MPGH RotMG Server Open Beta Release | FAQ And Client - NEW CLIENT May 11

[overwatchrotmg]

Were you in the jungle where people got like 200 fame lol

Yes was testing a commonly used exploit among other private servers.
Didn't intend for it to give out so much or to crash the server.
Know how to replicate it and want to tell Raple.
~Oryx

[Billie Eilish]

Good server, I just wish it had more people, hopefully they will come around at some point.

[sk988]

I don't really know where to mention bugs/problems so I'll say it here (apologies if there's a proper place for that).
Sprite Worlds seem to not work properly, none of the enemies attack and they all stay still (Limon included).
The boss in Goblin Mines seems to not do anything as well.
That said, I've been playing for a couple of hours and I'm enjoying this server quite a bit, can't wait to see it grow.

Edit: I just tried another Sprite World and didn't run into the whole issue I mentioned (where the enemies don't do anything). Weird.

[Luverdark]

Edit: I just tried another Sprite World and didn't run into the whole issue I mentioned (where the enemies don't do anything). Weird.

yeah theres a few dungeon issues. I've alerted admins.

[Matthew]

Nice design @Raple

[Raple]

Correct, and your client auto-generated an account for me using my prod credentials. That means my prod email and password are now permanently saved on your server, and liable to be utilized by anyone who currently has access to the account database, and anyone down the line who gains access to the account database.



I know how prod works. Prod client grabs the email and password from RoTMG.sol and sends it to their server over HTTPS. Your client sends prod's credentials to your server over plain-text, unencrypted HTTP.

The fact that you're defending this irresponsible behavior is alarming. For the safety of MPGH's users, I will provide a solution for you. Grep your client's source code and search for the following:

Code:

SharedObject.getLocal("RotMG"

Put your cursor over the "RotMG" part and double click the left button. And then use your keyboard to change it to something unique, if you are in need of a suggestion, I recommend using "mpghRotMG". After that, your client will use a separate .sol file to store it's email and password.

Sigh, it didn't register an account with your prod credentials. You're more than welcome to add me on Skype and give me the first 3 characters of your email and I will verify not a single email is in the DB that appears similar to a prod email. In fact almost every email registered for the server is completely fake. All clients similar to ours do this because they are all prod based clients. It's hard to test because there aren't any real private servers available on MPGH, but try it with any other prod clients. While modern clients may "encrypt your SOL on sending using HTTPS" that still doesn't make a difference on the end result which is attempting to log in and failing.

All your client did was attempt to LOG IN with your prod credentials to our client. Unless you genuinely registered with your prod information (which would be stupid anyways) we do not have your prod information. If you are suspicious of your SOL being sent maybe it's time to use an SOL wiper, 2 different versions of which exist of our forums (a krelay plugin and a standalone exe).

Tell you what, please reference my posts if I ever "start selling your account for our superior product" that way admins can instantly ban my account. I can't deal with this actual insanity that is "MPGH IS STEALING MY PROD ACCOUNT, AUTO LOGIN WHAT IS THAT?" The only way making our own custom SOL would ever protect MPGH users in this situation would be if A) They actually register with real information or their real prod information or B) Our intention is to steal your accounts. I mean in reality if this is was we really wanted why wouldn't we just put a keylogger in the client.

I appreciate your concern and your suggestions but they are just too extreme. No one is going to register with legitimate information and I am the main user of the host server. Of course I will take responsibility for errors on my part, but not using an SOL wiper while logging into clients willy nilly is also not a smart idea anyways.

I understand where you're coming from, but further posts like this are going to land you in trouble. I already gave you an official warning, all you are trying to do is cause turmoil. If you have further concerns, take them up with me privately.

[Zerkoth]

Well, server is down i guess? Is it even on some kind of VPS?
@well, it's really hard to play - died couple of times bcuz of lag. Hope you will fix it till tomorrow :P

[001.]

>If you are suspicious of your SOL being sent maybe it's time to use an SOL wiper,

If I'm suspicious? Wait a minute, do you still not understand that the content of RoTMG.sol is being sent to your server? Clients should not be using RoTMG.sol unless they connect to prod servers.

>we do not have your prod information.

So your server must not be logging anything then. Okay, either way, I changed my prod password.

>The only way making our own custom SOL would ever protect MPGH users in this situation would be

Okay, so you're stating that you will not add 1 character to your client's source code, to make your client's credential storage file unique, because it is not your intention to steal peoples prod email and password.

Did you not read that I said your actions are resulting in user's email and password being sent over unsecure, plain-text HTTP?

Do you not comprehend that your client has no business using a different servers credential storage?

Does it escape you that another servers username and password should not be sent to your server?

It does not matter what you intend do with it. It just should not happen, ever.

> your suggestions but they are just too extreme

My suggestion to add 1 single character to the name of the SOL file so it's different from prod's SOL file is too extreme? You're a funny dude.

---

Okay, I'm going to stop talking about it. You know what would make for a killer feature for MPGH ROTMG? If there was a way to import the current characters, and items from prod server to your server. Because a lot of users invested a lot of time into prod and don't want to start over.

[Faze]

>If you are suspicious of your SOL being sent maybe it's time to use an SOL wiper,

If I'm suspicious? Wait a minute, do you still not understand that the content of RoTMG.sol is being sent to your server? Clients should not be using RoTMG.sol unless they connect to prod servers.

>we do not have your prod information.

So your server must not be logging anything then. Okay, either way, I changed my prod password.

>The only way making our own custom SOL would ever protect MPGH users in this situation would be

Okay, so you're stating that you will not add 1 character to your client's source code, to make your client's credential storage file unique, because it is not your intention to steal peoples prod email and password.

Did you not read that I said your actions are resulting in user's email and password being sent over unsecure, plain-text HTTP?

Do you not comprehend that your client has no business using a different servers credential storage?

Does it escape you that another servers username and password should not be sent to your server?

It does not matter what you intend do with it. It just should not happen, ever.

> your suggestions but they are just too extreme

My suggestion to add 1 single character to the name of the SOL file so it's different from prod's SOL file is too extreme? You're a funny dude.

---

Okay, I'm going to stop talking about it. You know what would make for a killer feature for MPGH ROTMG? If there was a way to import the current characters, and items from prod server to your server. Because a lot of users invested a lot of time into prod and don't want to start over.

I'll take it you have never tried a private server before because every single private server client I have used so far does this same thing. Most private server owners don't think about this issue when they make their client because it is honestly not a big deal so they don't fix it and keep the code the same as on prod clients. When you open a pserver client and your email is "logged in" that is a visual bug (correct me if I'm wrong) where it just shows up but if you press play it won't let you log into the game, as the actual account doesn't exist. And about your suggestion the point for pservers is to be a whole new game not an extension of prod; importing all that into a pserver would also be extremely difficult and would require the pserver owner to have your prod login credentials to check vaults and what not, and isn't giving up credentials what you were against?

[001.]

>ll take it you have never tried a private server before because every single private server client

Doesn't mean it's correct. It's likely some accounts have been taken over for that very reason.

>would require the pserver owner to have your prod login credentials to check vaults and what not

I'm aware.

>also be extremely difficult

Oh okay.

[HeavenRotMG]

If these guys are stealing my prod account im not using this server swf ;(

- - - Updated - - -

I also tell my friends to not play because you guys steal my account ;(

- - - Updated - - -

And make post on youtube. @001. can you help me and provide proof?

[filenub]

>ll take it you have never tried a private server before because every single private server client

Doesn't mean it's correct. It's likely some accounts have been taken over for that very reason.

>would require the pserver owner to have your prod login credentials to check vaults and what not

I'm aware.

>also be extremely difficult

Oh okay.

I think they find cure

Okay, I'm going to stop talking about it. You know what would make for a killer feature for MPGH ROTMG? If there was a way to import the current characters, and items from prod server to your server. Because a lot of users invested a lot of time into prod and don't want to start over.

This has already been done before... I think it's a horrible idea as different servers have different balancing. You would understand this if you weren't just trying to relentlessly bash the server over some trivial grudge you have.

[Sean]

If these guys are stealing my prod account im not using this server swf ;(

- - - Updated - - -

I also tell my friends to not play because you guys steal my account ;(

- - - Updated - - -

And make post on youtube. @001. can you help me and provide proof?

Your responses are laughable. Raple is not stealing your .sol info / prod information. I even registered on Raple's pserver using my prod info and I'm pretty sure he won't be digging into it, he has many other way more profitable methods of making money. Please stop blathering on about your inane nonsense and grow up. If you have a problem with it, then don't play it, but don't ruin the experience for others by claiming bullshit about how Raple is going to steal your stuff.

[Faze]

>ll take it you have never tried a private server before because every single private server client

Doesn't mean it's correct. It's likely some accounts have been taken over for that very reason.

Yeah but people are inherently lazy

[Raple]

>ll take it you have never tried a private server before because every single private server client

Doesn't mean it's correct. It's likely some accounts have been taken over for that very reason.

>would require the pserver owner to have your prod login credentials to check vaults and what not

I'm aware.

>also be extremely difficult

Oh okay.

It's not that the fix is of extreme difficultly, what I was referring to with the statement "what you are suggesting is extreme" is the fact that you are suggesting we intentionally allow our client to send your logged sol and that we are purposely trying to steal your prod account. That is completely false, and every base client does this no matter what. Of course it can be added to the list of issues, but there are better ways to solve the issue at it's core. If your prod account is worth so much to you that it makes you go to this lengths to dispute this issue you should probably be using an SOL wiper and maximum security on your account in the first place.

All I'm saying is this client does not steal your account information, nor does it send it to us or get logged by our server. You being logged in is indeed a visual bug, Faze said everything pretty accurately. Also, even if your information is being pinged out to an old prod IP that doesn't take credentials anymore doesn't mean you've exactly posted it to the internet for everyone to see... Most, if not all pservers currently available to the public right now do the same thing as our client. How important is your account to where hackers are constantly monitoring your inbound and outbound traffic? Seems pretty bizarre to me.