EDIT 3: PRIMARY WARNING: PLEASE DO NOT HATE OR FLAME, this has become a sore subject. I am providing OFFICIAL news (notch retweeted it, so that's sorta-official). Keep this professional, please only discuss POSSIBLE risks, and points of view. If you disagree with someone, state your reasons.
EDIT: This has been "resolved" by the MCAdmin crew, with an apology. Link to changes: http://www.minecraftforum.net/viewtopic.php?f=1012&t=24629 I guess I need to read the forums and search harder. Apologies to the MCAdmin crew. I would still like to see if the backdoor exists. User Permission control is still good and all, but... if the original code exists, who knows what someone could do?
MCAdmin devs and admins can (if the story is true):
1.UNBAN themselves (others too?) from YOUR SERVER
2. BAN YOU from your OWN SERVER
3. I'm assuming they can do other things, but the top two are the only admitted.
This means that there is a BACKDOOR into ALL MCAdmin servers. What does this possibly mean?
1.Above list
2.Someone could potentially spoof this admin rights, and GRIEF THE **** out of YOUR server
3.Possibly run code due to any unknown (at the moment) exploits in MCAdmin.
This needs to be investigated, people. I'm calling out the MCAdmin devs to explain themselves, in full, to the community.
Okay, thanks bigolslabomeat. Is there any source for people that have reviewed the code? Also, a link to the source code would be appreciated. And it's a good piece of software, so I hope it keeps going.
Just thought to mirror it here in case anything happens
Sort of jacking my own thread but I couldn't really figure out where to put this so it would get seen.
Normally I wouldn't bother investigating this any further but I'm off from school today and I did a quick google of Doridian. Most of it was harmless crap but I found this post on the hak5.org forums. To summarize:
Basically, a couple of mingebags connected to our Garry's Mod servers and used some clientside memory editing to gain RCON access to the server. They then demoted Feha (a super admin who was present) to the restricted group, promoted themselves to super admin, and proceeded to harass every available player. They screwed all our servers thoroughly, and cracked all our passwords save the FTP, Web, SSH and MySQL servers.
Before I make myself seem like a creeper (in the non-minecraftian sense) with the stuff I pulled together I want to explain that I looked so far into this because people are potentially putting their minecraft servers (at the very least) at risk if this is indeed the same Doridian. The guy just flat out can't be trusted and installing anything he has written is a bad idea. On with the reasons why I'm fairly sure this is the same guy.
Normally I'd be skeptical that this is the same guy, however, there are definitely links between the two potentially separate Doridians:
We can see from the conversation between FullDisclosure/PhonicUK that Doridian did some hacky stuff, here is the direct quote:
03:28 Doridian thats mainly due to i love coding hax/hacky stuff
Doridian is an active GMod/Wiremod user. Here is his Wiremod forum profile. The avatar is the same, no doubt about the connection there.
Here is Doridian's Twitter account talking about SRCDS (source dedicated server) exploits back in August 2009 (a few months before this **** from hak5). Again, he has the same avatar so the connection is pretty much guaranteed. Here is another twitter update about another GMod exploit.
As the hak5 posting mentions, this same exploit was used by the same two users on the official Wiremod servers. Doridian was a known contributor to the Wiremod community. As you can see on this page (Ctrl+F "Doridian")
Doridian's Steam ID from his garry's mod profile (ID: STEAM_0:0:5394890) matches these two steam logs I found on google that show this Steam ID using the alias Doridian {SA-A} that you can see in the hak5.org logs.
Here is another file of steam logs talking about a user named Doridian uploading files to a GMod server that allowed him to **** with admin settings. Ctrl+F "Doridian" gets to a set of dialog:
[08]The1: 2 guy's uploaded files to the server
[08]The1: made themselves super admin's ect?
[08]<TOFK>Tetsuoken: One of them was Doridian I believe
[08]The1: yeah
The FULL logs from the hak5.org post, straight from McBuilds (a garry's mod community apparently).... **** this guy in the neck.
EDIT: Wanted to come back and tone down a little bit. Not that it really matters (IMO) because illegally gaining access to a server using an exploit is a shitty thing to do BUT, apparently Doridian didn't do any actual tampering with the server, it was his buddy, Effektiv that ****ed everything up. Doridian just provided the exploit apparently and later apologized. Still doesn't change the fact that they basically hacked their way into the server to "demonstrate an exploit". I still maintian that he's an asshole and not anyone you should trust to write software.
Unless there is some vast conspiracy here to **** on this guy, I'd say it's damn well confirmed that this is the same dude who ****ed up the server from the hak5.org posting. Anyone still using MCAdmin at this point should stop short as there is no reason to trust Doridian further than you can throw him. I felt sorry for him a few hours ago when this first surfaced, he sounded like he has a pretty shattered view of the world. After finding this though, I really don't give a ****, he dug himself a hole like this.
I got more and more sure as I wrote this post because I found more and more information as I wrote. I didn't find the logs with the Steam ID until near the end of my 'research' but those tied the two users together as one. The full logs were just icing on the cake.
I hope this helps anyone on the edge, trying to decide about whether or not to use this software. It had hidden backdoor access to your servers and is programmed by a guy who is proven to have used an exploit to **** up someone else's servers...
Thanks for the update, Fluck! I definitely agree with that posting, as well. But please, remain objective, not subjective. WE DEAL WITH FACTS... and opinions, but opinions with backing arguments. No name calling, just cold, hard facts and speculation with supporting evidence..
The code has been open sourced, and it has been commented out. Code is still there so you can see what could or couldn't be done, but as it is commented out, it is removed on compilation of the binaries (what most people download).
So there is NO BACK DOOR any longer.
While this statement is true, it tries to pull a fast one.
Commented code will not end up in the binary, correct. However, it's still unethical and dangerous to have the code there in the first place -- even if commented. Someone could easily take the source, uncomment it, and redistribute the file. Moreover, they could modify the existing code to exploit users. While this would not be the explicit fault of the developers, it's poor programming practice (and poor safety practice to boot).
I'll present an analogy: someone threatens you with a knife. They then sheathe this knife, but it remains on their person. You can see this sheathed knife, and it does not present an immediate threat. Does this make you feel any better knowing that moments ago you were threatened with it? The malicious code is a hotkey or button press away from being introduced to the binary again. There is also no proof that any binaries are compiled without the code; and the source is modified later to give the illusion that the code is not compiling. The only safe way to use the software is to compile the binary on your machine, from a local copy of the source you have checked yourself.
While removing the code is a step in the right direction, the author has violated the trust of his users and is left with little recourse to hope that people feel an apology is sufficient. I wouldn't blame anyone who was decidedly uninterested in working with this author.
As far as I've seen on these forums, there are many talented developers and plenty of programs that already do what MCAdmin does, and better. I'm a designer experienced with GUI design and I'd love to assist any programmers willing to make something open source that doesn't exploit their users. The MC community could use a good, trustworthy and easy to use administration tool.
Development will likely cease because of the furor, so don't expect much in the auto-update department, although I may seek to continue development with Doridian's permission.
If there is one thing I like about open source, its that you don't need the developer's permission to take his project, fork it, rename it, and improve on it yourself (as long as you abide by the license). That is, after all, one of the reasons open source is around. In this case, if you want MCAdmin to survive on, I would do just that. Because I know the currently existing form of it is, at the very least, on my own personal list of "do not touch" now.
Rollback Post to RevisionRollBack
Quote from Rotten194 »
Playing games with integrated graphics is like going on the Autobahn in a tricycle.
I'm going to be seeking the developer's permission to strip out anything related to external connections and upload it to GitHub so that the great bits of the program can continue.
For what it is worth: if you do consider this, I'd like you to consider removal of the autoupdate feature, to be replaced by something a bit more manual (and safe).
Instead of automatically updating, just automatically check the version/commit. If a new update is available, prompt the admin or prompt in console to obtain the update and take care of it (or just have them approve the update manually).
Additionally, it would be a good idea to display a log of the changes from the currently installed version up to the latest version release before the installation prompt.
This provides an environment where the user can decline to update in case they find out in advance that an update breaks something, or they want to investigate the update first before installation.
It's a bit more work, but if done correctly it will only add one step to the process and a lot more peace of mind for anyone that is security-conscious.
I'm going to be seeking the developer's permission to strip out anything related to external connections and upload it to GitHub so that the great bits of the program can continue.
For what it is worth: if you do consider this, I'd like you to consider removal of the autoupdate feature, to be replaced by something a bit more manual (and safe).
Instead of automatically updating, just automatically check the version/commit. If a new update is available, prompt the admin or prompt in console to obtain the update and take care of it (or just have them approve the update manually).
Additionally, it would be a good idea to display a log of the changes from the currently installed version up to the latest version release before the installation prompt.
This provides an environment where the user can decline to update in case they find out in advance that an update breaks something, or they want to investigate the update first before installation.
It's a bit more work, but if done correctly it will only add one step to the process and a lot more peace of mind for anyone that is security-conscious.
If it were me, I'd make that configurable, with "important updates only" being an option. ("Important updates" being defined as security-related, crash fixes, usability fixes, server updates, etc.) The way it updates should also be configurable, similar to Windows Update (except less crappy).
I'd do this myself, but my server manager's largely written in Lua, do I doubt anyone would use it :V
we all know he did wrong and was caught in it and people arent using it etc etc
But why must we continue this silly drama and try running his name into the ground? Seems so petty and juvenile.
Seeing as this thread has entered the stage of "developing alternatives" rather than "whining about X", I think your assessment of the current status of things is incorrect.
By the way, has the packet reference been updated yet? I'd like to start tossing together a generic C# library for proxying Minecraft.
MCAdmin shows that Notch shouldn't allow modifications for MineCraft to be posted here unless they provide a source code, it's what Garry does over at Facepunch.
I'm going to be seeking the developer's permission to strip out anything related to external connections and upload it to GitHub so that the great bits of the program can continue.
For what it is worth: if you do consider this, I'd like you to consider removal of the autoupdate feature, to be replaced by something a bit more manual (and safe).
Instead of automatically updating, just automatically check the version/commit. If a new update is available, prompt the admin or prompt in console to obtain the update and take care of it (or just have them approve the update manually).
Additionally, it would be a good idea to display a log of the changes from the currently installed version up to the latest version release before the installation prompt.
This provides an environment where the user can decline to update in case they find out in advance that an update breaks something, or they want to investigate the update first before installation.
It's a bit more work, but if done correctly it will only add one step to the process and a lot more peace of mind for anyone that is security-conscious.
If it were me, I'd make that configurable, with "important updates only" being an option. ("Important updates" being defined as security-related, crash fixes, usability fixes, server updates, etc.) The way it updates should also be configurable, similar to Windows Update (except less crappy).
I'd do this myself, but my server manager's largely written in Lua, do I doubt anyone would use it :V
Hmm, true. Maybe individual updates could be classified as to what they are for. Compatibility, security, crash, whatever. And, transmitting all of this would be quite simple if you kept it consistant; bitwise operations would allow compressing a ton of this data into one integer variable, reducing the size of transmitted data and saving on distribution server strain.
I noticed mods are just locking posts about this: I'm going say this flat out.
If you have a problem with MCadmin, do not let them think you have to just drop it. They can moderate this forum as much as they like, but it entirely within your legal rights to report this violation of law to the relevant authorities, and the mods seem to want to make you think you cannot for some reason.
I fully recommend you all file complaints with the relevant authorities for your country/state, As whether or not he changes it does not change the fact that a law was broken, and that can be enforced.
I've been thinking about how this can be prevented in the future and I've come up with an idea. First; all addons including map editors and server addons which are provided to the public or advertised on minecraft.net will act as 3rd party addons and must adhere to a policy which will be managed by a sub organization of minecraft.net and led by the preexisting administration group on minecraft.net. This policy file will be made public for the community to look at and make comments. In addition, a subforum will be created that will have posting privileges for 3rd party developers and read only to the community. In this subforum, developers must post info about their addon and any revisions to their addon. They may also create a thread in the survival multiplayer support section or any other section about general info about their addon but all revisions to their addon must always be updated in the subforum. In addition, anyone who posts links to addons outside this 3rd party subforum will have their post deleted, their thread locked and given out a warning.
Not only with this idea keep 3rd party developers to a certain set of guidelines, it will also prevent malicious code from being posted here as right now anyone can post a link to an exe file and that exe file could have anything in it.
This is just an idea and feel free to modify the idea if needbe.
I'm a bit late on catching up to all of this, but at least it has been very helpful in terms of knowing what to do in the future when I do eventually run my own SMP.
Regardless of the personal status of the developer, the fact that certain features were in the server are 100% unacceptable. There is no justification for this, period. Additionally, the fact that details were not ponied up and stories changed means I have 0% trust now in this. Sorry.
In short, it will take a tremendous amount of effort to remedy the situation.
Also, as another furry... I will only say that this is the sort of thing that brings unwanted shame to the faction. Alot of hurt could have avoided if the hole was not dug any deeper.
I'm a bit late on catching up to all of this, but at least it has been very helpful in terms of knowing what to do in the future when I do eventually run my own SMP.
Regardless of the personal status of the developer, the fact that certain features were in the server are 100% unacceptable. There is no justification for this, period. Additionally, the fact that details were not ponied up and stories changed means I have 0% trust now in this. Sorry.
In short, it will take a tremendous amount of effort to remedy the situation.
Also, as another furry... I will only say that this is the sort of thing that brings unwanted shame to the faction. Alot of hurt could have avoided if the hole was not dug any deeper.
Very well said. I don't get the people insisting we should just be quiet because he apologized! Really? Wow...
As it said in the Terms I just quoted, developers get a [DEV] tag, hence this question, it'd be weird to see someone connect to your server and get a [DEV] tag
<Doridian> if i suppose you being the owner of this correctly
<Doridian> then you should know who i am
<Bradster> i own this server..
Doridian (IP: ###) disconnected (Message: Kick-Banned by Bradster)!
Bradster kick-banned Doridian
I'd do the same thing here, some random guy comes in, gets a custom tag out of nowhere and then starts acting really weird about how I should "know who he is" He's getting a ban for sure.
At this point the server host (Bradster) got banned from his own server (since it was using MCAdmin to manage bans) simply because he banned Doridian. It continues:
<Doridian> banning the main developer
<Doridian> no good idea
<Bradster> I don't even know who you are?
<Doridian> also
<Doridian> someone insulted me
<Doridian> i say shut up
<Doridian> and get banned
<Doridian> wtf?
<Bradster> Yeah not me
<Bradster> And anyway
<Bradster> It's my server, not yours, you have no right to ban my friends
<Doridian> i have the global banlist feature
<Bradster> What's your point?
<Doridian> my point is you didnt disable the global banlist
<Doridian> which tells me you accept whomever i ban
<Bradster> Disabled...
<Doridian> another point is
<Doridian> do not expect help from me
<Doridian> if theres people running around
<Doridian> who dont like me
<Bradster> I don't know who you are, nor care
<Bradster> So go away please
<Doridian> i made MCAdmin
<Bradster> Oh right, good for you
<Doridian> the admin tool you use
<Bradster> Have a drink on me
<Doridian> why are you that much of a pain to me
Seriously? Bradster hasn't said anything out of the norm. His servers were essentially invaded and he was banned from his own server. He hasn't really been a pain at all.
<Doridian> i mean
<Doridian> why do you hate me that much
<Doridian> what the **** have i done to you?
<Bradster> Your e-penis must be so huge for you to banhammer anyone you want
<Doridian> HEY
<Bradster> The point is...
<Bradster> It's my server, not yours, you may have made it, and i appreciate the free software
<Bradster> But that doesn't make you a God on every server that runs it
<Doridian> i would never go as far as banning someone locally
<Doridian> i just globalban people who insult me
Which is just another reason why nobody should use this wrapper, what a power-tripping asshole.
And finally, showing that after being banned a second time, Doridian remotely killed the server:
Doridian (IP: ###) disconnected (Message: Kick-Banned by Bradster)!
It's a shame for those of us wanting to be constructive that this continues.
Suggest the OP closes the thread, there's too many people unable to read.
To Obsidian_ and N3X15: I added your ideas as feature requests on the bug site (along with my own), we'll see if they get implemented or not.
We're just making a point that as constructive others may try to be, Doridian is no longer a trusted coder here. They only way people might want to use his code again is if he DELETES the backdoor code and releases his source.
EDIT: This has been "resolved" by the MCAdmin crew, with an apology. Link to changes: http://www.minecraftforum.net/viewtopic.php?f=1012&t=24629 I guess I need to read the forums and search harder. Apologies to the MCAdmin crew. I would still like to see if the backdoor exists. User Permission control is still good and all, but... if the original code exists, who knows what someone could do?
EDIT 2: Read this. I totally agree with the poster: http://www.reddit.com/r/Minecraft/comments/dxm6h/apparently_dont_use_mcadmin/c13p1cb
This may be unwarranted, but it has come to light that there is a back-door into MCAdmin. Supposedly according to this thread: http://www.minecraftforum.net/viewtopic.php?f=1013&t=66067
MCAdmin devs and admins can (if the story is true):
1.UNBAN themselves (others too?) from YOUR SERVER
2. BAN YOU from your OWN SERVER
3. I'm assuming they can do other things, but the top two are the only admitted.
This means that there is a BACKDOOR into ALL MCAdmin servers. What does this possibly mean?
1.Above list
2.Someone could potentially spoof this admin rights, and GRIEF THE **** out of YOUR server
3.Possibly run code due to any unknown (at the moment) exploits in MCAdmin.
This needs to be investigated, people. I'm calling out the MCAdmin devs to explain themselves, in full, to the community.
http://www.reddit.com/r/Minecraft/comments/dxm6h/apparently_dont_use_mcadmin/c13pofp
While this statement is true, it tries to pull a fast one.
Commented code will not end up in the binary, correct. However, it's still unethical and dangerous to have the code there in the first place -- even if commented. Someone could easily take the source, uncomment it, and redistribute the file. Moreover, they could modify the existing code to exploit users. While this would not be the explicit fault of the developers, it's poor programming practice (and poor safety practice to boot).
I'll present an analogy: someone threatens you with a knife. They then sheathe this knife, but it remains on their person. You can see this sheathed knife, and it does not present an immediate threat. Does this make you feel any better knowing that moments ago you were threatened with it? The malicious code is a hotkey or button press away from being introduced to the binary again. There is also no proof that any binaries are compiled without the code; and the source is modified later to give the illusion that the code is not compiling. The only safe way to use the software is to compile the binary on your machine, from a local copy of the source you have checked yourself.
While removing the code is a step in the right direction, the author has violated the trust of his users and is left with little recourse to hope that people feel an apology is sufficient. I wouldn't blame anyone who was decidedly uninterested in working with this author.
If there is one thing I like about open source, its that you don't need the developer's permission to take his project, fork it, rename it, and improve on it yourself (as long as you abide by the license). That is, after all, one of the reasons open source is around. In this case, if you want MCAdmin to survive on, I would do just that. Because I know the currently existing form of it is, at the very least, on my own personal list of "do not touch" now.
For what it is worth: if you do consider this, I'd like you to consider removal of the autoupdate feature, to be replaced by something a bit more manual (and safe).
Instead of automatically updating, just automatically check the version/commit. If a new update is available, prompt the admin or prompt in console to obtain the update and take care of it (or just have them approve the update manually).
Additionally, it would be a good idea to display a log of the changes from the currently installed version up to the latest version release before the installation prompt.
This provides an environment where the user can decline to update in case they find out in advance that an update breaks something, or they want to investigate the update first before installation.
It's a bit more work, but if done correctly it will only add one step to the process and a lot more peace of mind for anyone that is security-conscious.
If it were me, I'd make that configurable, with "important updates only" being an option. ("Important updates" being defined as security-related, crash fixes, usability fixes, server updates, etc.) The way it updates should also be configurable, similar to Windows Update (except less crappy).
I'd do this myself, but my server manager's largely written in Lua, do I doubt anyone would use it :V
we all know he did wrong and was caught in it and people arent using it etc etc
But why must we continue this silly drama and try running his name into the ground? Seems so petty and juvenile.
-Answer to everything-
Search the forums
Google!
Developer Blog
Wiki
Seeing as this thread has entered the stage of "developing alternatives" rather than "whining about X", I think your assessment of the current status of things is incorrect.
By the way, has the packet reference been updated yet? I'd like to start tossing together a generic C# library for proxying Minecraft.
Hmm, true. Maybe individual updates could be classified as to what they are for. Compatibility, security, crash, whatever. And, transmitting all of this would be quite simple if you kept it consistant; bitwise operations would allow compressing a ton of this data into one integer variable, reducing the size of transmitted data and saving on distribution server strain.
If you have a problem with MCadmin, do not let them think you have to just drop it. They can moderate this forum as much as they like, but it entirely within your legal rights to report this violation of law to the relevant authorities, and the mods seem to want to make you think you cannot for some reason.
I fully recommend you all file complaints with the relevant authorities for your country/state, As whether or not he changes it does not change the fact that a law was broken, and that can be enforced.
Not only with this idea keep 3rd party developers to a certain set of guidelines, it will also prevent malicious code from being posted here as right now anyone can post a link to an exe file and that exe file could have anything in it.
This is just an idea and feel free to modify the idea if needbe.
Endorsement:
One Sided Windows: http://www.minecraftforum.net/viewtopic.php?f=1&t=27244
Compasses & Grand Magnets: http://www.minecraftforum.net/viewtopic.php?f=1&t=24619
Regardless of the personal status of the developer, the fact that certain features were in the server are 100% unacceptable. There is no justification for this, period. Additionally, the fact that details were not ponied up and stories changed means I have 0% trust now in this. Sorry.
In short, it will take a tremendous amount of effort to remedy the situation.
Also, as another furry... I will only say that this is the sort of thing that brings unwanted shame to the faction. Alot of hurt could have avoided if the hole was not dug any deeper.
Very well said. I don't get the people insisting we should just be quiet because he apologized! Really? Wow...
IP ### logged in as Doridian!
<Bradster> hello?
<Doridian> hai
<Bradster> dev?
As it said in the Terms I just quoted, developers get a [DEV] tag, hence this question, it'd be weird to see someone connect to your server and get a [DEV] tag
<Doridian> if i suppose you being the owner of this correctly
<Doridian> then you should know who i am
<Bradster> i own this server..
Doridian (IP: ###) disconnected (Message: Kick-Banned by Bradster)!
Bradster kick-banned Doridian
I'd do the same thing here, some random guy comes in, gets a custom tag out of nowhere and then starts acting really weird about how I should "know who he is" He's getting a ban for sure.
IP ### connected!
IP ### logged in as Doridian!
Doridian (IP: ###) disconnected (Message: You're banned)!
IP ### connected!
IP ### logged in as Doridian!
Doridian (IP: ###) disconnected (Message: You're banned)!
Heartbeat fail: Unban Doridian!!
Bradster (IP: 127.0.0.1) disconnected (Message: Globally banned. Visit http://bans.mcadmin.eu/?user=Bradster)!
At this point the server host (Bradster) got banned from his own server (since it was using MCAdmin to manage bans) simply because he banned Doridian. It continues:
<Doridian> banning the main developer
<Doridian> no good idea
<Bradster> I don't even know who you are?
<Doridian> also
<Doridian> someone insulted me
<Doridian> i say shut up
<Doridian> and get banned
<Doridian> wtf?
<Bradster> Yeah not me
<Bradster> And anyway
<Bradster> It's my server, not yours, you have no right to ban my friends
<Doridian> i have the global banlist feature
<Bradster> What's your point?
<Doridian> my point is you didnt disable the global banlist
<Doridian> which tells me you accept whomever i ban
<Bradster> Disabled...
<Doridian> another point is
<Doridian> do not expect help from me
<Doridian> if theres people running around
<Doridian> who dont like me
<Bradster> I don't know who you are, nor care
<Bradster> So go away please
<Doridian> i made MCAdmin
<Bradster> Oh right, good for you
<Doridian> the admin tool you use
<Bradster> Have a drink on me
<Doridian> why are you that much of a pain to me
Seriously? Bradster hasn't said anything out of the norm. His servers were essentially invaded and he was banned from his own server. He hasn't really been a pain at all.
<Doridian> i mean
<Doridian> why do you hate me that much
<Doridian> what the **** have i done to you?
<Bradster> Your e-penis must be so huge for you to banhammer anyone you want
<Doridian> HEY
<Bradster> The point is...
<Bradster> It's my server, not yours, you may have made it, and i appreciate the free software
<Bradster> But that doesn't make you a God on every server that runs it
<Doridian> i would never go as far as banning someone locally
<Doridian> i just globalban people who insult me
Which is just another reason why nobody should use this wrapper, what a power-tripping asshole.
And finally, showing that after being banned a second time, Doridian remotely killed the server:
Doridian (IP: ###) disconnected (Message: Kick-Banned by Bradster)!
Bradster kick-banned Doridian
Heartbeat fail: Unban Doridian!!
Heartbeat fail: Unban Doridian!!
Heartbeat fail: Unban Doridian!!
Server killed!
We're just making a point that as constructive others may try to be, Doridian is no longer a trusted coder here. They only way people might want to use his code again is if he DELETES the backdoor code and releases his source.