• First login today Mystic error/Fix?

    From paulie420@21:2/150 to All on Thu Apr 1 18:41:02 2021
    We were discussing a Mystic time issue where users were able to put all their time in a time bank, logoff and upon relogin Mystic still logs:

    First login today, setting time to XXX

    I've noticed a user who has 'found' this exploit - I'm sure they just read about it here. Here's what I've found thru the logs, that allows an s50 user to do this. I haven't tested other sLevels:

    User logs in.
    User deposits all but 1 minute to time bank.
    Mystic kicks user for no time left.
    User calls back in.
    Logs still show 'First login today, setting time to XXX'.

    Actual log data:
    -----
    xxUSERxx logged in
    First login today, setting time to 500
    Set time left 500 TE=1634
    Setting time left to 500
    ...
    User logged off
    Shutting down

    [REPEATS 5x]
    -----

    Did we come up with a fix, or locate what the error is on my system thats allowing this?

    Thanks for all help on this matter. I don't even care, and give my users as much time as they need. I have half an inkling just to make all validated sLevels time=1440 but.. would still prefer to fix this.



    |07p|15AULIE|1142|07o
    |08.........

    --- Mystic BBS v1.12 A47 2021/02/12 (Raspberry Pi/32)
    * Origin: 2o fOr beeRS bbs>>>20ForBeers.com:1337 (21:2/150)
  • From sPINOZa@21:1/116 to paulie420 on Sun Apr 4 15:05:46 2021
    It looks like Mystic is using time per call ??? ... I had a quick look, but cannot find this option and it also not an user flag. Would be nice to have.

    User deposits all but 1 minute to time bank.
    This is not possible on my system, minimum left is 5 ...

    GTX!

    --- Mystic BBS v1.12 A46 2020/08/26 (Linux/64)
    * Origin: -.sOUNDGARDEn.- (21:1/116)
  • From Avon@21:1/101 to paulie420 on Mon Apr 5 21:32:48 2021
    On 01 Apr 2021 at 06:41p, paulie420 pondered and said...

    their time in a time bank, logoff and upon relogin Mystic still logs:

    First login today, setting time to XXX
    -----

    Did we come up with a fix, or locate what the error is on my system
    thats allowing this?
    Thanks for all help on this matter. I don't even care, and give my users as much time as they need. I have half an inkling just to make all validated sLevels time=1440 but.. would still prefer to fix this.

    I think this is a bug. I see the same thing happening here. Not that I run a time bank but I do see the system resetting and allowing full time for each login regardless of number of times logged in for per day.

    There is an option in a users sec level to set the max mins allowed by that user in the time bank so that could be a way to minimise the abuse.

    Will post something about this to g00r00 and see what he thinks.

    --- Mystic BBS v1.12 A46 2020/08/26 (Windows/32)
    * Origin: Agency BBS | Dunedin, New Zealand | agency.bbs.nz (21:1/101)
  • From paulie420@21:2/150 to Avon on Mon Apr 5 17:02:56 2021
    Will post something about this to g00r00 and see what he thinks.

    Yea... its not a huge deal to me, but it does seem to be a sucky thing. I like to give out PLENTY of time, but i don't want folks to be 'abusing' it... not that its even like. Not that it even matters.

    Thanks, if yer saying something to him I won't create a post about it. :P

    Cheers Paul.



    |07p|15AULIE|1142|07o
    |08.........

    --- Mystic BBS v1.12 A47 2021/02/12 (Raspberry Pi/32)
    * Origin: 2o fOr beeRS bbs>>>20ForBeers.com:1337 (21:2/150)
  • From Avon@21:1/101 to paulie420 on Tue Apr 6 13:26:55 2021
    On 05 Apr 2021 at 05:02p, paulie420 pondered and said...

    Yea... its not a huge deal to me, but it does seem to be a sucky thing.
    I like to give out PLENTY of time, but i don't want folks to be
    'abusing' it... not that its even like. Not that it even matters.

    Thanks, if yer saying something to him I won't create a post about it. :P

    All good, it's something that's come up a few times I think and I can't
    recall anyone solving it or if it was something by design etc. I posted over
    in the Fido Mystic echo and have attributed the report to you. Kudos where
    due for catching stuff like this :)

    --- Mystic BBS v1.12 A46 2020/08/26 (Windows/32)
    * Origin: Agency BBS | Dunedin, New Zealand | agency.bbs.nz (21:1/101)
  • From Avon@21:1/101 to Paulie420 on Fri Apr 9 13:07:35 2021
    On 06 Apr 2021 at 01:26p, Avon pondered and said...

    All good, it's something that's come up a few times I think and I can't recall anyone solving it or if it was something by design etc. I posted over in the Fido Mystic echo and have attributed the report to you.
    Kudos where due for catching stuff like this :)

    Just to close this thread. Good news. g00r00 has sorted this, the latest A47 alpha will contain a fix.

    --- Mystic BBS v1.12 A46 2020/08/26 (Windows/32)
    * Origin: Agency BBS | Dunedin, New Zealand | agency.bbs.nz (21:1/101)
  • From fusion@21:1/616 to Avon on Thu Apr 8 23:16:22 2021
    On 09 Apr 2021, Avon said the following...

    Just to close this thread. Good news. g00r00 has sorted this, the latest A47 alpha will contain a fix.

    aye, can confirm it's in the whatsnew file now

    --- Mystic BBS v1.12 A47 2021/04/08 (Windows/32)
    * Origin: cold fusion - cfbbs.net - grand rapids, mi (21:1/616)
  • From paulie420@21:2/150 to Avon on Fri Apr 9 11:14:12 2021
    All good, it's something that's come up a few times I think and I can recall anyone solving it or if it was something by design etc. I post over in the Fido Mystic echo and have attributed the report to you. Kudos where due for catching stuff like this :)

    Just to close this thread. Good news. g00r00 has sorted this, the latest A47 alpha will contain a fix.

    Thanks much for shuttling the info back and forth, sir.
    Appreciate g00r00 for throwing it into the next build...



    |07p|15AULIE|1142|07o
    |08.........

    --- Mystic BBS v1.12 A47 2021/02/12 (Raspberry Pi/32)
    * Origin: 2o fOr beeRS bbs>>>20ForBeers.com:1337 (21:2/150)
  • From paulie420@21:2/150 to fusion on Fri Apr 9 11:15:15 2021
    aye, can confirm it's in the whatsnew file now

    Hey Fusion, or anyone really, where is the 'current' whatsnew listed? I know theres one @ the wiki but I wasn't aware that it was 'live updated'. Is that the case?



    |07p|15AULIE|1142|07o
    |08.........

    --- Mystic BBS v1.12 A47 2021/02/12 (Raspberry Pi/32)
    * Origin: 2o fOr beeRS bbs>>>20ForBeers.com:1337 (21:2/150)
  • From fusion@21:1/616 to paulie420 on Fri Apr 9 17:43:03 2021
    On 09 Apr 2021, paulie420 said the following...

    Hey Fusion, or anyone really, where is the 'current' whatsnew listed? I know theres one @ the wiki but I wasn't aware that it was 'live
    updated'. Is that the case?

    i don't believe it exists anywhere but inside the newest archive in the downloads directory on mysticbbs.com. unfortunately it seems that the auto-generated file date/time information that usually shows next to file listings in most httpd's is turned off :/

    i only knew it was updated via fido/mystic support

    --- Mystic BBS v1.12 A47 2021/04/08 (Windows/32)
    * Origin: cold fusion - cfbbs.net - grand rapids, mi (21:1/616)