1. Wight
    Created by Wight
    Jan 24, 2016
    Bippity's Server New Year + 1000 likes giveaway

    To (belatedly) celebrate the New Year, as well as reaching 1000 likes on TServerWeb, @bippity from Bippity's Server is giving away Tomb Raider (20 USD @ Steam) and The Elder Scrolls V: Skyrim - Legendary Edition (50 USD @ Steam).

    Requirements to enter the Tomb Raider giveaway: register on Bippity's website and make 3 posts

    Requirements to enter the Skyrim giveaway: register on Bippity's website and be ranked 'Donator' or higher (Acquired by donating 5+ USD)

    More information here

    Both giveaways begin 24/01/16 (24th of January 2016)
    Both giveaways end 16/02/16 (16th of February 2016)
  2. nicatronTg
    Created by nicatronTg
    Jan 5, 2016
    Stickers have been discontinued. New donors can no longer request stickers.
  3. nicatronTg
    Created by nicatronTg
    Jan 1, 2016
    Welcome to TShock 4.3.12 for Terraria 1.3.0.8 and TerrariaAPI v1.22. This release fixes some bugs with Terraria functionality, as well as introduces some changes for the stat tracking system. Download now, via Github Releases.

    Notable changes include:
    • Fixed issues with TSPlayer.SetTeam not working (@Wight)
    • Fixed /butcher not killing bosses in expert difficulty (@Wight)
    • API: Deprecated PacketBufferer (now obviated by SendQ) (@Wight)
    • API: Building on Windows no longer breaks traps (@Wolfje)
    • Fixed bombs, dynamite, and sticky bombs (@Wolfje)
    • Removed spammy messages from OnSecondUpdate that confused some server owners (@Wolfje)
    • Rewrote some stat tracker code to send actually relevant data to the stats server (@George)
    • Added an opt-out command line switch to disable the stat tracker (--stats-optout) (@George)
    • Added a unique provider token which can be passed to the stat tracker (--provider-token [token]) for tracking servers from the same GSP. (@George)
  4. Wight
    Created by Wight
    Oct 26, 2015
    Welcome to TShock v4.3.11 for Terraria v1.3.08. Download now.

    This version features a drop-in tile replacement system by @Wolfje that reduces RAM requirements by up to 70% on all worlds and CPU requirements up to 10% in the running process.
    • Large worlds: from 700MB-1GB -> ~325MB
    • Medium worlds: from 500MB -> ~200MB
    • Small worlds: from 400MB -> ~125MB
    Plugin developers: any current plugin that makes use of Main.tile must be recompiled with a reference to the new terrariaserver.exe.

    Other notable changes include:
    • API: Fixed some possible packet leaks in sendq (@Wolfje)
    • API: API Version 1.22 - please update your plugins accordingly
    • API: Added crash protection around malicious and/or invalid packets (@Wolfje)
    • API: Fixed worlds not loading sometimes (@tysonstrange)
    • API: Fixed living leaf walls not working as housing (@hastinbe)
    • Fixed an issue preventing some players from joining when the world is saving (@Wolfje)
    • Fixed an issue adding a ban on a player who has previously been banned (@Wolfje)
    • Fixed /invade martian (@Wolfje)
    • Fixed target dummies not working properly (@Wight)
    • Added a config option (DisableSecondUpdateLogs) to prevent log spam from OnSecondUpdate() (@Wight)
    • Added RESTful API login rate limiting (@George)
    • Added config options (MaximumRequestsPerInterval, RequestBucketDecreaseIntervalMinutes, LimitOnlyFailedLoginRequests) for rate limiting (@George)
    • DEPRECATION: Deprecated Disable(string, bool) and added Disable(string, DisableFlags). Please update your plugins accordingly (@Wight)
    • Fixed Halloween and Christmas events not working properly...
  5. nicatronTg
    Created by nicatronTg
    Sep 21, 2015
    We recently became aware of an ongoing attack targeting TShock for Terraria servers. No exploit exists, and no passwords can be immediately determined, however, bruteforce attempts are possible over REST.

    If you need help, please join Slack immediately and discuss your situation with us. Please error on the side of caution and take mitigation steps as soon as possible to avoid account compromises.

    Scope:
    • Attackers can bruteforce passwords from open REST ports.
    • Attackers can cause latency (lag) by bruteforcing passwords with high BCrypt work factors.
    Mitigation:
    • Servers which rely on REST should protect their REST endpoint. If the REST service is being used only on the same server or on a private network, firewall the REST port off (7878) from outside traffic. If the service must be accessed from the internet, move the RestApiPort (set in the config file) to a higher value, to avoid attacks that only target the default port, 7878.
    • If the rest port is not being used for anything, disable the REST service entirely (set the RestApiEnabled setting in the config file to "false").
    • Follow best practices when setting passwords. Ensure that administrators do not use passwords that are easily found in dictionaries or otherwise easy to crack. Encourage users to set safe, secure passwords for their TShock accounts.
    Long Term Solution:
    • IP based throttling of REST endpoint login attempts will be implemented in the next version of TShock, within 48 hours of this notice.
    Repeat: TShock is secure. REST can be attacked to slowly try passwords.