends to work most frequently in the normal camera mode (no rotation mode).
Two issues fixed on 9BitMMO. First, sometimes the game would crash in certain areas due to underground objects. Second, sometimes transparent objects had a box around them. Both are now fixed.
Following up on some of the planned security improvements I discussed earlier, the backend now uses a new, more secure password hashing system (Blowfish with random salt).
In order to upgrade your account password hash, simply login normally to the website or in-game (anywhere you normally type your username & password). If you normally use Steam auto-login, you'll want to login via the website one time in order for your password hash to be upgraded to the new format.
Both 8BitMMO and 9BitMMO have been updated to support the new system.
As always, please let me know if you spot any new bugs as a result of this change.
At around 5AM last night, I detected an attempted attack on the server database. Looking into this issue, I found a potential exploit that may have been used to gain unauthorized read-only access to the database, including potential access to customer information. This bug was fixed by approximately 6AM.
First, I would like to sincerely apologize for this incident. While I did not write the original code involved, I take full responsibility for the issue and feel terrible that I did not spot it previously.
The database contains the following sensitive information: username, e-mail (if provided), hashed password (not stored in plaintext), IP address. For a very small number of users (<30) that have provided it, the database also contains their real name (if provided), mailing address (if provided), as well as a "credit card description" if you opted for the site to remember your credit card. This does NOT contain your full credit card number, but does contain the type of card, the last four digits, and the expiry date.
Although the password is hashed, if you use the same password at other sites, I recommend you change those at this time.
Again, I do not know for sure that any information was actually leaked, however, out of an abundance of caution I am planning to do a database rollback and then reset all account passwords of users who have an e-mail address on file.
Since full credit card numbers were not leaked, it is unlikely you will need to contact any credit monitoring agencies. However, here is their contact information should you wish to do so:
- Experian: 888-397-3742; www.experian.com; P.O. Box 9532, Allen, TX 75013
- Equifax: 800-525-6285; www.equifax.com; P.O. Box 740241, Atlanta, GA 30374-0241
- TransUnion: 800-680-7289; www.transunion.com; Fraud Victim Assistance Division,
P.O. Box 6790, Fullerton, CA 92834-6790
My sincere apologies again, and I will keep you posted on this process.
UPDATE: The database has been rolled back to the previous day's backup (1/19). All accounts with a valid e-mail have had their passwords invalidated, please reset your password. If you previously logged in via Steam or Kongregate, you should be able to continue logging in that way, however you should still reset your 8BitMMO password.
This does not affect your Steam/Kongregate passwords (unless you used the same password at both sites). If you used the same password on the 8BitMMO forums or Wikia, you should change those passwords as well.
UPDATE 2: E-mails are now going out about this, however, it may take a while for all the e-mails to make it out of the system.
The new =68 map is created and ready to go! Everyone can access it, regardless of level, via the telepad hidden away at the southwest of Root.
This map is more build-focused, and as such does not spawn mobs and has a totally flat terrain.
While everyone can view the map now, no one can build until their Landrush phase opens up. If you try to place before your Landrush slot opens, you'll get a countdown of exact time remaining. Here is the schedule for landrush:
- 1/6 - Ultimate Landrush ($500+ during Novemberbit)
- 1/7 - Super Landrush ($200+ during Novemberbit)
- 1/8 - Normal Landrush ($70+ during Novemberbit)
- 1/9 - Open to All
It's important to keep your 8BitMMO account safe. Lately, some 8BitMMO accounts have been targeted for theft. Please take the following steps to ensure the safety of your account:
- Be sure you have a good password set. Simple passwords can be easily guessed and thereby hacked, so it's good to change your password if it is weak.
- Be sure you have an e-mail set. If your account is compromised, it can only be saved by having an e-mail associated with it.
- Never give your password to anyone.
- Avoid modifications that contain executable code. Several instances of "trainer" programs have captured account passwords unbeknownst to their users. No "trainer" or "exploit" programs can give you free plat.
Check out El Dromedario's new Fire Dragon Temple! Visit in-game at /tele temple