(2009.Jun.18 07:25 PM)Punisher Wrote: lol....what was gained other than knowledge....i need clarification here
ive spent huge bucks...not for just my character, but for entertainment....so just curious how we can prevent exploits like this in the future
I still don't think I am understanding you completely. The exploit was fixed and all effects of the credits they purchased were taken back. Since we track all credits, it was very easy to find every single one. They didn't get access to anything like player stats or some hidden page. The only persons who went over your endurance went so high there really is no way to know your exact stats. They had no chance to gain much in stats other than endurance and intel, and those were reverted.
How do we prevent exploits like this? Well that's the challenge of running a site. Everyone tries to find something. If they aren't trying to brute-force my password, they are trying to find a way to take the site down or give themselves unlimited cash/credits. I normally run through all pages with any new exploit known for other games as soon as I hear about them. Normally they don't work. When apache/php/mysql comes out with an update, I test for any changes.
My list of known exploits for TornCity and Metrowars-like games is now halfway to 1,000, and I have to test every single one for every page whenever there is a new addition, game update, or server update.
Can I say with 100% certainty that AL is exploit-free? No. But I think we are in better shape than many other games, and when something like Crunchy's exploit pops up we can sniff it out and revert things quickly.