Hello! This is a Turtle dump (hehe) Included is a full DB snap shot, full source code (all branches), logins, etc. Theres some duplicate stuff. Also some screenshots of internal chat. Source code has been modified and obfuscated, backdoor are endless. No matter how much restructuing, logs parsing, it's too late. I'm woven in the fabric. As well, I had full access to the forums for many months which allowed me to edit the main Turtle download link. Do with that as you will. There is more I'm going to hold back. No dox material. If I missed anything, I'll make a post here: https://pastebin.com/xH3U01bS Anyways, I have some comments to make. Don't forget that security is part of development. As a consumer, you don't care what their code looks like until it matters. Why do billion-dollar companies take years to redevelop an existing product (such as classic WoW)? For reasons like this. They're liable for your security. Small "companies" like Turtle can't be held liable, so they do not care and only exist to pump out content as fast as possible, which sounds awesome until something like this happens. A company that pockets all its profit without investing in security deserves what it gets. Think about that when you go to run their new Unreal client directly on your PCs/Phones. A short history lesson for the new Turtle fans: Nostalrius was one of the last true passion projects in the private server scene, ultimately ended by a C&D from Blizzard around 2015. This server was massive and played by everyone. They never took donations, never had any major drama, and had insane quality for the time. After their shutdown, they gave their core and database to Elysium. This was a massive deal at the time since everyone was dying to play their beloved Nostalrius again. Elysium was a small vanilla server running for profit at the time and was run by Shenna (Torta). They went non-profit and agreed to host it. From there on, it was daily drama and shady actions from Shenna (Torta) and Crogge (Bowser) trying to cash in. A couple of years later, Shenna (Torta) and Crogge (Bowser) were caught spawning gold and selling it. The entire core and database were taken and spun off to a new project called Light's Hope, which removed Shenna and Crogge. From then on, it was considered one of the best experiences and ran full progression with minimal drama until Blizzard announced Classic, at which point they shut down. Fast forward a few years, another project called Hyjal spawns due to the poor experience Blizzard delivered with Classic. It was run by the same admin as Light's Hope. After some time, this admin got burnt out and decided to pass the reins to his new lead developer, Nolin. This project, which was a 1x non-profit plain vanilla server, eventually had its database sold off to Turtle WoW. Although, Hyjal was a dying server at that point. Turtle WoW at that time was an extremely small server averaging fewer than 50 players. They inherited the Hyjal developers and likely most staff. From there, they went to a full for-profit server and mainly backported old assets from newer expansions. This wasn't the first server to "merge" with them either. Many others have. Something similar happened with "Vanilla+", one of the original vanilla plus servers, leading to confusion and anger. Cash shops suddenly appeared, and an anonymous admin emerged. Turtle really acted like a private server mob boss, consuming as many projects as they could buy out or obtain to convert to for-profit. Not exactly passionate and for the love of the game. Ignoring all the accusations of DDoSing, anti-competition, and being on /r/wowserver staff, etc, they have a very deep-rooted history of shadiness going back before they even started. I'm sure there's a lot of passion behind the staff, but the owners are certainly not doing this for the love of the game. Don't forget that their entire product is developed off the back of an open-source product, none of whose code has been put back as open-source (until now). I don't expect anyone to really care. The majority of people will log in and play the game no matter who runs it or what the code looks like. However, they're very anti-competition. For a project that's constantly described as a passion project, they certainly don't like other competition. It goes to show, you really can form your own narrative with enough ads and shill accounts. Blame me all you want, but if it wasn't me, it would be the next person. Aim your anger at the people who allowed it to happen. You trusted them with your security, and they didn't care. Also I noticed a very very strong connection to Everlook. To the point of Everlook staff joining their vacation plans despite not being an active employee there. I didn't see this connection with any other server. They share a lot of their code bases too. Maybe a next target?