1. nicatronTg
    Created by nicatronTg
    Sep 21, 2015
    We recently became aware of an ongoing attack targeting TShock for Terraria servers. No exploit exists, and no passwords can be immediately determined, however, bruteforce attempts are possible over REST.

    If you need help, please join Slack immediately and discuss your situation with us. Please error on the side of caution and take mitigation steps as soon as possible to avoid account compromises.

    • Attackers can bruteforce passwords from open REST ports.
    • Attackers can cause latency (lag) by bruteforcing passwords with high BCrypt work factors.
    • Servers which rely on REST should protect their REST endpoint. If the REST service is being used only on the same server or on a private network, firewall the REST port off (7878) from outside traffic. If the service must be accessed from the internet, move the RestApiPort (set in the config file) to a higher value, to avoid attacks that only target the default port, 7878.
    • If the rest port is not being used for anything, disable the REST service entirely (set the RestApiEnabled setting in the config file to "false").
    • Follow best practices when setting passwords. Ensure that administrators do not use passwords that are easily found in dictionaries or otherwise easy to crack. Encourage users to set safe, secure passwords for their TShock accounts.
    Long Term Solution:
    • IP based throttling of REST endpoint login attempts will be implemented in the next version of TShock, within 48 hours of this notice.
    Repeat: TShock is secure. REST can be attacked to slowly try passwords.
  2. nicatronTg
    Created by nicatronTg
    Aug 16, 2015
    Welcome to TShock for Terraria 4.3.9 for Terraria This release includes protocol compatibility with Terraria (Protocol 156). In addition, it includes a new crash reporting mechanism that can be used to help further diagnose problems on Windows. On Mono, it simply creates a more detailed crash report that we can then use. Download now, via Github.

    Notable changes include:
    • API: Update to Terraria (@Patrikkk)
    • API: Added a crash reporter which collects memory dumps on Windows (@Wolfje)
    • API: New commandline param: -crashdir - Writes crash reports to the specified directory (@Wolfje)
    • API: Sendq now doesn't disconnect people when it cant send a packet (@Wolfje)
    • API: Fixed more crashes on disconnect in sendq (@Wolfje)
    • API: Now ignores unknown server packets (@Wolfje)
    • API: Potentially removed arithmetic overflows in server (@Wolfje)
    Using the Crash Reporter
    TShock now has a crash reporter built in which writes crash logs to the crashes directory in the event of a catastrophic failure. To change where TShock writes its crash logs, specify the -crashdir parameter on the command line.

    1. In the event of a crash, look for a file called crash_xxxx.zip in the crashes directory
    2. Upload the file somewhere, beware the crash file may be quite large (>100MB), anywhere like google drive, dropbox or mega will be fine
    3. Post a link to the crash with reproduction steps in the TShock support forum
    Alternatively, if you do not want to report the crash, just delete the file.
  3. nicatronTg
    Created by nicatronTg
    Aug 7, 2015
    Welcome to TShock 4.3.8 for Terraria for API 1.21. This release includes many stability improvements and additional hooks. Download now.

    Notable changes include:
    • Auth system kicks players if system is disabled. (@nicatronTg)
    • Fixed /login permitting multiple logins without a logout in between. (@nicatronTg)
    • Allow[Hallow/Corruption/Crimson]Creep in config now work. (@Wight)
    • API: Treasure bags are now named properly. (@Wight)
    • API: Clients no longer close on disconnect. (@Wolfje)
    • API: Add server broadcast hook. (@Wight)
    • API: Fixed pressure plate hook triggering multiple times. (@Patrikk)
    • API: Fixed issues with SendQ writes failing. (@Wolfje)
    • API: Version tick to 1.21
  4. nicatronTg
    Created by nicatronTg
    Jul 24, 2015
    Welcome to TShock 4.3.7 PreRelease for Terraria This release adds support for Terraria Download now.

    There are a couple issues we have yet to investigate fully:
    • Visual tile artifacts.
    • Out of memory errors.
    If you experience visual artifacts, please report the following additional information in your report:
    1. The number of players on the server.
    2. The world size.
    3. An in depth report if possible, of how to re-create the problem on a stock map.
    4. Whether or not the problem occurs with only specific tilesets or all tilesets.
    If you experience out of memory errors, please provide a memory dump of the server during this state, zip it, and upload it so that we can inspect it. Please provide the same information as above, and, rather than posting the link publically, private message me your process dump files.
  5. nicatronTg
    Created by nicatronTg
    Jul 23, 2015
    Welcome to TShock 4.3.6 for Terraria (pre release). This is a pre-release, and may not be stable. Use at your own risk. Download now!

    Notable changes include:
    • API: NPCs shoot the right way (@WhiteXZ)
    • API: The server config file works correctly with priority and port (@Patrikkk)
    • API: Removed support for favorites and removed JSON dependencies. (@Enerdy)
    • API: Removed support for clouds. (@Enerdy)
    • API: Fixed a whole lot of bugs with wiring, and in general re-wrote some core bits that were bugged. (@WhiteXZ)
    • API: Fixed projectile AI bugs. (@AndrioCelos)
    • API: Fixed world saving problems. (WhiteXZ)
    • API: Fixed server not accepting more connections once max slots was filled. (@WhiteXZ)
    • API: Removed startup parameters and moved them to TShock. (@George) (From Multiplay UK)
    • API: Item.SetDefaults() no longer kills some tools. (@Enerdy)
    • API: Restored chat bubbles. (@WhiteXZ)
    • API: Updated to (@Enerdy & @Patrikkk)
    • API: Lots and I mean lots of network improvements in the SendQ department. (@tylerjwatson)
    • API: Added NpcLootDrop and DropBossBag hooks. (@Patrikkk)
    • API: Fixed hook: NpcTriggerPressurePlate (@Patrikkk)
    • API: Fixed hook: ProjectileTriggerPressurePlate (@Patrikkk)
    • API: Fixed hook: ItemSetDefaultsString (@Patrikkk)
    • API: Fixed hook: ItemSetDefaultsInt (@Patrikkk)
    • API: Fixed hook: ItemNetDefaults (@Patrikkk)
    • API: Fixed hook: GameStatueSpawn (@Patrikkk)
    • API: Fixed hook: NpcNetDefaults (@Patrikkk)
    • API: Fixed hook: NpcNetSetDefaultsString (@Patrikkk)
    • API: Fixed hook: NpcNetSetDefaultsInt (@Patrikkk)
    • API: Fixed hook: NpcSpawn (@Patrikkk)
    • API: Fixed hook: NpcTransformation (@Patrikkk)
    • API: Fixed hook: NpcStrike (@Patrikkk)
    • API: Updated AssemblyInfo to (@nicatronTg)
    • API: Moved to .NET...