Quote:
Originally Posted by Bristolduke
The answer is yes. It is in the referenced thread. They are working on patches for 2007 and 8.
|
Sorry, that must be a misunderstanding!
Quote:
Originally Posted by f.montoya
OOTP 6 & 6.5 must have the same hole. Don't have time to check right now but we need an emergency patch for 6 and 6.5 too Andreas.
|
Unfortunately we cannot patch 6.5 and OOTP 2007 for several reasons. We'll not release patches for the older versions and to be honest: it would not make much sense because if we encrypted the FTP password in the dat file it could still be hacked!
In OOTP 6.5 everything was encrypted, and obviously it has been hacked, too. We could improve the encryption, but it will also be hacked sooner or later.
See, obviously somebody wrote some code to hack OOTP Online leagues. He has to find and download the league file, extract the FTP info, log in to the site and do his dirty job. Lots of work actually, and there are not as many online leagues of the web as for example vBulletin message boards or Joomla web sites, so I don't know why the evildoer does that. There is only one explanation: we have an enemy out there. He cracked the first encryption and he will also crack the next one. No, encryption is not the solution.
We have to change the whole process, and until we did that, the commisioners can do it on their own:
- hide the league files! Only your GMs may know where it is!
- use an extra FTP account for the folder to which the league files are uploaded!
- change your FTP password NOW!
We are sorry that this happened. We will improve OOTP and we will change the online league upload/download process. But the GMs can simply change the process now by hiding the league file and that will do much more than improving the encryption.