A lot of people are interested in the coveted Haxploitation E-Peen™.

The E-Peen™ exists as a way for us to thank people for identifying exploits on the site (gameplay/security/etc) and reporting them to us privately so they can be fixed.

In other words, if you find something broken, then go crazy posting it on Flamebate or IDC, upsetting the economy and crashing the game to a halt, you won’t get the E-Peen™.

Some people seem to think we have made exceptions to this rule. However, to the best of my knowledge we have not. Sometimes people who announce exploits publically get the E-Peen™ for other reasons, but I have been giving it out this way for quite some time.

Sometimes, an adept player will report more than one exploit, even after they have received the E-Peen™. If they have alts, we’ll let them give the E-Peen™ to another alt. Still, as you can imagine this doesn’t encourage people to keep finding and telling us about exploits.

So, my new policy is to give 30 BP per identified/fixed exploit to any player who already has the E-Peen™. This is to encourage continued good behavior.

Thanks for all the help so far guys. Every time we fix a hole it makes the game better for everyone else!

I found something I think might be worth it. I TM’d you about it. Lemme know pls!

Evil Trout Posted:

I confirmed yours this morning. A fix is coming and you’ll get the E-Peen™ when it goes live Log in to see images!

Yes! That’s amazing!

Ok ladies time to haxx! Log in to see images!

MC Banhammer Posted:

If the goal is to encourage the finding of hacks, would it be worth publicizing the ones which were deserving of the peen, in order to “jump-start” ideas on how to find them? Or are you too worried that would lead to abuse?

Yeah it’s a slippery slope.

The most common exploits tend to be CSRF based. In other words, links to the site that will change your data that will work just as pbuming a link around.

We’ve never had a SQL injection exploit, probably because we use ActiveRecord and rarely write out manual SQL.

Acid Flux Posted:

I’d be happy with just getting the E-Peen retroactively. That .moar file pieces/Un-Cheater exploit report that Scully & I both sent in was pretty significant, IMHO. Definitely would have had a major affect on gameplay.

Generally if more than one person identifies an exploit, the first person to report it gets it.

Can I start a thread detailing how I got it?

Log in to see images!

*shakes fist at Fortunato*

Hmm. I’m not creative enough to hack a game, LOL.

But would that mean Johnny Mac should’ve gotten the peen for his use of scripts to unfairly advance in Kyoubai?

EDIT: Or only if he’d found you COULD exploit it that way and decided to report it privately

TUBSWEETIE Posted:

So if the flezz exploit were never used before and i decided to unleash it today, i wouldn’t get the peen because I abused it?

Totally reasonable but that kills the fun of exploiting imo.

Yes that true. I used a exploint, the reported and didnt got the e-peen. But got the fun Log in to see images!