[Nianjiilical] WWW.BYONN.com - 'almost certainly'

[WWW.BYONN.com]

BYOND account: WWW.BYONN.com
Character name: Joe Fields
Ban type: Server
Ban length: Permanent
Ban reason:
Time ban was placed:2021-10-02 15:32:14
Server you were playing on when banned: Sybil
Round ID in which ban was placed: 170609
Your side of the story: I presumably got banned while I was not playing on Sybil. Can't say much here.
Why you think you should be unbanned: Nobody banned me for my ckey for about more than 6 months when I was playing on TG. I never had any malicious intent. The reason why I chose this ckey was because it sounded funny. Instead of "Build Your Own Network Dream", it's supposed to be "Build Your Own Network Nightmare". The link doesn't lead to anywhere but GoDaddy, which is a domain buying website.
Anything else we should know: A lot of admins have viewed my name and none of them said anything about my ckey. If the banning admin talked to me, it would have been nice.

[nianjiilical]

so this was a fuck up on my part, and also because of an entirely accidental oversight on the coder side

when you logged in that round i got a pretty normal admin log message that included your ckey as a link. the intent is that whenever a player's ckey comes up in these sorts of adminlogs, admins can click on it to immediately open an admin pm/bwoink to them. i clicked your name out of curiosity, and for some reason byond actually parsed it as a url and tried to open byonn.com in my chrome browser, which google then told me was a site with an invalid cert (because the domain hadnt been registered)

i immediately banned your account because i panicked and thought it was a malicious attempt at making admins open bad sites (i genuinely hadnt seen you play before, and didnt recognize you) and notified the maintainers, and was told that "ckeys with urls opening browser sites" was a very unintended and potentially abusable avenue, but also that you actually were just a normal player using a funny ckey, and i unbanned you afterwards (probably about 5 mins after the ban was placed)

tl;dr you should be unbanned now, i fucked up, byond also fucked up and tried to open a url on us, and you accidentally helped us find a possible exploit that somehow never triggered with your name before so thanks for that

[WWW.BYONN.com]

so this was a fuck up on my part, and also because of an entirely accidental oversight on the coder side

when you logged in that round i got a pretty normal admin log message that included your ckey as a link. the intent is that whenever a player's ckey comes up in these sorts of adminlogs, admins can click on it to immediately open an admin pm/bwoink to them. i clicked your name out of curiosity, and for some reason byond actually parsed it as a url and tried to open byonn.com in my chrome browser, which google then told me was a site with an invalid cert (because the domain hadnt been registered)

i immediately banned your account because i panicked and thought it was a malicious attempt at making admins open bad sites (i genuinely hadnt seen you play before, and didnt recognize you) and notified the maintainers, and was told that "ckeys with urls opening browser sites" was a very unintended and potentially abusable avenue, but also that you actually were just a normal player using a funny ckey, and i unbanned you afterwards (probably about 5 mins after the ban was placed)

tl;dr you should be unbanned now, i fucked up, byond also fucked up and tried to open a url on us, and you accidentally helped us find a possible exploit that somehow never triggered with your name before so thanks for that

Thank you for your swift reply. I hope the problem does get fixed just incase something like this happens in the future.
I understand that you haven't seen me play before. I stopped playing SS13 for a good whole 6 months or so.
I'm glad this was cleared up. Once again, I appreciate your reply.

[Mothblocks]

The oversight from this has been solved thanks to this PR.