So, I’d like to write on behalf of the whole team that I’m really proud of the progress we’ve made recently and what’s going on right now.
The Holiday Party is here and it’s rocking the game! We’re all off on our holiday break now so I hope you’re all having a good time!
As I hope most of you have noticed, the speed and stability of the servers has gotten a lot better over the last 2 weeks and it’s continuing to improve. This is one of the biggest things I’m happy about as the amount of errors which were being shown before was unacceptable.
We’re planning on some nameglow giveaways over the next few days to celebrate the holidays; hopefully you’ll get lucky!
Keep an eye on the site, blog and Facebook for more information soon!
There’s a lot of changes in the pipeline and while we can’t promise anything yet, we’re working on some things I’m sure you guys will like. :-).
Well, I was searching my email address and a website called hacktalk had it with my CPPS username, N72K? They included my email and 'password' which wasn't the real one and put my Penguin ID Number.. ? ??
They got a dump of an older CPPS which was not CPPS.me and claimed it was ours. It was not.
Hi there. I'm a blogger that has advertised your blog, but that's not the point. When CPPS.me went back online, I went on my account (Bradyman6), and my mood status said that I was hacked in capital letters. I'm thinking that someone hacked the server, and made it so that you wouldn't know. I may be wrong, but are you sure that the server isn't hacked?
Well I heard about CPPS.me and I want to ask a few questions.. Well do you get all the rare items like pink boa,tiara, etc..Or do you have to buy them?? And is there free membership that you can buy clothes and all that or is there no membership?? (I havent went on CPPS.me yet)
There is free membership, yes. You also have unlimited coins and are able to get any item.
What the estimate of when It will be back on ? Because I havent been on CPPS.me yet I just started looking at this stuff and I gotta tell ya It really cool!!!!! (: I really wanna be rare for the first time!! And are there any viruses? Because my mom is really stricked about that..?
There are no viruses. I’m not going to promise a time when we’ll be back because that’s not fair. See this post.
This CPPS is still working from the downloadable client but not on the website ! Is this a problem or something ??
It’s not a problem. We didn’t shut the whole game off, but it’s their own fault for continuing to play — they’re going to end up being test guinea pigs with loads of restarts, etc. It’s hardly going to be somewhere to play on.
How long will you think the new CPPS.me will take?
A while. I’m not going to give dates or anything because then I might have to disappoint you. We want things to be completely perfect, the utter definition of the word, before we will bring CPPS.me back to your computers.
CPPS.me has been in a decline recently, and really guys,we can’t let that fly.
This is what our plan was. I think it’s wise to stick to that. I’m going to keep this short, but things are going to get better, but to get better, things have to go bad for a little while. That badness has got to come now so we can get it out of the way.
We’re going to up our game (ha, pun intended), but to do that, we’ve got to go away for a little while. I’m not going to promise we’ll be back in the next few days or something, because that’d be unfair, but when we do come back, it’ll be better than ever.
We will see you soon. This is not the end. Be prepared for CPPS.me, second edition.
Sorry this took post so long, the services actually returned a few days ago — to clarify:
The manager is nowonline
The register is now taking registrations as a good register should!
We have also fixed the problems where users could not login a large percentage of the time. We are also working on the other bugs which affect logging in. Hang with us. Login time should also be considerably shorter. ;-)
Within the week, I’d say. We don’t really want to take any chances, so I apologise if we’re a bit slow. It’s coincided with our new development so it’s all been a bit badly timed. We were aiming for summer for a lot of things, hopefully that can still be achieved.
If you want the low-down, here’s the TL;DR: A test database was found, two passwords (Stanley + d0pe’s) hash’s were cracked, people fucked with it for about 5 minutes.
Full story is below.
A few of CPPS.me’s machines were *supposedly* today (8th June 2012) at around 6:15PM GMT. That’s when I was informed of a breach. (If you want me to be brief, they were not. - Nothing got hacked).
I was given screenshots of my account on the CPPS.me user manager. A few seconds earlier I had been told that my “Skype” account had a password which was insecure, and the same with my CPPS.me. I changed my Skype account password and changed my CPPS.me account’s password to NULL. I expected this to be the end of the matter, it was not.
Several people went on to IM me about chatlogs with the adversary and them. I took note of what was being claimed and verified if the claims were true. The majority of them were not. Despite this, I was already in the process of shutting down all of the servers (I shut down the MySQL server first, then returned to shutdown all of the servers we control to prevent spread).
During this time, I changed all of my account passwords to ensure nothing else could happen, as a precaution. I was told a number of rumours:
SQLi was used in the panel for moderators
CPPS.me’s machines have been ‘rooted’ (gained Administrator access)
Current live database had been compromised
All of these were false.
It turns out that.. a lot of what was said by these adversaries was exaggeration.
A test database given to someone outside of CPPS.me (incomplete, pretty small actually, not much user data was in this) was found by another person outside of CPPS.me with a pure accident. Only Stanley + d0pe’s passwords were cracked. Nobody else’s. We’ll be enforcing security measures despite this though. We’re paranoid people. In this case, a ‘test’ database compromised of a very small portion of the actual database, enough data to be able to code without compromising security.
None of our servers were actually compromised. It turns out one of the attackers just.. really really liked to exaggerate. Didn’t stop me shutting down everything just in case, but y’know (unlike some people, we did actually react as one should in a situation like this. We killed everything to ensure *nothing* could be done to damage any further, as we were not aware of the extent at the time. — Yes, we still have all the data, yes we have backups too.)
CPPS.me will remain offline while we take precautions, however. The game will not return until we are *really* satisfied with the security, but in conclusion:
I have a habit of abusing blogs (in the sense that they don’t really get updated often, but I’m going to try change that for the nth time.)
The CPPS.me team has been talking about how we can improve our site (and game), and we came to a few conclusions. Here they are.
CPPS.me is aiming towards a Club Penguin alternative, rather than a Private Server.
The services we provide must be given a more professional touch
We need to work on scalability.
Those are the points in a nutshell, now let’s elaborate (.. in order)
CPPS.me needs to set itself apart from other services of the same type. There needs to be more than just freedom of filters. As it has been for several weeks, certain servers are filtered to be friendly to new(coming from Club Penguin?) users. Others are without restrictions. We are more than the others who emulate Club Penguin, and we’re going to start showing that more, starting with including all updates & development notices on this blog (as well as any announcements).
If we’re going to be a Club Penguin alternative, we need to act the part. This’ll probably involve a redesign of the website, etc.
Our software (and hardware) needs to be upgraded to scale with our large user base, as well as supporting high load just like Club Penguin. Our login server already does this (see below..)
Our new software
We’ve been working on some new features for CPPS.me, most of them behind the scene. I’m going to announce the first in a long range of updates.