Someone gaining Hub access somehow

ID:2209259
 
Feb 5 2017, 7:43 pm (Edited on Feb 5 2017, 7:55 pm)
Within the last hour or so someone was able to gain access to the hub for...

http://www.byond.com/games/EternalDuelistSoul/ DuelMonstersGenesis

I've made an emergency hub password change since I have access but I've checked the logs in all public servers. Only 3 people have the ability to grant the "Game Administrator" medal. Myself, the actual owner of the game who has been MIA for a while now, and the Head Administrator. All active server logs show no record of anyone granting the rank.

My connection logs show the following keys, CIDs, and IPs associated with the user.

UnknownDu3list
WanderingDuelist
1487242725
96.235.188.38
107.183.242.77

I changed the hub password which unfortunately shuts down my scoreboards and some staff for the time being but I'll briefly post an updated version. I just dont want this to happen again. Does anyone have any idea how this would happen?
Feb 5 2017, 8:09 pm
Poor password on your side or perhaps a bug in game that's allowing that user to do this.
Feb 5 2017, 8:15 pm
Never store your hub_password in the code anywhere but in the usage of hub_password. It'll allow it to be extracted from the dmb.
Feb 5 2017, 8:36 pm
I dont store it anywhere in the code other than the hub_password usage. And I use the randomly generated passwords from the hub itself.
Feb 5 2017, 9:00 pm
Someone must have gotten access to it somehow, but outside of the method mentioned above, there's no other way to extract it.
Feb 6 2017, 6:26 pm
Wait, then how was SS13's hub password figured out then?
Feb 6 2017, 6:36 pm
Decompiling a dmb is vastly different than extracting the strings out of it.