#Unauthorized Access / Server Incident Reports

Hey there, have a dedicated server, woke up to a destroyed base after hours of spending time building. I do take back ups so I only lost a few hours of builds.

I came here to see that people are jumping on LFG, getting access, pulling up the boats and launching cannons until its all done.

I went through the logs and wanted to share the method I used to analyze them. I reviewed the file “R5-backup-2026.04.20-04.42.54.log”, which contains logs from after the issue occurred.

I uploaded the log to ChatGPT and asked it to create a table. The file contains a large number of entries, so I used the following prompt:

“Go through the logs and find out how many times they connected, how long they were connected for, and when (PT time zone) and what day. Group the results into Connected Accounts, Reserved Accounts, and Disconnected Accounts.”

The table format I requested included:

Player Name
Account ID
Number of Connections
Session Start (PT)
Session End (PT)
Duration

Overall, I was able to identify the players involved. They were connected for approximately 6 minutes and caused a significant amount of damage during that time, along with another user.

I am currently working on identifying their SteamIDs. At the moment, I have their IP addresses, account IDs, in-game nicknames, and the hostnames of their PCs.

After I got the name, I can see they left my discord and the windrose discord too. It was two people.

I hope this helps all admins find the rats. Good luck.

Sharing more data about what these guys are doing.

They are using dummy accounts like Dromair to get the password and having buddies join. This way they can protect their ID's, SteamID's and Discord.

Well I made a heat map that showed it was not one person. It was two people that logged in twice to do damage and steal.

This was Grug can come in safley after Dro verifies, and helps take items back. I addressed it on voice with this person and just say to watch out.

Not sure why you guys though you can use the Windrose LFG channel to pull wild stuff like this. We had a backup restored what you did but stop asking to join servers to break stuff.

EXPOSED!

@willow shore @flat maple Please review messages and activity from the following discord users.

grugrockbasher
dromair

The are working together to jump on servers using this discord and betraying people.

Thanks for the report, but there is not much we can do about it. Really sorry that happened, but until the game has proper server administration tools to prevent situations like this, we highly recommend not trying to host any kind of public access servers. We'll look into implementing additional discord policies in the future.
And a quick reminder that doxxing/sharing any kind of personal information of other people in this sever is strictly forbidden.

Thanks Cubert, noted on the doxx but this was proof and they have a third person that I will leave out for now.

Glad to help anyone out and if you feel that someone if off, please stop the server, make a back up and change your password.

@willow shore Wanted to provide some additional feedback for the upcoming admin tools. You can change the invite code for the server but the client side stores the game server history. When you update the code on the server anyone can still try connect and hammer the password over and over.

It would be great to have all users previous and new need the new invite code and new password.

If I register a new world persistent ID and invite code, can I use those on my existing back up to make sure all existing and new users need a new invite code? I believe one would need to edit the JSON for persistent ID and invite code along with rename the folder.

Would this work to make sure all players need a new invite code and password?

Thanks for the replies. This game rocks!

@nimble bolt is a thief. do not let him in your world

Hi @unborn imp, it seems like the users are taking advantage of this discord, which is not cool and making the game less fun to play.

You have scammers\stealers that do things like this. 277+ messages telling people "I'm new share my password" this person gains access to 2-5 servers per day!

Can not understand why they will not just play the game. Any body doing this, you just click their name and this is what you see in the LFG channel.

Sorry that happened to you.

Looks like they steal resources and sell it on web sites for real money

Ah that explains the motivation, jeez they need to make some friends and touch some grass. I think the LFG channel is tired of it, would be nice to see them removed from the discord, very toxic.

Easy to confirm as they users ask for the password everyday.

They told me they do this because this was Crosswinds as PVP and they upset its Windrose and PVE, they do this to punish the developers.

Not joking they explain this to me when i found their little ring of theft.

Thanks for the info

My entire base got wiped twice

Oh jeez

This guy did it first

How do they find our servers though

This is el_petie pela, the same person called @tame hazel

Its not the stuff but like 7-8 in game building hours is gone

Yup they super upset, they have a pattern. So every morning I search for them and its so easy to see what they do.

@tame hazel I will search for you each morning and put stop to you stealing materials and selling them. Go get a real job.

Thank you, as long people do not get doxxed, then I believe its ok to address what they doing publicly on this server.

We can not doxx but we can protect ourself of people changing their name, and stealing. We have to stay on top of it help people until tools are out.

Not just locks for chest but who can also build and break the base.

They pull up in ships and use the cannons to destroy the base in minutes, take the items then log off.

Am gonna stick to single player till they have a fix

Any idea who is the guy called "Boop"

He wiped mine the second time i set up

Its just sad that this is suppose to be a fun co-op game , yet some want to find a way to " PvE " the game .

/usr/local/emhttp/webGui/scripts/notify -e "User Scripts" -s "Windrose Server Restart" -d "Windrose container restart is stopping now" -i "warning"

docker ps -q -f name=Windrose-Server | grep -q . && docker stop Windrose-Server

/usr/local/emhttp/webGui/scripts/notify -e "User Scripts" -s "Windrose Backup" -d "Windrose server backing up files" -i "warning"

TS=$(date +"%Y-%m-%d_%H-%M-%S") && \
DEST="/mnt/Galaxy/SwapSpace/Windrose/$TS" && \
mkdir -p "$DEST" && \
rsync -av /mnt/disk1/appdata/windrose-server/R5/ServerDescription.json "$DEST"/ && \
rsync -av /mnt/disk1/appdata/windrose-server/R5/Saved/ "$DEST/Saved/"

docker start Windrose-Server

# wait until container is actually running again
while ! docker ps -q -f name=Windrose-Server | grep -q .; do
  sleep 10
done

sleep 90
/usr/local/emhttp/webGui/scripts/notify -e "User Scripts" -s "Windrose Restart Complete" -d "Windrose is now running again" -i "normal"```

This is for anyone using a docker, this will stop the docker safely, back up the files to a folder with date+time and restart. This is for unraid but can be modified from here.

This can be changed for windows or other linux distros. Hope this helps for anyone self hosting.

Yea like I said, could make so much friends still get materials and then still sell them. Just weird but money motivates people to do bad things.

Well more so , I see that poeple are using like , " the thousand cuts " as a trading tool ? Course, I have not seen what people are asking for it . I just found it myself. lol But over all, there is no need to be hostile to other players on this game. There are plenty of games that have that option , even free ones.

What the devs need to do is update the game so no player can damage structures that are not theirs. Only way for them to destroy anything is if it's out of your bonfire zone(player safe zone) or just make it so they can't destroy anything at all that's player made.

Good way to handle it.

thanks for this thread and everyone for contributing

These are unverified rats, sent to me by another player (I'm a dedicated host). So, apologies to them if incorrect - White Rabbit, Aketo, Robertax, Moose, Petite_Mela, Flaketto, HolyFluffyEwok

diagree with this, this would ruin our co-op experience. They can do two things, add more server admin tools (like dev suggested above), and also add more ini / config settings so that admins can change settings like permissions to ssuit their needs

You think it's a bad idea because you probably support the destruction of someone else's work.

I think it is a bad idea because I think it is a bad idea, the entire point of my server is for players to co-build and co-destroy with each other

so, if they add the settings like I suggest, you and I could both play on servers with settings that suited us

Then that'll be supporting the trolls being idiots to people who DON'T want things destroyed.

You're better off joining said trolls and being thrown overboard with the rest of them in that case.

heads up you are on a black list from joining my server now, ridiculous attitude

Lmao idc

Black list me from your server I rather play with people I trust anyway.

sounds good barios, and good luck in your play

bumping this because people need to see this